Researchers in George Mason University’s Center for Secure Information Systems have developed new software that can reduce the impact of cyber attacks by identifying the possible vulnerability paths through an organization’s networks.
By their very nature networks are highly interdependent and each machine’s overall susceptibility to attack depends on the vulnerabilities of the other machines in the network. Attackers can take advantage of multiple vulnerabilities in unexpected ways, allowing them to incrementally penetrate a network and compromise critical systems. In order to protect an organization’s networks, it is necessary to understand not only individual system vulnerabilities, but also their interdependencies.
“Currently, network administrators must rely on labor-intensive processes for tracking network configurations and vulnerabilities, which requires a great deal of expertise and is error prone because of the complexity, volume and frequent changes in security data and network configurations,” says Sushil Jajodia, university professor and director of the Center for Secure Information Systems. “This new software is an automated tool that can analyze and visualize vulnerabilities and attack paths, encouraging ‘what-if analysis’.”
The software developed at Mason, CAULDRON, allows for the transformation of raw security data into roadmaps that allow users to proactively prepare for attacks, manage vulnerability risks and have real-time situational awareness. CAULDRON provides informed risk analysis, analyzes vulnerability dependencies and shows all possible attack paths into a network. In this way, it accounts for sophisticated attack strategies that may penetrate an organization’s layered defenses.
CAULDRON’s intelligent analysis engine reasons through attack dependencies, producing a map of all vulnerability paths that are then organized as an attack graph that conveys the impact of combined vulnerabilities on overall security. To manage attack graph complexity, CAULDRON includes hierarchical graph visualizations with high-level overviews and detail drilldown, allowing users to navigate into a selected part of the big picture to get more information.
“One example of this software in use is at the Federal Aviation Administration. They recently installed CAULDRON in their Cyber Security Incident Response Center and it is helping them prioritize security problems, reveal unseen attack paths and protect across large numbers of attack paths,” says Jajodia. “While currently being used by the FAA and defense community, the software is applicable in almost any industry or organization with a network and resources they want to keep protected, such as banking or education.”
Source: George Mason University
Related stories:
Probably wireless
Wireless Sensor Networks (WSNs) used to detect and report events including hurricanes, earthquakes, and forest fires and for military surveillance and antiterrorist activities are prone to subterfuge. In the
International Journal of Security and Networks, computer scientists at Florida Atlantic University describe a new antihacking system to protect WSNs.
MIT software aims to thwart cyber hackers
(PhysOrg.com) -- In response to the chronic cyber threat of hackers, MIT Lincoln Laboratory researchers are developing a software tool to identify the most vulnerable points in a computer network. The tool aims to make it possible for system administrators to focus on parts of a network that are most prone to attack, instead of securing all parts of the network.
How Secure Is Your Network? NIST Model Knows
(PhysOrg.com) -- Data breaches are a recurring nightmare for IT managers responsible for securing not only their company’s confidential data, but possibly also sensitive information belonging to their clients, such as social security numbers or health or financial records. To help managers safeguard valuable information most efficiently, computer scientists at the National Institute of Standards and Technology are applying security metrics to computer network pathways to assign a probable risk of attack to guide IT managers in securing their networks.
A new way to protect computer networks from Internet worms
Scientists may have found a new way to combat the most dangerous form of computer virus. The method automatically detects within minutes when an Internet worm has infected a computer network. Network administrators can then isolate infected machines and hold them in quarantine for repairs.
Tracking influenza's every movement
It’s the case of the missing flu virus. When the flu isn’t making people sick, it seems to just vanish. Yet, every year, everywhere on Earth, it reappears in the appropriate season and starts its attack. So where does it go when it disappears? Does it hibernate, lying dormant in a few people and preparing for its next onslaught? Does it bounce around from the Northern hemisphere to the Southern hemisphere and back, following the seasons?
Sniffing out insider threats
A rapid way to spot insider threats from individuals within an organization such as a multinational company or military installation is reported in the current issue of the
International Journal of Security and Networks. The technology uses data mining techniques to scour email and build up a picture of social network interactions. The technology could prevent serious security breaches, sabotage, and even terrorist activity.
Princeton researchers envision a more secure Internet
Like human society itself, the world's computerized infrastructure is wondrously complex, both spectacularly fertile and deeply flawed.
Cell phone sensors detect radiation to thwart nuclear terrorism
Researchers at Purdue University are working with the state of Indiana to develop a system that would use a network of cell phones to detect and track radiation to help prevent terrorist attacks with radiological "dirty bombs" and nuclear weapons.