Transcript Topological Vulnerability Analysis

Topological Vulnerability
Analysis
Automatically predicting paths
of cyber attack
Situational
Awareness
CAULDRON History
• Inventors: Sushil Jajodia, Steven Noel, Pramod Kalapa
• CSIS pioneered the field of Topological Vulnerability
Analysis (TVA) attack graph technology.
• 8 years of R&D
• CAULDRON has been independently
evaluated
– enhancement for penetration testing
– red team/blue team exercises
• CSIS has filed for 5 U.S. patents in TVA/CAULDRON
technology.
• CAULDRON is currently being used at several
government organizations.
Improve security; Reduce risk; Comply with regulatory mandates
And do so faster and with fewer resources
The Perfect Storm
• Network configurations are ever more
sophisticated
• Vulnerabilities are becoming more complex
• Remediation resources are sparse
A total solution is a combination of technology and services
CAULDRON is the technology component
Our Approach
•
Vulnerability Database
Network Capture
–
NVD
Exploit
Conditions
Environment
Model
FoundScan
Vulnerability Scanning
–
Attack
Scenario
Firewall Rules
Visual
Analysis
•
Vulnerability Database
–
Graph
Engine
•
a comprehensive repository
of reported vulnerabilities
Graph Engine
–
Optimal
Counter
Measures
–
–
Network Capture
builds a model of the
network.
represents data in terms of
corresponding elements in
Vulnerability Reporting and
Exploit Specifications.
Asset Inventory
Aggregate / Correlate / Visualize
simulates multi-step attacks
through the network, for a
given user-defined Attack
Scenario.
analyzes vulnerability
dependencies, matching
exploit preconditions and
post-conditions,
generates all possible paths
through the network (for a
given attack scenario).
Aggregate/Correlate/Visualize
•
We analyze vulnerability
dependencies
–
•
We show all possible attack
paths into a network
–
–
–
•
Transforms raw security data
into a roadmap
All known attack paths from
attacker to target are succinctly
depicted
Supports both offensive (e.g.,
penetration testing) and
defensive (e.g., network
hardening) applications
Strategic
–
•
Calculates the impact of
individual and combined
vulnerabilities on overall security
Proactively prepare for attacks,
manage vulnerability risks, and
have current situational
awareness
A response strategy can be
more easily created.
Key deliverable is an attack graph showing all possible
ways an attacker can penetrate the network
Adding CAULDRON to the mix
Scanners
Correlation
Firewalls
Patch Mgt
Repository
+
SAS
Persistent
Metadata
Logs, etc
Visualization
&
What If’s
Range of Benefits
Region 1
Correlation
Region 2
Region 3
Visualization
&
What If’s
Repository
+
SAS
Strategic
Common Operating Picture
Region X
Situational Awareness
Relevant POAMs
Targeted remediation
Tactical
Decentralizing the process
Repository
+
SAS
Region 1
Correlation
Region 2
Region 3
Region X
Visualization
&
What If’s
Seven Invigorating Virtues
Strategic
Provides a Common Operating Picture
Provides Situational Awareness - context
Nature of
the problem
Improves security w/out hardware
Shortens the cycle of improvements
Regional yet centralized
Allows for drill down
Empowers
the “LCD”
Tactical
Management
Operations
More security
Contact Info:
John Williams
301 237 0007
[email protected]
. . without more hardware