Validating and restoring defense in depth using attack graphs
With the number of vulnerabilities growing rapidly, repairing all vulnerabilities costs much.
Next Generation security tools will have proactive security strategy far beyond the classical firewalls and antivirus scanners possess.
Previous work introduced the idea of grouping alert s at a Hamming distance of 1 to achieve lossless al ert aggregation; such aggregated meta-alerts were shown to increase alert interpretability.
However, a mea n of 84023 daily Snort alerts were reduced to a still formidable 14099 meta-alerts.
Defense-in-depth is an important security architecture principle that has significant application to industrial control systems (ICS), cloud services, storehouses of sensitive data, and many other areas.
Is it possible that the systems (devices, computers, routers, switches) paradigm of defense in depth is part of the problem?This work is sponsored by the United States Air Force under Air Force Contract FA8721-05-C-0002.Opinions, interpretations, conclusions and recommendations are those of the authors and are not necessarily endorsed by the United States Government.Enterprise network security management is a complex task of balancing security and usability, with trade-offs often necessary between the two.Past work has provided ways to identify intricate attack paths due to misconfiguration and vulnerabilities in an enterprise system, but little has been done to address how to correct the security problems within the context of various other requirements such as usability, ease of access, and cost of countermeasures.