Scribd
Upload
101 views11 pages

Skybox ReleaseNotes V7!5!600

skbox release note version 7

Uploaded by

bobwillmore
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
101 views11 pages

Skybox ReleaseNotes V7!5!600

skbox release note version 7

Uploaded by

bobwillmore
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd

Release Notes

Skybox
7.5.600
Revision: 11

Copyright 2002-2015 Skybox Security, Inc. All rights reserved.


This documentation contains proprietary information belonging to Skybox Security and is provided
under a license agreement containing restrictions on use and disclosure. It is also protected by
international copyright law.
Due to continued product development, the information contained in this document may change
without notice. The information and intellectual property contained herein are confidential and remain
the exclusive intellectual property of Skybox Security. If you find any problems in the documentation,
please report them to us in writing. Skybox Security does not warrant that this document is error-free.
No part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form
or by any meanselectronic, mechanical, photocopying, recording, or otherwisewithout the prior
written permission of Skybox Security.
Skybox, Skybox Security, Skybox Firewall Assurance, Skybox Network Assurance, Skybox
Vulnerability Control, Skybox Threat Manager, Skybox Change Manager, Skybox
5000/5000W/5500/6000 Appliance, are trademarks and registered trademarks of Skybox Security, Inc.
Check Point, SiteManager-1, FireWall-1, Provider-1, SmartDashboard, VPN-1, and
OPSEC are trademarks or registered trademarks of Check Point Software Technologies Ltd. or its
affiliates.
All other trademark and registered trademark products mentioned in this document are the property of
their respective owners.
Skybox Security, Inc.
Telephone (in the U.S.): 866-6-SKYBOX (866-675-9269)
Telephone (outside the U.S.): 1-408-441-8060
Fax: 1-408-441-8068
Website: http://www.skyboxsecurity.com
Email: [email protected]

Contents
Introduction ........................................................................................................................................ 4
Whats new in this version ................................................................................................................ 5
Skybox platform .................................................................................................................................... 5
Skybox Firewall and Network Assurance ............................................................................................. 6
Preparing to upgrade to version 7.5.600 ............................................................................................... 6

Whats new in previous versions ...................................................................................................... 7


Skybox platform .................................................................................................................................... 7
Skybox Firewall Assurance................................................................................................................... 9
Skybox Change Manager ...................................................................................................................... 9
Skybox Vulnerability Control ............................................................................................................. 10

Skybox version 7.5.600

Chapter 1

Introduction
This document includes information about new features and updates in Skybox version 7.5.600. This
release notes includes a feature list for this version as well as one for previous versions (7.5.300 and
up).

About Skybox products


Skybox Securitys powerful risk analytics platform provides security teams with continuous
intelligence about vulnerabilities and network security risks, with no network disruption.

Skybox solutions prioritize the most critical risks in minutes, and provide detailed remediation
options.

Skybox solutions automate the complex security management processes required to maintain
security controls and eliminate attack vectors, filtering out irrelevant data and delivering accurate
results in a fraction of the security management time.

For more details see the Skybox Security website and the product documentation, which is included as
part of the installation.

Skybox version 7.5.600

Chapter 2

Whats new in this version


This section includes information about new features and updates in Skybox version 7.5.600.
Note: This is a maintenance version with minimal features.

In this chapter
Skybox platform ........................................................................................................ 5
Skybox Firewall and Network Assurance ................................................................. 6
Preparing to upgrade to version 7.5.600.................................................................... 6

Skybox platform
New connectors
The following new connectors were added:

WSUS
Asset Management WSUS Collection tasks retrieve configuration from Microsoft WSUS
management systems and add the data to the current model.

Cisco WLC (Cisco wireless connector)


Wireless Controller Cisco WLC Collection tasks retrieve configuration data from Cisco wireless
LAN controllers and add the data to the current model.

IBM z/OS
Skybox supports a parser script located at:

<Skybox_Home>\intermediate\bin\parsers\System_Management\zOS\zOSParse
r.pl

Enhanced connectors

Import - Generic CMDB CSV Parser


This task has been updated and now supports custom fields.

Online manuals
All manuals are now available online from Help > Online Manuals. They are no longer included as part
of the installation package. No changes were made regarding how to access the help (Help > Skybox
Help).

Upgrading from any 7.0.xxx version


If you are upgrading from any 7.0.xxx version of Skybox, see Preparing to upgrade to version 7.5.600
(on page 6).

Skybox version 7.5.600

Skybox Release Notes

Skybox Firewall and Network Assurance


Exception CSV task
A new task, CSV Exception Export, exports all types of exceptions from Skybox to CSV. This task
enables you to save CSV reports of the exceptions in the model on a regular basis.

Preparing to upgrade to version 7.5.600


If you changed the cacerts keystore in the past by adding a trusted certificate, you must do the
following after you upgrade to Skybox version 7.5.xxx from any 7.0.xxx version.
1

Connect to the server as the skyboxview user.

Navigate to the following directory: <Skybox_Home>/server/conf.


Important: You must work in this directory at all times; all commands require relative paths.

If you do not know the name of the root certificate alias, you can find it with the following
command: ../../thirdparty/jdk<version#>/bin/keytool list keystore
server.keystore

Obtain the CA root certificate from your CA administrator or extract it from the current trust
keystore:

../../thirdparty/jdk<version#>/bin/keytool -export -alias <name of the root


certificate alias> -file root_ca -keystore cacerts.<cacerts_version> storepass changeit

Add the CA root certificate to the customer cacerts keystore:

../../thirdparty/jdk<version#>/bin/keytool -import -trustcacerts -alias


addtrust -file <CA_root_certificate_file> -keystore
cacerts_customer.keystore -storepass skyboxview

Restart all Skybox Servers, Collectors, and Managers.

If you also changed the cacerts keystore on the collectors, follow the same procedure on the Collector
machines from <Skybox_Home>/collector/conf.

Skybox version 7.5.600

Chapter 3

Whats new in previous versions


This section includes information about new features and updates in previous Skybox versions 7.5.300
and higher.

In this chapter
Skybox platform ........................................................................................................ 7
Skybox Firewall Assurance ....................................................................................... 9
Skybox Change Manager .......................................................................................... 9
Skybox Vulnerability Control.................................................................................. 10

Skybox platform
Connectors
The following new collectors were added:

Aruba wireless controller


Wireless Controller Aruba Collection tasks retrieve configuration data from Aruba wireless
controllers and add the data to the current model.

Import network CSV


Import Generic network CSV Parser tasks import configuration data of networks from CSV files.

Import host CSV


Import Generic host CSV Parser tasks import configuration data of assets from CSV files.

API
In this release, we introduce a web API based on JAX-WS. This API is easier to use via standard tools
and programming languages.
The old web API is deprecated. It will not be removed from Skybox until June 2016, to give existing
customers time to switch to the new API.

New connectors
The following new connectors were added:

Avaya router
Skybox includes a collector script that retrieves Avaya router configuration files and a parser that
creates an iXML file from these files. This iXML file can then be imported into Skybox.

The collector script is located at


<Skybox_Home>\intermediate\bin\collectors\router\avaya\avayaCollectio
n.pl

The parser is located at


<Skybox_Home>\intermediate\bin\parsers\router\avaya\avayaParser.pl

Amazon Web Services

Skybox version 7.5.600

Skybox Release Notes

Asset Management Amazon Web Services Collection tasks retrieve device and host configuration
data from Amazon Web Services data centers and add the data to the current model.

DPtech firewall
Firewalls DPtech Collection tasks retrieve configuration data from DPtech firewalls and add the
data to the current model.

Enhanced connectors

H3C router
Collection for these routers is now available via the Routers H3C collection task.

Tasks
The following task types are no longer supported: Network Scan and Network Topology Discovery.
Existing tasks of these types can still be used, but no new tasks of these types can be created.

Asset attributes
Skybox now provides the ability to include business attributes for assets. There are predefined
business attributes such as owner, site, business function, etc. In addition, custom attributes can be
defined to suit organizational needs.
The attributes can be retrieved by iXML or be defined manually. You can define asset analyses based
on predefined and custom attributes. For example, you can define an analysis to show all assets for a
specific owner.
This feature enables organizations to use Skybox as a centralized management platform for the
network, including the different assets in it.

Regular expression support in analyses


All analysis types were enhanced and now support full regular expressions for string fields. Users may
continue to use string values (including wild cards) in these fields or use the full regular expression.

The

icon in a string field indicates that the value of the field is interpreted as a text string.

The

icon indicates that the value of the field is interpreted as a regular expression.

New Admin user roles


The following two new user roles are now available:

Admin Assurance: A new, dedicated administrative role for Firewall Assurance, Network
Assurance and Change Manager. These users cannot log in to Vulnerability Control or Threat
Manager and therefore cannot perform any actions on these modules.

Admin Vulnerability Control: A new, dedicated administrative role for Vulnerability Control and
Threat Manager. This role cannot log in to Firewall Assurance, Network Assurance, or Change
Manager and therefore cannot perform any actions on these modules.

CSV Analysis Export tasks


The CSV Analysis Export task was enhanced and now enables you to select the relevant CSV
columns.

New connectors
The following new connectors were added:

Alteon load balancer


Load Balancers Alteon Collection tasks retrieve configuration data from Alteon load balancers
and add the data to the current model.

BMC BladeLogic Network Automation

Skybox version 7.5.600

Chapter 3 Whats new in previous versions

Asset Management - BNA Collection tasks retrieve network device configuration data from BNA
data centers and add the data to the current model.

Import CMDB CSV


Import Generic CMDB CSV Parser tasks import configuration data of Business Asset Groups from
CSV files.

Alcatel-Lucent VPN Firewall Brick


The connector supports a parser script located at:

<Skybox_Home>\intermediate\bin\parsers\firewalls\brick\BrickParser.pl

Enhanced connectors

Asset Management - Amazon Web Services Collection


This task has been updated and can now create reflection firewalls.

Skybox Firewall Assurance


Junos Configuration Policy
The Configuration Policy was extended and now contains a policy for Juniper Junos firewalls.

Rule Recertification Policy


A new policy type, Rule Recertification, was added to the Admin tool for Firewall Assurance. The
new policy type is a combination of Rule Review policies (already supported) and Rule Recertification
Ticket policies (New).

Rule Review policies enable the next review date to be automatically updated for access rules that
match the policys criteria. For example, set the next review date of all critical violating rules to be
3 months from now.

Rule Recertification Ticket policies enable Skybox to automatically open Rule Recertification
tickets for any access rules which are about to reach their next review date and which meet the
other criteria in the policy, such as a specific Rule Owner.

Rule usage analysis for Cisco firewalls


Rule usage analysis for Cisco firewalls is now supported using the data retrieved directly by the Cisco
device command (that is, show access-list) in addition to data retrieved from syslog.
The collection task was extended and now enables you to select whether to retrieve the hit counts of
the access rules in addition to the configuration of the device.
Rule usage analysis is then immediately available with the collection of the firewalls.

Skybox Change Manager


Business-related access rule attributes
Change Manager now supports updating business-related access rule attributes (such as rule owner and
business function) as part of a change request involving an access rule. Users can view access rule
attributes on change requests in all workflows. They can update the attributes if the Enable rule
attribute updates in change requests field is selected in the definition of the workflow (in Tools >
Options > Server Options > Change Manager Settings > Workflows).
After the request is implemented and the ticket has been verified, the access rule attributes are updated
in their respective access rule.

Skybox version 7.5.600

Skybox Release Notes

Recertification for multiple access rules


It is now possible for a recertification ticket to include multiple access rules. To create such a ticket in
Firewall Assurance, select multiple rules, right-click, and select Recertify Rules.
A new panel in Change Manager named Recertification enables you to view all access rules for
which recertification was requested, mark each access rule as certified or rejected, and update the
access rules attributes if required.

Demote to Phase
The Demote feature now supports the ability to choose the specific phase to which a ticket will be
demoted, thus simplifying the process of requesting more details or an update to the change request
from any previous phase owner.

Vulnerability solutions in Risk Assessment


Risk assessment now shows the available solutions for all Vulnerability Definitions that would be
exposed as a result of the change request.

Firewall Identification Network Mode


The firewall identification logic has been enhanced and now supports 2 modes:

Firewall mode (existing): The identification of the relevant firewalls in the route for Access Update
change requests is based on a comparison between the relevant fields of the change request and the
addresses behind the firewalls in the Firewall Assurance tree. This is the default mode.

Network mode (new): The identification of the relevant firewalls in the route for Access Update
change requests is based on identifying the matching source and destination network(s) and
running access simulation between them, which identifies the relevant firewalls. Network mode
requires routers in the model and for the model to be fully connected.
In addition, when network mode is used, a new action named Routes displays a graphical
representation of the routes that were identified including the routers and other gateways, showing
both the traffic details (including any NAT translation) and the change request details.

Change Manager APIs


A new set of API methods is now available to support Change Manager use cases. These API methods
enable users to add, modify, delete, or retrieve change requests of all types (other than Recertify Rule)
as well as add, delete or retrieve the derived requests of Access Update requests.
In addition the API methods enable users to retrieve the generated commands of the derived requests
and retrieve the verification details of the Add Rule and Modify Rule change requests (that is, the
matching access rules that were added or modified as a result of these requests).

Network mode routes for specific firewalls


The Routes action (when Change Manager is used in network mode) was extended. It is now also
supported for selected firewalls in Access Update derived requests. That is, if a user selects one of the
derived requests of an Access Update request and clicks Routes, Skybox will show the list of routes in
which the firewall from that derived request participates.

Skybox Vulnerability Control


New security metric chart
A new security metric chart shows the contribution of each of the subunits of the selected unit to its
security metric score. The chart also shows the score and level of each of the units. The relative size of
each unit is represented by the size of the unit in the chart.

Skybox version 7.5.600

10

Chapter 3 Whats new in previous versions

Vulnerability detection based on Red Hat Satellite data sources


Vulnerability detection has been enhanced to support detection of vulnerabilities on Linux assets based
on Red Hat Satellite data sources. That is, after collecting assets from the Red Hat Satellite manager
system, the Analysis Vulnerability Detector task detects the vulnerabilities on these assets based on the
installed packages. In addition, the Solutions tab shows the packages required to be installed in order
to fix each vulnerability.

Dynamic Business Asset Groups


Business Asset Groups now support a dynamic scope as well as a static scope. In the past, you could
define the scope of a group by selecting either individual members or networks. Now you can define a
list of criteria for each Business Asset Group, such as All assets with Windows OS or All assets
with a certain tag, and the groups will be continuously updated with all the assets that match their
criteria. This enables automatic and continuous update of the scope of all Business Asset Groups
according to changes in the organizational network.

Skybox version 7.5.600

11

You might also like