Double, double toil and trouble; Fire burn, and CAULDRON bubble
by Jeff Bardin, The Brave New World of InfoSec
Thu, 2009-04-23 17:36
Topic(s): |

Another new tool caught my eye this week that needs your attention - Cauldron.


Cauldron has an  intelligent analysis engine reasons through attack dependencies, producing a map of all vulnerability paths that are then organized as an attack graph that conveys the impact of combined vulnerabilities on overall security. To manage attack graph complexity, it includes hierarchical graph visualizations with high-level overviews and detail drill down, allowing users to navigate into a selected part of the big picture to get more information.

Technology Overview
Researchers at the Center for Secure Information Systems pioneered the modeling and simulation of complex multi-step attacks through networks, an approach known as Topological

Vulnerability Analysis (TVA).  This approach captures the network configuration, vulnerabilities, connectivity, etc., and matches this information

against a comprehensive database of modeled attacker exploits, thus predicting all possible paths of vulnerability through a network.  Analysis and visualization of the resulting attack graphs provides optimal strategies for minimizing attack risks, and provides context for attack response planning and situational awareness.  By mapping paths of vulnerability through our networks, we pro-actively reduce exposure while minimizing deployment costs. Then, under actual attack, we can correlate and prioritize alarms, and formulate very precise attack responses.  TVA can also guide the post-attack forensics process, providing hypothesis for possible attacker actions.  TVA technology involves a variety of key areas in information security, computer networking, data analysis, and software engineering.  It predicts all possible network attack paths, simulating an exhaustive red team exercise against the network, for optimal blue team mitigation.  It incorporates a storehouse of knowledge gathered by security researchers and practitioners, tailored to a specific network.

http://www.proinfomd.com/files/Topological_Vulnerability_Analysis2.pdf

DHS Funded
The software developed at George Mason University, Cauldron, allows for the transformation of raw security data into road maps that allow users to proactively prepare for attacks, manage vulnerability risks and have real-time situational awareness. Cauldron provides informed risk analysis, analyzes vulnerability dependencies and shows all possible attack paths into a network. In this way, it accounts for sophisticated attack strategies that may penetrate an organization’s layered defenses.




» read more from Jeff Bardin | post a comment
Post a comment
The content of this field is kept private and will not be shown publicly.
  • Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd>
  • Lines and paragraphs break automatically.
* Denotes a required field
E-GUIDE
Log Management in a Cyber World

ArcSight With so many potential cyber villains poking around the gates, enterprises must have strong protections and pristine visibility into what's happening on the network. Explore the increasing importance of log management as cybercrime and other malicious threats grow.

» Read this eGuide

WHITE PAPER
Comparing Research in Motion and Microsoft Mobile Solutions

Microsoft Organizations must look carefully at the requirements of mobile devices and accompanying middleware that can increase cost, complexity and administrative overhead. This white paper provides an independent analysis and detailed comparison of RIM and Microsoft's mobile solution.

» Read this White Paper