About this document This RFP template was created to help IT security personnel make an informed decision when choosing a cyber security solution. In this template you will find categories for initial vendor responses to a variety of cyber security use cases. Firewall security and compliance assessments Firewall change management Network device security and compliance assessments Risk, vulnerability and threat analyses About Skybox Security Skybox Security provides network security managers with advanced automated tools to find configuration issues, policy violations, exposed vulnerabilities, and fix them before they can be exploited. Our solutions are in use by hundreds of Global 2000 and large government organizations that require effective and comprehensive cyber security solutions. Skybox Security has a complete security risk management portfolio including Firewall Assurance, Change Manager, Network Assurance, Risk Control, and Threat Manager. The products can be used together or alone to address your security needs. For a detailed RFP response from Skybox, please contact our security consultant team to arrange a discussion at info@skyboxsecurity.com. Vendor Information Company Name and Address Contact Name, Title, Phone Number, Fax Number, and email Address Vendor Response Organizational history and capabilities statement Geographic location(s) of office(s) Professional Services organization
Firewall Security and Compliance Assessments Broad support for firewall vendors Specific vendors required Automate collection of firewall configuration data Normalize data for consistent presentation and analysis Syntactic rule check Firewall configuration checks Firewall rule base analysis: unused, shadowed, disabled, redundant Standard best-practice policy checks Rule-level compliance checks Rules without logging Usage metrics for rules and objects Model firewall access paths Analyze firewalls for access policy compliance Root cause query in multiple-firewall multiple-vendor environment Compare policy of firewalls from different vendors Compare change reports across different versions of same firewall (access, ACLs, routing rules, interfaces) Root cause analysis for access policy violations Analyze historical logs for usage Unlimited log history period Web-services API to add custom capabilities Access Policy Compliance - analyze firewalls for access compliance Identify most-used rules by hit count
Firewall Change Management What-if analysis: check firewall changes before they are made What-if analysis: analyze STAGING policy Out-of-the-box change workflow functionality Web services API for custom change management workflow Customizable workflow policies and process steps Integration with external ticketing systems Change tracking Change planning using firewall query Analysis from file Highly customizable Email notifications for events in the CM process Read-time alerts on-demand for policy changes Changes in rules/objects Report all rule/object creation, deletion and modification
Network Security and Compliance Assessments Broad support for network devices such as firewalls, routers, switches, IPS systems Normalize data for consistent presentation and analysis Device configuration checks Policy compliance checks Network topology map/model Network model is scalable to support up to 1,000,000 devices (fill in scale needed) Network model incorporates device analysis of potential access paths between devices Network connectivity analysis Comprehensive network policy management Customizable access policy for security and availability Analyze devices for access policy compliance Dynamic routing access path analysis Root cause analysis for access violations Network access simulation Automate collection of network device configuration data Automate all audit related tasks (data collection, analysis, reporting) Time required for report generation Open architecture allows flexible and customizable analysis/reporting Provides sufficiently detailed documentation to satisfy auditors PCI DSS auto-completed report template Other report templates Auto-completed group compliance
report Web-services API to add custom capabilities Firewall Change Management What-if analysis: check firewall changes before they are made What-if analysis: analyze staging policy Manage the workflow steps from change request through verification Web services API for custom change management workflow Customizable workflow policies and process steps Integration with ticketing systems Change tracking Change planning using firewall query Analyze historical snapshots of firewall data Email notification Alerts on-demand for policy change Changes in rules/objects Report all rule/object additions, deletions and modifications
Risk, Vulnerability and Threat Management Supported vulnerability scanners Supported threat information feeds Import scan data automatically from vulnerability scanners Prioritize vulnerabilities based on exposure and risk Complete risk analysis Automatically build network topology map Identify risky traffic between zones Identify user-defined risks Identify topology-aware risks in a multi-layer environment Identify over-permissive ACL s (such as ones having Any in the destination or service fields) Built-in risk database including NIST best practices, PCI DSS compliance and OVAL-based configuration checks Ability to customize risk database by adding own risks or customizing existing risk definitions Depict and assign networks or network interfaces to zones Provide out-of-the-box zone definitions and ability to customize zones Define your own zone types Identify attack paths across a network Analyze potential paths of access between security zones. Identify multi-step attack paths Identify remediation steps that will address identified risks Built-in ticketing system with remediation options Vulnerability level and remediation latency KPI s Incorporate patch management information into the analysis
Provides multiple types of interfaces to receive data from other systems. Eg., file system off line data, ODBC, HTTP, SSH, specific API, integration XML. Identify missing network data Manage the workflow steps for threat analysis workflow and response Product Operation Save multiple models for virtual testing (past, present, future) Run an attack simulation to test security controls in the model Built-in ticketing system Support for 3 rd party ticketing systems Automate and schedule all tasks related to data collection, analysis, reporting Define role-based user access Scalability Performance/Speed No impact to production network Automated data collection Drill down capability LDAP/Radius support Distribution and Deployment Software package Virtual Appliance Hardware Appliance Low bandwidth operation mode