Washington, Mar 18 : Internal networks of big multinational companies and organisations are susceptible to attacks through vulnerability paths in their networks. But now a team led by an Indian-origin researcher at George Mason University's Centre for Secure Information Systems has found a solution to this problem.
The researchers have developed new software, called Cauldron, which can reduce the impact of cyber attacks by identifying the possible vulnerability paths through an organization's networks.
It is common knowledge that networks are highly interdependent and each machine's overall susceptibility to attack depends on the vulnerabilities of the other machines in the network. This may act as a loophole allowing attackers to take advantage of multiple vulnerabilities in unexpected ways, thereby making it easy for them to penetrate a network and compromise critical systems.
Thus, for the protection of an organization's networks, it is necessary to understand not only individual system vulnerabilities, but also their interdependencies.
"Currently, network administrators must rely on labor-intensive processes for tracking network configurations and vulnerabilities, which requires a great deal of expertise and is error prone because of the complexity, volume and frequent changes in security data and network configurations. This new software is an automated tool that can analyze and visualize vulnerabilities and attack paths, encouraging 'what-if analysis'," said Sushil Jajodia, university professor and director of the Center for Secure Information Systems.
Cauldron was developed at Mason and facilitates the transformation of raw security data into roadmaps that allow users to prepare hands-on for attacks, manage vulnerability risks and have real-time situational awareness. It also provides informed risk analysis, analyzes vulnerability dependencies and shows all possible attack paths into a network.
Thus, it accounts for sophisticated attack strategies that may penetrate an organization's layered defenses.
Cauldron's intelligent analysis engine reasons through attack dependencies, and results into a map of all vulnerability paths that are then organized as an attack graph that conveys the impact of combined vulnerabilities on overall security.
For managing attack graph complexity, Cauldron includes hierarchical graph visualizations with high-level overviews and detail drilldown, allowing users to navigate into a selected part of the big picture to get more information.
"One example of this software in use is at the Federal Aviation Administration. They recently installed CAULDRON in their Cyber Security Incident Response Center and it is helping them prioritize security problems, reveal unseen attack paths and protect across large numbers of attack paths. While currently being used by the FAA and defense community, the software is applicable in almost any industry or organization with a network and resources they want to keep protected, such as banking or education," says Jajodia.