Topological Vulnerability Analysis Automatically predicting paths of cyber attack GPS for your IT...
-
Upload
alfred-cox -
Category
Documents
-
view
225 -
download
1
Transcript of Topological Vulnerability Analysis Automatically predicting paths of cyber attack GPS for your IT...
Topological Vulnerability Topological Vulnerability AnalysisAnalysis
Automatically predicting paths of cyber attack
GPS for your
GPS for your
IT infrastructure
IT infrastructure Common Operating Picture
Common Operating PictureSituationalAwareness
CAULDRON History• Inventors: Sushil Jajodia, Steven Noel, Pramod Kalapa • CSIS pioneered the field of Topological Vulnerability
Analysis (TVA) attack graph technology. • 8 years of R&D• CAULDRON has been independently
evaluated– enhancement for penetration testing– red team/blue team exercises
• CSIS has filed for 5 U.S. patents in TVA/CAULDRON technology.
• CAULDRON is currently being used at several government organizations.
Improve security; Reduce risk; Comply with regulatory mandatesImprove security; Reduce risk; Comply with regulatory mandatesAnd do so faster and with fewer resourcesAnd do so faster and with fewer resources
The Perfect Storm
• Network configurations are ever more sophisticated
• Vulnerabilities are becoming more complex• Remediation resources are sparse
A total solution is a combination of technology and servicesA total solution is a combination of technology and services CAULDRON is the technology componentCAULDRON is the technology component
Our Approach
Network Capture
VisualAnalysis
OptimalCounter
Measures
Vulnerability Database
NVD
ExploitConditions
AttackScenario
GraphEngine
EnvironmentModel
Vulnerability Scanning
FoundScan
Asset Inventory
Firewall Rules
• Network Capture – builds a model of the
network. – represents data in terms of
corresponding elements in Vulnerability Reporting and Exploit Specifications.
• Vulnerability Database – a comprehensive repository
of reported vulnerabilities• Graph Engine
– simulates multi-step attacks through the network, for a given user-defined Attack Scenario.
– analyzes vulnerability dependencies, matching exploit preconditions and post-conditions,
– generates all possible paths through the network (for a given attack scenario).
Aggregate / Correlate / VisualizeAggregate / Correlate / Visualize
Aggregate/Correlate/Visualize• We analyze vulnerability
dependencies – Calculates the impact of
individual and combined vulnerabilities on overall security
• We show all possible attack paths into a network
– Transforms raw security data into a roadmap
– All known attack paths from attacker to target are succinctly depicted
– Supports both offensive (e.g., penetration testing) and defensive (e.g., network hardening) applications
• Strategic– Proactively prepare for attacks,
manage vulnerability risks, and have current situational awareness
• A response strategy can be more easily created.
Key deliverable is an attack graph showing all possible Key deliverable is an attack graph showing all possible ways an attacker can penetrate the networkways an attacker can penetrate the network
Adding CAULDRON to the mix
Repository+
SAS
Scanners
PersistentMetadata
Firewalls
Patch Mgt
Logs, etc
Correlation Visualization & What If’s
Range of Benefits
Repository+
SAS
Region 1
Region 2
Region 3
Region X
Correlation Visualization
Strategic
Tactical
Common Operating Picture
Situational Awareness
Relevant POAMs
Targeted remediation
Visualization & What If’s
Decentralizing the process
Repository+
SAS
Region 1 Region 2 Region 3 Region X
Correlation Visualization & What If’s
Seven Invigorating VirtuesN
atur
e of
th
e pr
oble
m
Management
Strategic
Tactical
Provides a CCommon OOperating PPicture
Provides SSituational AAwareness - context
Shortens the cycle of improvements
Improves security w/out hardware
Allows for drill down
Regional yet centralized
Empowers the “LCD”
Operations
More security
. . without more hardware. . without more hardware
Contact Info: John Williams 301 237 0007 [email protected]