http://www.darkreading.com/insiderthreat/security/vulnerabilities/showArticle.jhtml?articleID=217700162 By Kelly Jackson Higgins DarkReading May 26, 2009 A vulnerability analysis tool used by the National Security Agency (NSA) and U.S. Department of Homeland Security is now commercially available for enterprises that want to either make sense of their reams of vulnerability data or trace an actual data breach. The Cauldron tool, which was developed by George Mason University's Center for Secure Information Systems (CSIS) under a research grant by the NSA and Air Force Research Labs, automates the analysis of all of a network's potential attack paths, from the network to the application level. It takes in vulnerability data from scanners, aggregating and correlating that data with vulnerability databases. The so-called Topological Vulnerability Analysis (TVA) technology also provides graphical representations of exploit sequences and paths that attackers can use to break into a network or application. "The [GMU] project looked at ways to improve on the efficiency of reviewing vulnerabilities and trying to focus on what vulnerabilities should be resolved first -- with tons of network scans and data," says Oscar Fuster, vice president of marketing for Epok, a software and integration firm that is offering Cauldron to its clients as well as for direct sale. "That's what the product does: It aggregates these globs of data and different scans, and correlates and maps it so you can visually see what an attack pattern might look like -- and not just an attack from the outside." Vulnerability management isn't new. Vendors such as RedSeal and Skybox offer similar analysis, notes Ivan Arce, CTO for Core Security Technologies, which sells penetration testing tools. "[Cauldron] does [resonate] with what we have been saying for years: Attackers use multistep attacks and do not constrain themselves to single-attack vectors," Arce says. [...] _____________________________________________ Visit the InfoSec News security bookstore! http://www.shopinfosecnews.orgReceived on Wed May 27 2009 - 22:13:39 PDT
This archive was generated by hypermail 2.2.0 : Wed May 27 2009 - 22:24:57 PDT