Optimal Risk Mitigation Using Xccdf-Based Security And Resiliency Analytics
Project Objectives:
This project aims at providing security analytics that augment the host compliance reports with network configuration. There are two major objectives for this project:
This project aims at providing security analytics that augment the host compliance reports with network configuration. There are two major objectives for this project:
- Cost-effective risk mitigation planning. We requires developing security, usability and cost metrics that are important for mitigation decision making and developing a framework for automated security design and controls based on these metrics.
- Evaluation of the enterprise resiliency based on compliance reports and network configuration. This project will develop new metrics and policy languages for defining resiliency properties, and techniques/tools verifying and constructing cost-effective resilience counter-measures.
Project Activities:
In the last meeting, we concluded our previous project, Integrated Risk Analytics Using XCCDF Reports and Network Configuration, which provides the basis for this project. We have designed a set of metrics to evaluate the enterprise risk in order to drive mitigation planning based on vulnerability patching. In the first phase of this project, we refine our risk model and extend the mitigation planning by considering more mitigation actions. Patching vulnerabilities may not always be an option to minimize the risk. Alternatively, network counter-measures should be smartly distributed and configured to minimize the risk. However, this task may be complicated as the mitigation is often bounded by many financial and operational constraints. Therefore, our target in this phase is to find the mitigation plan that balances the trade-offs between security, cost, and usability.
Specifically, we have worked on the following tasks during the period from April 1st, 2015 until now:
-We have improved the mitigation planner to provide more risk mitigating actions that are performed on the host level and on the network level such as access deny through firewalls. If host-based actions are not possible for particular vulnerabilities, the planner will suggest the magnitude of the resistance required in the network paths in order to satisfy the constraints.
In the last meeting, we concluded our previous project, Integrated Risk Analytics Using XCCDF Reports and Network Configuration, which provides the basis for this project. We have designed a set of metrics to evaluate the enterprise risk in order to drive mitigation planning based on vulnerability patching. In the first phase of this project, we refine our risk model and extend the mitigation planning by considering more mitigation actions. Patching vulnerabilities may not always be an option to minimize the risk. Alternatively, network counter-measures should be smartly distributed and configured to minimize the risk. However, this task may be complicated as the mitigation is often bounded by many financial and operational constraints. Therefore, our target in this phase is to find the mitigation plan that balances the trade-offs between security, cost, and usability.
Specifically, we have worked on the following tasks during the period from April 1st, 2015 until now:
- We have refined and validated the mathematical soundness of the risk and cost metrics to better represent the organizations expected loss due to hosts’ vulnerabilities.
- We have extended the formalization of the mitigation planning problem that takes the XCCDF reports, the network configuration and a specific budget to finds the set of vulnerability fixes/patches that reduces the global risk to a specific threshold. The following represents the most notable extensions:
-We have improved the mitigation planner to provide more risk mitigating actions that are performed on the host level and on the network level such as access deny through firewalls. If host-based actions are not possible for particular vulnerabilities, the planner will suggest the magnitude of the resistance required in the network paths in order to satisfy the constraints.
- We have investigated how to automatically map counter measures and mitigation actions (e.g., Inspection, Encryption, etc.) to the resistance based on the existing weaknesses in the enterprise network (i.e., known vulnerabilities and misconfigurations).
Project Findings:
- We developed a framework, XCCDF-Harden, that imports the compliance reports and the configuration of the entire network along with the business model and generate a mitigation plan. The mitigation plan consists of recommendations to fix vulnerabilities or introduce countermeasures in appropriate locations in order increase the resistance against attacks and consequently, reduce the potential risks.
- We have evaluated the scalability of our framework on multiple networks with large number of hosts and configuration rules. Our preliminary results shows that the mitigation plan synthesis can take more than one hour for networks of 1000 hosts or more. We are investigating now new techniques to reduce this time.
Project Documentation:
Under the "View Paper" button, a technical paper is attached that describes our technical model and complete evaluation details. However, the mitigation actions in the paper are limited to patching and blocking network flows. It does not include the complete list of host-based and network mitigation actions.
Under the "View Paper" button, a technical paper is attached that describes our technical model and complete evaluation details. However, the mitigation actions in the paper are limited to patching and blocking network flows. It does not include the complete list of host-based and network mitigation actions.
Automated Risk Mitigation for Patching Vulnerabilities (Bottom-Up Approach)