Why CAULDRON is important now:

Currently, network administrators must rely on labor-intensive processes for tracking network configurations and vulnerabilities, which requires a great deal of expertise and is error prone. The organization of networks and the interdependencies of vulnerabilities are so complex as to make traditional vulnerability analysis inadequate. We describe a Topological Vulnerability Analysis (CAULDRON) approach that analyzes vulnerability dependencies and shows all possible attack paths into a network. From models of the network vulnerabilities and potential attacker exploits, we discover attack paths (organized as graphs) that convey the impact of individual and combined vulnerabilities on overall security. We provide sophisticated attack graph visualizations, with high-level overviews and detail drilldown. Decision support capabilities let analysts make optimal tradeoffs between safety and availability, and show how to best apply limited security resources. We employ efficient algorithms that scale well to larger networks.

While we cannot predict the origin and timing of attacks, we can reduce their impact by knowing the possible attack paths through our networks. Reliance on manual processes and mental models is inadequate. Automated tools are needed for analyzing and visualizing vulnerability dependencies and attack paths, for understanding overall security posture. Our approach to such full-context security is called Topological Vulnerability Analysis (TVA). TVA models network state and potential attacker exploits, combining these to generate an attack graph showing all possible ways an attacker can penetrate the network. TVA transforms raw security data into a roadmap that lets one proactively prepare for attacks. It supports both offensive (e.g., penetration testing) and defensive (e.g., network hardening) applications. The mapping of attack paths through a network via TVA provides a concrete understanding of how individual and combined vulnerabilities impact overall network security.

Attack graphs provide a powerful way of understanding the context and relative importance of vulnerabilities across systems and networks. Attack graph analysis depends on a complete and accurate model of the network. Typically such models have been built using data from network (remote) vulnerability scanners such as Nessus. However, remote scanning has fundamental limitations regarding the information available about target hosts. We propose a new way of building attack graph models, using data from asset inventory correlated with a vulnerability database. We demonstrate this approach using a small testbed network, and describe some validations we have conducted in operational environments. We compare the resulting attack graphs against those from a baseline network model using Nessus scans. Our approach reveals host vulnerabilities not detected by Nessus, including the important class of client-side vulnerabilities. The result is a more complete and accurate assessment of enterprise network security.