By Kelly Jackson Higgins
May 26, 2009
A vulnerability analysis tool used by the National Security Agency (NSA)
and U.S. Department of Homeland Security is now commercially available
for enterprises that want to either make sense of their reams of
vulnerability data or trace an actual data breach.
The Cauldron tool, which was developed by George Mason University's
Center for Secure Information Systems (CSIS) under a research grant by
the NSA and Air Force Research Labs, automates the analysis of all of a
network's potential attack paths, from the network to the application
level. It takes in vulnerability data from scanners, aggregating and
correlating that data with vulnerability databases.
The so-called Topological Vulnerability Analysis (TVA) technology also
provides graphical representations of exploit sequences and paths that
attackers can use to break into a network or application. "The [GMU]
project looked at ways to improve on the efficiency of reviewing
vulnerabilities and trying to focus on what vulnerabilities should be
resolved first -- with tons of network scans and data," says Oscar
Fuster, vice president of marketing for Epok, a software and integration
firm that is offering Cauldron to its clients as well as for direct
sale. "That's what the product does: It aggregates these globs of data
and different scans, and correlates and maps it so you can visually see
what an attack pattern might look like -- and not just an attack from
Vulnerability management isn't new. Vendors such as RedSeal and Skybox
offer similar analysis, notes Ivan Arce, CTO for Core Security
Technologies, which sells penetration testing tools. "[Cauldron] does
[resonate] with what we have been saying for years: Attackers use
multistep attacks and do not constrain themselves to single-attack
vectors," Arce says.
Visit the InfoSec News security bookstore!