Take a peek at what makes Vulnerability Detector run so fast

In Monday’s blog we talked about how Skybox makes the vulnerability management process 50x faster, enabled by scanless vulnerability assessment from Skybox Vulnerability Detector. Today, I’ll give you a peek under the hood of Vulnerability Detector to get some insights on how it works.

How does Skybox Vulnerability Detector work?

Skybox Risk Control with Vulnerability Detector uses data from system and network operations management systems, already deployed in most organizations.  While these systems don’t report on vulnerabilities, they have accurate information on the operating system of the host, the installed products, the installed patches and the missing patches. This information is typically refreshed daily. Using this data, Vulnerability Detector deduces the vulnerabilities on each host, and this becomes a source for vulnerabilities in Skybox Risk Control.

Although the deployment is simple, it is complex to deduce vulnerabilities in a reliable way using product and patch information. For that purpose, Skybox patented a unique approach called rule-driven profiling technology

[white paper PDF], which formalizes the product and version information in an accurate way, and then determines the vulnerabilities associated with each product, considering the exact product version, service pack, OS version, and patch information.

Rule-driven profiling uses extraction rules that are available in Skybox’s proprietary Vulnerability Database, which is distributed to Skybox customers daily.

Skybox patented scanless vulnerability assessment with rule-driven profiling

Vulnerability Discovery with Rule-Driven Profiling

Vulnerability Detector can be used on a daily basis across the entire organizational network. Using Vulnerability Detector, Skybox customers have same-day knowledge of exposed vulnerabilities, enabling remediation steps far sooner than traditional scanning can provide.

What products does Vulnerability Detector support?

Vulnerability Detector supports the operating systems, browsers, software, and databases that are most commonly used by enterprises and large government organizations. We are continually adding new support, and the list is updated on our website.

How does Skybox work with vulnerability scanners?

Skybox Vulnerability Detector can be used independently to identify vulnerabilities, or used with existing scanners to augment vulnerability discovery. When used together with an active scanner, Skybox augments weekly or monthly active scans with continuous, daily updates from Vulnerability Detector for accurate and up-to-date security intelligence.

Augmenting vulnerability scanners with Skybox scanless vulnerability assessment

If you would like to read more about scanless vulnerability assessment, download our white paper, request a demo – we’ll walk you through it, or give it a try for 30 days.