The cyber situational awareness of an organization determines its effectiveness in responding to attacks. Mission success is highly dependent on the availability and correct operation of complex computer networks, which are vulnerable to various types of attacks. Today, situational awareness capabilities are limited in many ways, such as inaccurate and incomplete vulnerability analysis, failure to adapt to evolving networks and attacks, inability to transform raw data into cyber intelligence, and inability for handling uncertainty. We describe advanced capabilities for mission-centric cyber situational awareness, based on defense in depth, provided by the Cauldron tool. Cauldron automatically maps all paths of vulnerability through networks, by correlating, aggregating, normalizing, and fusing data from a variety of sources. It provides sophisticated visualization of attack paths, with automatically generated mitigation recommendations. Flexible modeling supports multi-step analysis of firewall rules as well as host-to-host vulnerability, with attack vectors inside the network as well as from the outside. We describe alert correlation based on Caldron attack graphs, along with analysis of mission impact from attacks.
[1]
Sushil Jajodia,et al.
Correlating intrusion events and building attack scenarios through attack graph distances
,
2004,
20th Annual Computer Security Applications Conference.
[2]
Sushil Jajodia,et al.
Minimum-cost network hardening using attack graphs
,
2006,
Comput. Commun..
[3]
Sushil Jajodia,et al.
Scalable Analysis of Attack Scenarios
,
2011,
ESORICS.
[4]
Sushil Jajodia,et al.
Managing attack graph complexity through visual hierarchical aggregation
,
2004,
VizSEC/DMSEC '04.
[5]
JajodiaSushil,et al.
Minimum-cost network hardening using attack graphs
,
2006
.
[6]
Sushil Jajodia,et al.
Topological Vulnerability Analysis
,
2010,
Cyber Situational Awareness.