Metrics Suite for Enterprise-Level Attack Graph Analysis



Similar documents
Network Security and Risk Analysis Using Attack Graphs

WHITE PAPER AUTOMATED, REAL-TIME RISK ANALYSIS AND REMEDIATION

How To Analyze And Detect A Network Attack Through A Network Graph

NERC CIP VERSION 5 COMPLIANCE

CONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL

VEA-bility Security Metric: A Network Security Analysis Tool

Attack Graph Techniques

NIST Interagency Report 7788 Security Risk Analysis of Enterprise Networks Using Probabilistic Attack Graphs

A Review on Zero Day Attack Safety Using Different Scenarios

Best Practices for Vulnerability Management

Obtaining Enterprise Cybersituational

1 Scope of Assessment

ADDING NETWORK INTELLIGENCE TO VULNERABILITY MANAGEMENT

PROJECT BOEING SGS. Interim Technology Performance Report 3. Company Name: The Boeing Company. Contract ID: DE-OE

Cyber Security RFP Template

WHITE PAPER ON SECURITY TESTING IN TELECOM NETWORK

Topological Vulnerability Analysis

ESKISP Manage security testing

IBM Security QRadar SIEM & Fortinet FortiGate / FortiAnalyzer

IBM Security QRadar Risk Manager

A Biologically Inspired Approach to Network Vulnerability Identification

PUTTING NIST GUIDELINES FOR INFORMATION SECURITY CONTINUOUS MONITORING INTO PRACTICE

Session 9: Changing Paradigms and Challenges Tools for Space Systems Cyber Situational Awareness

White Paper. Time for Integrated vs. Bolted-on IT Security. Cyphort Platform Architecture: Modular, Open and Flexible

TECHNOLOGY INTEGRATION GUIDE

How To Create An Intelligent Infrastructure Solution

White Paper. Managing Risk to Sensitive Data with SecureSphere

Vulnerability Management

Sample Vulnerability Management Policy

IBM Security QRadar Risk Manager

A Framework for Analysis A Network Vulnerability

Cisco Advanced Services for Network Security

Risk Analytics for Cyber Security

Business white paper. Missioncritical. defense. Creating a coordinated response to application security attacks

Extreme Networks Security Analytics G2 Risk Manager

The Cyber OODA Loop: How Your Attacker Should Help You Design Your Defense. Tony Sager The Center for Internet Security

ECS 235A Project - NVD Visualization Using TreeMaps

SANS Top 20 Critical Controls for Effective Cyber Defense

7 Homeland. ty Grant Program HOMELAND SECURITY GRANT PROGRAM. Fiscal Year 2008

Cisco Security IntelliShield Alert Manager Service

Asset Discovery with Symantec Control Compliance Suite

Intro to QualysGuard IT Risk & Asset Management. Marek Skalicky, CISM, CRISC Regional Account Manager for Central & Adriatic Eastern Europe

INTEGRATION GUIDE TECHNOLOGY INTRODUCTION NETWORK DEVICES AND INFRASTRUCTURE

Optimizing Network Vulnerability

Penetration Testing Report Client: Business Solutions June 15 th 2015

Appalachian Regional Commission Evaluation Report. Table of Contents. Results of Evaluation Areas for Improvement... 2

CORE INSIGHT ENTERPRISE: CSO USE CASES FOR ENTERPRISE SECURITY TESTING AND MEASUREMENT

How To Monitor Your Entire It Environment

YOUR NETWORK SECURITY WITH PROACTIVE SECURITY INTELLIGENCE

TECHNOLOGY INTEGRATION GUIDE

User s Guide. Skybox Risk Control Revision: 11

Continuous Network Monitoring

REDSEAL NETWORKS SOLUTION BRIEF. Proactive Network Intelligence Solutions For PCI DSS Compliance

VULNERABILITY MANAGEMENT

SECURITY CONTROLS AND RISK MANAGEMENT FRAMEWORK

IBM Security IBM Corporation IBM Corporation

PASTA Abstract. Process for Attack S imulation & Threat Assessment Abstract. VerSprite, LLC Copyright 2013

Attack Intelligence: Why It Matters

Vulnerability Risk Management 2.0. Best Practices for Managing Risk in the New Digital War

NETWORK PENETRATION TESTS FOR EHR MANAGEMENT SOLUTIONS PROVIDER

Cautela Labs Cloud Agile. Secured. Threat Management Security Solutions at Work

NYS LOCAL GOVERNMENT VULNERABILITY SCANNING PROJECT September 22, 2011

Our Vulnerability Scanning Program

Secure Content Automation Protocol (SCAP): How it is increasingly used to automate enterprise security management activities

Running head: USING NESSUS AND NMAP TOOLS 1

Metrics that Matter Security Risk Analytics

Technology Blueprint. Protect Your Servers. Guard the data and availability that enable business-critical communications

Information Security Office

Pragmatic Metrics for Building Security Dashboards

Total Protection for Compliance: Unified IT Policy Auditing

IBM Managed Security Services Vulnerability Scanning:

Prevent cyber attacks. SEE. what you are missing. Netw rk Infrastructure Security Management

SourceFireNext-Generation IPS

CHAPTER 3 : INCIDENT RESPONSE FIVE KEY RECOMMENDATIONS GLOBAL THREAT INTELLIGENCE REPORT 2015 :: COPYRIGHT 2015 NTT INNOVATION INSTITUTE 1 LLC

QRadar SIEM 6.3 Datasheet

How To Manage Sourcefire From A Command Console

Getting Started with the iscan Online Data Breach Risk Intelligence Platform

VEA-bility Analysis of Network Diversification

Modular Network Security. Tyler Carter, McAfee Network Security

Looking at the SANS 20 Critical Security Controls

NEXPOSE ENTERPRISE METASPLOIT PRO. Effective Vulnerability Management and validation. March 2015

Enterprise Cybersecurity Best Practices Part Number MAN Revision 006

CTS2134 Introduction to Networking. Module Network Security

Vulnerability Audit: Why a Vulnerability Scan Isn t Enough. White Paper

The Protection Mission a constant endeavor

Transcription:

Metrics Suite for Enterprise-Level Attack Graph Analysis Cyber Security Division 2012 Principal Investigators Meeting October 11, 2012 Sushil Jajodia (PI), Steven Noel (co-pi) Metrics Suite for Enterprise-Level Attack Graph Analysis Center for Secure Information Systems, George Mason University [jajodia, snoel]@gmu.edu 703-993-2029

Introduction TTA #2 (Enterprise-Level Security Metrics), Type III GMU Center for Secure Information Systems Top national research and academic security center 10+ years developing TVA technology 20+ TVA-related publications, 700+ citations 5 TVA-related patents, others pending Applied Visions, Inc. Experts in data visualization Interactive visualizations of attack graph metrics ProInfo, Inc. Lead commercialization efforts in Cauldron Strategic vision for Cauldron rollout Support customer engagements 2

Project Goals Suite of metrics for measuring enterprise cyber security risk Based on multi-step attack vulnerability throughout the network Complementary metrics for measuring different aspects of enterprise security Based on applicable standards (CVE, CVSS, etc.) Interactive visualizations showing how security evolves over time Integration with Cauldron attack graph tool 3

System Architecture Vulnerability Scanning Penetration Testing Data loss intelligence Port scanning Firewalls And Routers Asset management Vulnerability data Integration Points Nessus Retina Foundstone ncircle Core Impact Unveillance nmap Cisco Juniper Sidewinder Discovery BDNA NIST NVD Network Modeler Enterprise Metrics Suite Metrics Engine Metrics Visualizer Attack Graph Analysis 4

Motivating Example Remediate By Host (Top 3) No remediation Remediate By Connection (Top 3) Remediate By CVSS (Top 15) 5

Challenges Understand impact of combined vulnerabilities and policies on security posture Prioritize critical problems Compare options for risk mitigation Measure improvement or degradation of security over time Build comprehensive and accurate models of networks, vulnerabilities, and risk factors Apply meaningful metrics that inform decisions in complex environments 6

Metrics Capabilities Isolated network data and events Hosts, vulnerabilities, firewall rules, IDS events, etc. without context Attack graph elements Isolated data correlated and placed in context of layered defenses Attack graph logic and structure Impact of threats throughout network, how likely an attack will succeed Attack graph predictive analysis What-if scenarios, zero-day vulnerabilities 7

Sample Metrics Vulnerability-Exploitability-Attackability Measures host vulnerability, exploitation likelihood, and ratio of actual to potential number of attack paths Attack graphs as collections of single-step attacks Attack Likelihood How likely an attack scenario will succeed Overall attack risk based on attack graph logical relationships CVSS Interdependency Analyzes interdependencies of CVSS base metrics for vulnerabilities In context of attack path sequences k-zero-day Safety Ability of network to survive exploitation of zero-day vulnerabilities Favors layered attack defenses and heterogeneous platforms 8

Small Example Firewall Policy Allow ftp(0,1), rsh(0,1), ssh(0,1), ftp(0,2), rsh(0,2) Deny all other sshd_bof(0,1) rsh_rhosts(0,1) Or rsh_rhosts(1,2) rsh_rhosts(0,2) Or local_bof(2) Attack Goal 9

Options to Compare Option 1: block ssh(0,1) and rsh(0,2) in firewall Option 2: block rsh(0,1) and rsh(0,2) in firewall rsh_rhosts(0,1) sshd_bof(0,1) rsh_rhosts(1,2) rsh_rhosts(1,2) local_bof(2) Attack Goal local_bof(2) Attack Goal Option 3: Patch vulnerabilities, no change to firewall Option 4: Patch vulnerabilities, change firewall per Option 1 Option 5: Patch vulnerabilities, change firewall per Option 2 10

Comparison Results Network Attack CVSS k Zero VEA Configuration Likelihood Interdependency Day Initial 8.70 4.60 7.64 10 Option 1 8.23 4.37 7.27 10 Option 2 8.36 3.45 5.74 10 Option 3 (Initial patched) 0.0 0.0 0.0 5 Option 4 (Option 1 patched) 0.0 0.0 0.0 5 Option 5 (Option 2 patched) 0.0 0.0 0.0 3.33 Initial / Option 2 1.04 1.3 1.3 1 11

Metrics Visualization 12

Visually Comparing Options Initial Option 1 Option 2 Option 3 Option 4 Option 5 13

Cauldron Dashboard 14

Schedule and Deliverables Project Reviews (kickoff, mid-year, end of year), interim meetings via video/telephone/web Software implementation and associated documentation Monthly status reports Final Report (requirements, design, interfaces, test results, lessons learned, etc.) 15

Transition Plan Cauldron commercialization through Mason Tech Transfer (GMIP) and ProInfo/CyVision partnership Cauldron deployed in a variety of customer settings Significant IP, protected by patents and copyrights Available under GSA scheduling Marketing through direct sales and a network of resellers, strategic partners, and OEM relationships Strategic partners for services and complementary technologies Strategy: Identify early adopters for new metrics capabilities combined with Cauldron, delivering mission-critical requirements for situational awareness, common operating picture, and visualization 16

Metrics Suite for Enterprise-Level Attack Graph Analysis Vulnerability Scanning Penetration Testing Data loss intelligence Port scanning Firewalls And Routers Asset management Vulnerability data Potential Integration Points Nessus Retina Foundstone ncircle Core Impact Unveillance nmap Cisco Juniper Sidewinder Discovery BDNA NIST NVD Network Modeler Enterprise Metrics Suite Metrics Engine Metrics Visualizer Attack Graph Analysis OPERATIONAL CAPABILITY Suite of metrics for enterprise network security risks. Based on network-wide model of multi-step attack vulnerability. Complementary metrics for measuring different aspects of enterprise security. Integrates seamlessly with Cauldron attack graph tool. TECHNICAL APPROACH Model network attack vulnerability, populate from scan tools, firewalls, and other data sources. Correlate model with known cyber attack vulnerabilities and environmental metadata, apply network access policy rules. Based on assumed threat sources and missioncritical assets, compute network-wide metrics that measure security for the entire enterprise. Visualize for trending and comparative analysis. SCHEDULE & CONTACT INFO. Principal Investigator: Sushil Jajodia Center for Secure Information Systems George Mason University jajodia@gmu.edu Subcontractors: Applied Visions, Inc. (Secure Decisions Division) ProInfo, Inc. 17

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information