Today Skybox announced the launch of the Skybox Vulnerability Index, a measurement that indicates the scale and severity of the attack surface, or the sum of all cyber attack vectors against a typical enterprise organization.

The Skybox Vulnerability Index leverages the Skybox Vulnerability Database, and is now available for free access at the Skybox Vulnerability Center,

You can find more details about our methodology on the Skybox Vulnerability Center. Since Skybox Security’s tools are targeted specifically to large enterprise networks, our database is focused on the most relevant vulnerabilities from more than 1,000 products that are used extensively in enterprise network environments, including servers and desktop operating systems, business apps, databases, desktop apps, runtime frameworks, networking hardware and software, security software, and more.

The charts on the main page of the Vulnerability Center show the trends of the Skybox Vulnerability Index.

Skybox Vulnerability Index Screen shot, In the Eye of the Cyber Storm Introducing the Skybox Vulnerability Index

The Vulnerability Index number is based on a rolling 90-day view of reported vulnerabilities.  We used 90 days as a default, since our research shows this to be a middle ground in vulnerability remediation time.  High performing security organizations may strive to complete vulnerability scans and remediation activities across their infrastructure each month, while other organizations may have a large number of vulnerabilities exposed for several months or more.  You can customize the charts to see how a shorter or longer vulnerability remediation cycle impacts the Index. A longer time window means more exploitable vulnerabilities, and higher level of risk.

Skybox Vulnerability Index 3090180, In the Eye of the Cyber Storm Introducing the Skybox Vulnerability Index

Think of the Vulnerability Index like the Saffir-Simpson hurricane scale – as the size and windspeed of a storm increase, the hurricane rating increases from 1 to 5 to indicate the potential damage to health and property.  This helps people in the path of the hurricane take the appropriate level of action to minimize personal risk and property damage.   Similarly, the Skybox Vulnerability Index can be used to indicate the scale and severity of the vulnerability challenge that an enterprise faces at any point in time.

We believe that security professionals can use this vulnerability intelligence to adapt their security management processes to make headway in the fight against data breaches, cyber crime and cyber attacks.