[ISN] NSA-Funded 'Cauldron' Tool Goes Commercial

From: InfoSec News <alerts_at_private>
Date: Thu, 28 May 2009 00:13:39 -0500 (CDT)

By Kelly Jackson Higgins
May 26, 2009

A vulnerability analysis tool used by the National Security Agency (NSA) 
and U.S. Department of Homeland Security is now commercially available 
for enterprises that want to either make sense of their reams of 
vulnerability data or trace an actual data breach.

The Cauldron tool, which was developed by George Mason University's 
Center for Secure Information Systems (CSIS) under a research grant by 
the NSA and Air Force Research Labs, automates the analysis of all of a 
network's potential attack paths, from the network to the application 
level. It takes in vulnerability data from scanners, aggregating and 
correlating that data with vulnerability databases.

The so-called Topological Vulnerability Analysis (TVA) technology also 
provides graphical representations of exploit sequences and paths that 
attackers can use to break into a network or application. "The [GMU] 
project looked at ways to improve on the efficiency of reviewing 
vulnerabilities and trying to focus on what vulnerabilities should be 
resolved first -- with tons of network scans and data," says Oscar 
Fuster, vice president of marketing for Epok, a software and integration 
firm that is offering Cauldron to its clients as well as for direct 
sale. "That's what the product does: It aggregates these globs of data 
and different scans, and correlates and maps it so you can visually see 
what an attack pattern might look like -- and not just an attack from 
the outside."

Vulnerability management isn't new. Vendors such as RedSeal and Skybox 
offer similar analysis, notes Ivan Arce, CTO for Core Security 
Technologies, which sells penetration testing tools. "[Cauldron] does 
[resonate] with what we have been saying for years: Attackers use 
multistep attacks and do not constrain themselves to single-attack 
vectors," Arce says.


Visit the InfoSec News security bookstore!
Received on Wed May 27 2009 - 22:13:39 PDT

This archive was generated by hypermail 2.2.0 : Wed May 27 2009 - 22:24:57 PDT