Double, double toil and trouble; Fire burn, and CAULDRON bubble
by Jeff Bardin, The Brave New World of InfoSec
Thu, 2009-04-23 17:36
Topic(s): |

Another new tool caught my eye this week that needs your attention - Cauldron.


Cauldron has an  intelligent analysis engine reasons through attack dependencies, producing a map of all vulnerability paths that are then organized as an attack graph that conveys the impact of combined vulnerabilities on overall security. To manage attack graph complexity, it includes hierarchical graph visualizations with high-level overviews and detail drill down, allowing users to navigate into a selected part of the big picture to get more information.

Technology Overview
Researchers at the Center for Secure Information Systems pioneered the modeling and simulation of complex multi-step attacks through networks, an approach known as Topological

Vulnerability Analysis (TVA).  This approach captures the network configuration, vulnerabilities, connectivity, etc., and matches this information

against a comprehensive database of modeled attacker exploits, thus predicting all possible paths of vulnerability through a network.  Analysis and visualization of the resulting attack graphs provides optimal strategies for minimizing attack risks, and provides context for attack response planning and situational awareness.  By mapping paths of vulnerability through our networks, we pro-actively reduce exposure while minimizing deployment costs. Then, under actual attack, we can correlate and prioritize alarms, and formulate very precise attack responses.  TVA can also guide the post-attack forensics process, providing hypothesis for possible attacker actions.  TVA technology involves a variety of key areas in information security, computer networking, data analysis, and software engineering.  It predicts all possible network attack paths, simulating an exhaustive red team exercise against the network, for optimal blue team mitigation.  It incorporates a storehouse of knowledge gathered by security researchers and practitioners, tailored to a specific network.

http://www.proinfomd.com/files/Topological_Vulnerability_Analysis2.pdf

DHS Funded
The software developed at George Mason University, Cauldron, allows for the transformation of raw security data into road maps that allow users to proactively prepare for attacks, manage vulnerability risks and have real-time situational awareness. Cauldron provides informed risk analysis, analyzes vulnerability dependencies and shows all possible attack paths into a network. In this way, it accounts for sophisticated attack strategies that may penetrate an organization’s layered defenses.




» read more from Jeff Bardin | post a comment
Post a comment
The content of this field is kept private and will not be shown publicly.
  • Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd>
  • Lines and paragraphs break automatically.
* Denotes a required field
VIRTUAL CONFERENCE
Security Directions: A Virtual Conference

Security Directions Available On Demand Sept. 30 - Dec. 30

Join us for a virtual event with candid, expert information on top security challenges and issues - all from the comfort of your desktop.

» Register Now

WEBCAST
Protecting PII: How to Work with IT to Manage Risk

Compuware Understand the critical nature of the test data privacy problem and get tips on how to work with IT to implement a test data privacy program.

» View this Webcast