Download presentation
Presentation is loading. Please wait.
1
Topological Vulnerability Analysis
Automatically predicting paths of cyber attack GPS for your IT infrastructure Common Operating Picture Situational Awareness
2
CAULDRON History Inventors: Sushil Jajodia, Steven Noel, Pramod Kalapa
CSIS pioneered the field of Topological Vulnerability Analysis (TVA) attack graph technology. 8 years of R&D CAULDRON has been independently evaluated enhancement for penetration testing red team/blue team exercises CSIS has filed for 5 U.S. patents in TVA/CAULDRON technology. CAULDRON is currently being used at several government organizations. Improve security; Reduce risk; Comply with regulatory mandates And do so faster and with fewer resources
3
The Perfect Storm Network configurations are ever more sophisticated
Vulnerabilities are becoming more complex Remediation resources are sparse A total solution is a combination of technology and services CAULDRON is the technology component
4
Our Approach Aggregate / Correlate / Visualize Network Capture
builds a model of the network. represents data in terms of corresponding elements in Vulnerability Reporting and Exploit Specifications. Vulnerability Database a comprehensive repository of reported vulnerabilities Graph Engine simulates multi-step attacks through the network, for a given user-defined Attack Scenario. analyzes vulnerability dependencies, matching exploit preconditions and post-conditions, generates all possible paths through the network (for a given attack scenario). Aggregate / Correlate / Visualize
5
Aggregate/Correlate/Visualize
We analyze vulnerability dependencies Calculates the impact of individual and combined vulnerabilities on overall security We show all possible attack paths into a network Transforms raw security data into a roadmap All known attack paths from attacker to target are succinctly depicted Supports both offensive (e.g., penetration testing) and defensive (e.g., network hardening) applications Strategic Proactively prepare for attacks, manage vulnerability risks, and have current situational awareness A response strategy can be more easily created. Key deliverable is an attack graph showing all possible ways an attacker can penetrate the network
7
Adding CAULDRON to the mix
Scanners Visualization & What If’s Correlation Firewalls Repository + SAS Patch Mgt Persistent Metadata Logs, etc
8
Range of Benefits Region 1 Visualization & What If’s Visualization
Correlation Region 2 Repository + SAS Region 3 Strategic Region X Common Operating Picture Situational Awareness Relevant POAMs Targeted remediation Tactical
9
Decentralizing the process
Repository + SAS Visualization & What If’s Correlation Region 1 Region 2 Region 3 Region X
10
Seven Invigorating Virtues
Strategic Provides a Common Operating Picture Provides Situational Awareness - context Improves security w/out hardware Shortens the cycle of improvements Nature of the problem Regional yet centralized Allows for drill down Empowers the “LCD” Tactical Management Operations
11
More security . . without more hardware
Contact Info: John Williams . . without more hardware
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.