Topological Vulnerability Analysis

Slides:

Advertisements

Similar presentations

HP Quality Center Overview.

Advertisements

1 Chapter 7 Intrusion Detection. 2 Objectives In this chapter, you will: Understand intrusion detection benefits and problems Learn about network intrusion.

Beyond Reactive Management of Network Intrusions Professor Sushil Jajodia Professor Sushil Jajodia Center for Secure Information Systems

1www.skyboxsecurity.com Skybox Cyber Security Best Practices Three steps to reduce the risk of Advanced Persistent Threats With continuing news coverage.

Creating Business Value from Big Data A Big Data Catalyst Project.

Experience, Technology and Focus in Mid Market CRM Soffront Asset management: An Overview.

© 2004 Visible Systems Corporation. All rights reserved. 1 (800) 6VISIBLE Holistic View of the Enterprise Business Development Operations.

S5-1 © 2001 Carnegie Mellon University OCTAVE SM Process 5 Identify Key Components Software Engineering Institute Carnegie Mellon University Pittsburgh,

MP3 / MD740 Strategy & Information Systems Oct. 13, 2004 Databases & the Data Asset, Types of Information Systems, Artificial Intelligence.

Achieving Trusted Systems by Providing Security and Reliability Ravishankar K. Iyer, Zbigniew Kalbarczyk, Jun Xu, Shuo Chen, Nithin Nakka and Karthik Pattabiraman.

Security Engineering II. Problem Sources 1.Requirements definitions, omissions, and mistakes 2.System design flaws 3.Hardware implementation flaws, such.

Lecture 11 Reliability and Security in IT infrastructure.

COTS Based System Security Economics - A Stakeholder/Value Centric Approach Related tool demo session: COTS Based System Security Test-bed (Tiramisu) Tuesday.

(Geneva, Switzerland, September 2014)

Security Offering. Cyber Security Solutions 2 Assessment Analysis & Planning Design & Architecture Development & Implementation O&M Critical Infrastructure.

Security Posture Assessment (SPA) Headquarters: Ofisgate Sdn Bhd ( A), 2-15 Jalan Jalil Perkasa 13 Aked Esplanad, Bukit Jalil, Kuala Lumpur,

© 2014 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual.

Click to add text © 2010 IBM Corporation OpenPages Solution Overview Mark Dinning Principal Solutions Consultant.

SANS Technology Institute - Candidate for Master of Science Degree Implementing and Automating Critical Control 19: Secure Network Engineering for Next.

VULNERABILITY MANAGEMENT Moving Away from the Compliance Checkbox Towards Continuous Discovery.

Privileged and Confidential Strategic Approach to Asset Management Presented to October Urban Water Council Regional Seminar.

Introduction to Network Defense

A project under the 7th Framework Programme CPS Workshop Stockholm 12/04/2010 Gunnar Björkman Project Coordinator A Security Project for the Protection.

Skybox® Security Solutions for Symantec CCS Comprehensive IT Governance Risk and Access Compliance Management Skybox Security's.

Lean and (Prepared for) Mean: Application Security Program Essentials Philip J. Beyer - Texas Education Agency John B. Dickson.

Copyright © 2005, SAS Institute Inc. All rights reserved. Quantifying and Controlling Operational Risk with SAS OpRisk VaR Donald Erdman April 11, 2005.

CyberCIEGE: An Interactive Tool for Information Assurance Training and Education Presented to FISSEA March 2005, North Bethesda, MD Dr. Cynthia Irvine.

A Combat Support Agency Defense Information Systems Agency DISN NetOps Service Assurance 2011 Customer Conference August 2011.

AL-MAAREFA COLLEGE FOR SCIENCE AND TECHNOLOGY INFO 232: DATABASE SYSTEMS CHAPTER 1 DATABASE SYSTEMS (Cont’d) Instructor Ms. Arwa Binsaleh.

PATCH MANAGEMENT: Issues and Practical Solutions Presented by: ISSA Vancouver Chapter March 4, 2004.

1 Distributed Agents for User-Friendly Access of Digital Libraries DAFFODIL Effective Support for Using Digital Libraries Norbert Fuhr University of Duisburg-Essen,

Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.

© 2013 Visible Systems Corporation. All rights reserved. 1 (800) 6VISIBLE Achievement of an Integrated Applications Environment Enterprise.

Automating Enterprise IT Management by Leveraging Security Content Automation Protocol (SCAP) John M. Gilligan May, 2009.

1 Vulnerability Analysis and Patches Management Using Secure Mobile Agents Presented by: Muhammad Awais Shibli.

© 2001 by Carnegie Mellon University SS5 -1 OCTAVE SM Process 5 Background on Vulnerability Evaluations Software Engineering Institute Carnegie Mellon.

An Analysis of Location-Hiding Using Overlay Networks Ju Wang and Andrew A. Chien Department of Computer Science and Engineering, University of California.

1 © 2001, Cisco Systems, Inc. All rights reserved. Cisco Info Center for Security Monitoring.

IS Network and Telecommunications Risks Chapter Six.

Security+ Guide to Network Security Fundamentals, Third Edition Chapter 9 Performing Vulnerability Assessments.

Gaining Cyber Situation Awareness in Enterprise Networks: A Systems Approach Peng Liu, Xiaoyan Sun, Jun Dai Penn State University ARO Cyber Situation Awareness.

© 2010 Health Information Management: Concepts, Principles, and Practice Chapter 5: Data and Information Management.

A Mission-Centric Framework for Cyber Situational Awareness Assessing the Risk Associated with Zero-day Vulnerabilities: Automated Methods for Efficient.

Information Security In the Corporate World. About Me Graduated from Utica College with a degree in Economic Crime Investigation (ECI) in Spring 2005.

NATIONAL CYBER SECURITY GOVERNANCE & EMERGING CYBER SECURITY THREATS

Cyber Storm Overview Wednesday 2/1/ PT. Cyber Storm Cyber Storm National Cyberspace Security Exercise Mandated in National Strategy to Secure Cyberspace.

IS3220 Information Technology Infrastructure Security

Dr. Mark Gaynor, Dr. Feliciano Yu, Bryan Duepner.

Information Security tools for records managers Frank Rankin.

Palindrome Technologies all rights reserved © 2016 – PG: Palindrome Technologies all rights reserved © 2016 – PG: 1 Peter Thermos President & CTO Tel:

‘Enhanced Cyber Situational Awareness with Continuous Monitoring’ John Crupi, CTO Rick Smith, Cyber Consultant.

Blazent / ServiceNow Messaging Guide. Transforming data into actionable intelligence Improve business outcomes by contextualizing data to make informed.

Visual Analytics for Cyber Defense Decision-Making Anita D’Amico, Ph.D. Secure Decisions division of Applied Visions, Inc.

Is Endpoint security dead?

Proactive Incident Response

Cyber Security Enterprise Risk Management: Key to an Organization’s Resilience Richard A. Spires CEO, Learning Tree International Former CIO, IRS and.

Compliance with hardening standards

Detection and Analysis of Threats to the Energy Sector (DATES)

Track and measure Social Media and Darknet through

Cyber Security coordination in Europe CERT-EU’s perspective

Topological Vulnerability Analysis

Combining the best of Audit and Penetration Testing

Using An Isolated Network to Teach Advanced Networks and Security

Skybox Cyber Security Best Practices

National Cyber Security

Security Essentials for Small Businesses

Managing IT Risk in a digital Transformation AGE

7.3 Example Use Cases Spirent Automation Platform Technologies.

Counter APT Counter APT HUNT operations combine best of breed endpoint detection response technology with an experienced cadre of cybersecurity experts.

IoT in Healthcare: Life or Death

Presentation transcript:

Topological Vulnerability Analysis Automatically predicting paths of cyber attack GPS for your IT infrastructure Common Operating Picture Situational Awareness

CAULDRON History Inventors: Sushil Jajodia, Steven Noel, Pramod Kalapa CSIS pioneered the field of Topological Vulnerability Analysis (TVA) attack graph technology. 8 years of R&D CAULDRON has been independently evaluated enhancement for penetration testing red team/blue team exercises CSIS has filed for 5 U.S. patents in TVA/CAULDRON technology. CAULDRON is currently being used at several government organizations. Improve security; Reduce risk; Comply with regulatory mandates And do so faster and with fewer resources

The Perfect Storm Network configurations are ever more sophisticated Vulnerabilities are becoming more complex Remediation resources are sparse A total solution is a combination of technology and services CAULDRON is the technology component

Our Approach Aggregate / Correlate / Visualize Network Capture builds a model of the network. represents data in terms of corresponding elements in Vulnerability Reporting and Exploit Specifications. Vulnerability Database a comprehensive repository of reported vulnerabilities Graph Engine simulates multi-step attacks through the network, for a given user-defined Attack Scenario. analyzes vulnerability dependencies, matching exploit preconditions and post-conditions, generates all possible paths through the network (for a given attack scenario). Aggregate / Correlate / Visualize

Aggregate/Correlate/Visualize We analyze vulnerability dependencies Calculates the impact of individual and combined vulnerabilities on overall security We show all possible attack paths into a network Transforms raw security data into a roadmap All known attack paths from attacker to target are succinctly depicted Supports both offensive (e.g., penetration testing) and defensive (e.g., network hardening) applications Strategic Proactively prepare for attacks, manage vulnerability risks, and have current situational awareness A response strategy can be more easily created. Key deliverable is an attack graph showing all possible ways an attacker can penetrate the network

Adding CAULDRON to the mix Scanners Visualization & What If’s Correlation Firewalls Repository + SAS Patch Mgt Persistent Metadata Logs, etc

Range of Benefits Region 1 Visualization & What If’s Visualization Correlation Region 2 Repository + SAS Region 3 Strategic Region X Common Operating Picture Situational Awareness Relevant POAMs Targeted remediation Tactical

Decentralizing the process Repository + SAS Visualization & What If’s Correlation Region 1 Region 2 Region 3 Region X

Seven Invigorating Virtues Strategic Provides a Common Operating Picture Provides Situational Awareness - context Improves security w/out hardware Shortens the cycle of improvements Nature of the problem Regional yet centralized Allows for drill down Empowers the “LCD” Tactical Management Operations

More security . . without more hardware Contact Info: John Williams 301 237 0007 johnrw@proinfmd.com . . without more hardware