Scribd Logo
Carica

Benvenuto in Scribd!

  • Lantech: Presents: Cauldron

    Caricato da

    psiragusa2003
    45 visualizzazioni6 pagine
    CAULDRON is a cybersecurity software developed by George Mason University to identify potential cyber attack paths within an organization's networks. It aggregates data from vulnerability scanning and other tools, correlates it against known vulnerabilities, and provides interactive visualizations to help analysts understand risks and prioritize remediation. The visualizations show vulnerabilities between devices and subnets to help determine the highest priority problems to address. It also allows modeling different firewall configurations to evaluate their impact on an organization's security posture. The Federal Aviation Administration has already implemented CAULDRON in its cybersecurity center.

    Descrizione originale:

    SFDFDFfDFD

    Titolo originale

    Cauldron

    Copyright

    © © All Rights Reserved

    Formati disponibili

    PDF, TXT o leggi online da Scribd

    Hai trovato utile questo documento?

    Questo contenuto è inappropriato?

    Segnala questo documento
    CAULDRON is a cybersecurity software developed by George Mason University to identify potential cyber attack paths within an organization's networks. It aggregates data from vulnerability scanning and other tools, correlates it against known vulnerabilities, and provides interactive visualizations to help analysts understand risks and prioritize remediation. The visualizations show vulnerabilities between devices and subnets to help determine the highest priority problems to address. It also allows modeling different firewall configurations to evaluate their impact on an organization's security posture. The Federal Aviation Administration has already implemented CAULDRON in its cybersecurity center.

    Copyright:

    © All Rights Reserved
    Scarica in formato PDF, TXT o leggi online su Scribd
    Segnala contenuti inappropriati
    45 visualizzazioni6 pagine

    Lantech: Presents: Cauldron

    Caricato da

    psiragusa2003
    CAULDRON is a cybersecurity software developed by George Mason University to identify potential cyber attack paths within an organization's networks. It aggregates data from vulnerability scanning and other tools, correlates it against known vulnerabilities, and provides interactive visualizations to help analysts understand risks and prioritize remediation. The visualizations show vulnerabilities between devices and subnets to help determine the highest priority problems to address. It also allows modeling different firewall configurations to evaluate their impact on an organization's security posture. The Federal Aviation Administration has already implemented CAULDRON in its cybersecurity center.

    Copyright:

    © All Rights Reserved
    Scarica in formato PDF, TXT o leggi online su Scribd
    Segnala contenuti inappropriati
    di 6

    LanTech

    HELPING YOU ACHIEVE YOUR BUSINESS GOALS FASTER SINCE 1997


    8(a) SDB WBE DBE MBE

    LanTech presents: CAULDRON


    Background
    CAULDRON (short for Combinatorial Analysis Utilizing Logical Dependencies Residing on Networks) was developed
    by scientists at George Mason University (GMU) Center for Secure Information Systems (CSIS) as new software to
    identify complex cyber network attacks. The technology is a next generation cyber security technology that will
    automatically predict possible paths of attack in an enterprise.
    CAULDRON can reduce the impact of cyber attacks by identifying the possible vulnerability paths through an
    organizations networks. This research was primarily funded by grants from the defense, homeland security and
    intelligence communities and the Federal Aviation Administration (FAA). The FAA has already installed CAULDRON
    in its Cyber Security Incident Response Center to prioritize security problems. This software can be used in almost
    any industry or organization with a network and resources they want to keep protected.
    Cauldron Overview
    Todays vulnerability management programs require specialized tools to gather information and to interpret the
    information locally and globally. While the tools for monitoring and managing vulnerabilities have become more
    focused as the threats become more diverse, the existing tools provide information in a dashboard format for viewing
    the status as of now. Todays and tomorrows challenge lies in a proactive predictive approach to vulnerability
    management. Stop the attack before it begins by remediating the most crucial vulnerabilities.
    Cauldron is designed to aggregate data from various tools, correlate against known vulnerabilities, allow for the what
    if strategic review of the combined data, and the specific visualizations for optimum communication with stakeholders.
    Using Cauldron will accelerate the investigation into vulnerabilities, clarify the extent of the risk, and provide targeted
    remediation reports for prompt actionable remediation efforts. Cauldrons solution is designed to provide enhanced
    visual investigation, targeted reporting and remediation roadmaps.
    By implementing Cauldron, the user will be able to generate targeted Vulnerability POAM Reports (VPR); prioritize
    remediation activities; automate selected aspects of vulnerability management; modify future reporting functions; and
    overall assist and improve the cycle of remediation in a distributed environment. POAM stands for Plan of Action and
    Milestones.
    High Level Overview
    The picture following is an example of Cauldron visualizing combined vulnerabilities for an environment into a subnet
    view. Using the traditional data drawn from a vulnerability scanner, this picture shows the directionality of attacks at a
    very high level. As every environment can be viewed in this format, we call this basic overview our Common Operating
    Picture.

    Detail behind the graphic.


    8200 Greensboro Drive, Suite 900 McLean, VA 22102 Phone: 703-462-5439 Fax: 703-404-4066 - www.lantechinc.net

    LanTech HELPING YOU ACHIEVE YOUR BUSINESS GOALS FASTER SINCE 1997
    8(a) SDB WBE DBE MBE

    The screen shot below identifies the 49 vulnerabilities between two subnets. While this screen shot does not show all
    of the data, Cauldron provides the following on all vulnerabilities: what the vulnerability is; from where; to where and
    CVE descriptions as to how to remediate the vulnerability.

    First level of Situational Awareness.


    The following screen shot drills down from the subnet view to the node-to-node view of the combined vulnerabilities.
    This screen shot shows how a single IP address can be introducing a range of vulnerabilities into multiple subnets.
    Simply by seeing the picture, an analyst can see which IP address should be addressed first. The decision to
    remediate can be made by considering the combined data analysis, interpretation and visualization from the various
    data sourcesThis turns numerous separate data streams into visually understandable and actionable data.

    Second level of Situational Awareness.


    The use of persistent metadata is one of the strong suits of Cauldron. We also consider metadata to be the
    equivalent of institutional knowledge about the IT environment. The screen shot below clearly identifies subnets with
    high priority assets. The number of vulnerabilities has diminished because Cauldron allows for the retention of false
    positives. The analyst/administrator can now view the vulnerabilities in context to determine the situational
    awareness.

    8200 Greensboro Drive, Suite 900 McLean, VA 22102 Phone: 703-462-5439 Fax: 703-404-4066 - www.lantechinc.net

    LanTech HELPING YOU ACHIEVE YOUR BUSINESS GOALS FASTER SINCE 1997
    8(a) SDB WBE DBE MBE

    The High Priority assets are designated on a node basis.

    Given additional information, the decision on what to remediate first may be made as it may relate to the value of the
    asset as risk.
    Cauldrons flexibility.
    Cauldron can visualize network topology from a single IP address to another; from a single IP address to anywhere;
    from anywhere to a single IP address; and from anywhere to anywhere. This flexibility allows for strategic and
    management decision-making as to where best to remediate or to prioritize remediation efforts.

    8200 Greensboro Drive, Suite 900 McLean, VA 22102 Phone: 703-462-5439 Fax: 703-404-4066 - www.lantechinc.net

    LanTech HELPING YOU ACHIEVE YOUR BUSINESS GOALS FASTER SINCE 1997
    8(a) SDB WBE DBE MBE

    or

    Playing what if with firewall configurations.


    Cauldron is a visualization and modeling tool. The following two screen shots are examples of how to use Cauldron to
    determine the optimum firewall settings to remediate a consistent configuration within the environment. Using the
    same scan data for each example, Cauldron used different firewall rules to calculate and visualize the overall impact on
    the security profile.

    This image was created using the first firewall set.

    This image was created using the second firewall set.


    8200 Greensboro Drive, Suite 900 McLean, VA 22102 Phone: 703-462-5439 Fax: 703-404-4066 - www.lantechinc.net

    LanTech HELPING YOU ACHIEVE YOUR BUSINESS GOALS FASTER SINCE 1997
    8(a) SDB WBE DBE MBE

    The two screen shots show dramatically different results. Thus, analysts/administrators can model changes to the
    infrastructure and the results in the overall security posture. Management can decide whether patch management or
    infrastructure efforts (or a combination of the two) would be the best course of action.
    Using the scan data and firewall data, management can see the dynamics and the synergies between varied data sets
    to proactively stay ahead of an expanding network and persistent threats.
    Additional data elements can be included in the future. Cauldron is not limited to only using scan data and firewall
    data. The expanding toolset for security management is creating expanding data sets for possible use. A total
    integration with the spectrum of toolsets will require an integrator with cleared access to the data to provide the last
    mile of services. The engagement of an integrator using the Cauldron application will allow for direct data feeds from
    a variety of security management tools.
    A common tool in varied environments.
    Cauldron will directly import various data thereby providing a common management tool to allow for oversight of
    differing applications.
    Using its network topological modeling tool, CAULDRON, organizations will analyze aggregated IT data from intrusion
    detection and vulnerability scans, taking in consideration firewall policy rules and network security configuration source
    data. The integration of outputs of the various network tools/devices (vulnerability scanners, firewalls, and real-time
    event managers) into CAULDRON represents a non-standard vendor-specific solutions that has the following key
    features:
    Generates node-to-node, bi-directional, combined vulnerability visualization
    Creates synergy between disparate data sets about your IT environment (from varied tools) to reveal all
    possible paths of cyber attack in a single visualization
    Transforms raw security data into a roadmap - all known attack paths from attacker to target are succinctly
    depicted; providing targeted remediation information
    Delivers near-real time Situational Awareness for the executive and/or for the engineer in the SOC
    Delivers a Common Operating Picture for consistent review of distributed environments
    Analyzes vulnerability dependencies (combined vulnerabilities), finding all possible attack paths through a
    network
    Discovers multi-step paths of attack a single CVSS score does not indicate the true severity of a vulnerability
    - combined vulnerabilities in context
    Shows all possible attack paths into a network; not just from or to a single IP address
    Provides predictive, strategic modeling capability for aspects of change to the network; will a change to the
    firewall remediate a class of vulnerabilities or create a new class of problems
    Provides predictive capabilities for optimal network defenses and well-planned responses to attack
    Provides for persistent metadata for handling false positives and high priority assets
    Scalable functional with thousands of computers / hundreds of subnets with associated combined
    vulnerabilities
    Calculates the impact of individual and combined vulnerabilities on overall security
    Supports both offensive (e.g., penetration testing) and defensive (e.g., network hardening) applications
    Creates network hardening reports for first layer, last layer and minimum effort; exports as CSV or HTML
    Supports targeted remediation efforts and reporting processes; shortens the cycle of remediation
    Supports one-to-one; one-to-any; any-to-one; and any-to-any visualizations of combined vulnerabilities
    Supports enhanced data sets for Zero Day attacks; for application specific development; for extended
    perimeter protection from persistent threats
    Supports the formulation of plans for rapid and appropriate attack responses
    Puts the networks overall vulnerability position in context, not just a single IP address.

    8200 Greensboro Drive, Suite 900 McLean, VA 22102 Phone: 703-462-5439 Fax: 703-404-4066 - www.lantechinc.net

    LanTech HELPING YOU ACHIEVE YOUR BUSINESS GOALS FASTER SINCE 1997
    8(a) SDB WBE DBE MBE

    Summary
    Organizations can now aggregate data, create synergies and more effectively address the expanding cyber
    security challenges by using Cauldron. Change management cycles can be measured in hours, not days. Overall
    security reviews can be in days, not weeks. Better decisions can be made because more types of data are in
    consideration. Remediation resources can be more effectively deployed.

    8200 Greensboro Drive, Suite 900 McLean, VA 22102 Phone: 703-462-5439 Fax: 703-404-4066 - www.lantechinc.net

    Potrebbero piacerti anche