It’s not the strength of your attacker, but the weakness of your network.
remains a top IT spending priority, companies may often focus on the wrong
Most security solutions identify critical vulnerabilities based on
third-party analysis, but those vulnerabilities don’t mean the same thing
for every network.
“One of the problems with most security tools is they can’t tell how an
attacker uses different vectors to get to a single point of your network,”
said Amrit Williams, an analyst with Gartner, a research firm
based in Stamford, CT.
That’s the value of solutions that do threat modeling and attack path
analysis, noted Williams.
Skybox Security, based in San Jose, Calif., provides a suite of security
risk management tools called Skybox View, that does just that.
The solution provides IT administrators with a holistic view of all of their
firewalls, routers and servers and the security tools and policies that
protect their networks.
Skybox View is intended to help measure the relative strengths and
weaknesses of each layer of security, and identify policy violations that
may need attention.
According to Ed Cooper, vice president of worldwide marketing for Skybox,
the solution helps IT administrators prioritize their tasks.
“Eighty-five percent of vulnerabilities [in a given network] are already
blocked,” he told internetnews.com.
“The 15 percent that aren’t blocked are the ones you should be focused on.”
“Why would you mitigate a high-ranked vulnerability that is buried in your
network when there is a low-ranked vulnerability sitting up by the
perimeter?” he said.
According to Cooper, Skybox View also allows users to create a virtual model
of their network.
This can help administrators determine where the network might be vulnerable
to worms; it can also help determine which features of security tools in
place the administrators should enable.
“Most sophisticated companies have invested in intrusion prevention
systems,” said Cooper. “But they’re not using all the capabilities of those
tools because they’re afraid of false positives.”
Cooper also noted that Skybox View offers administrators a holistic view of
how their systems work together.
“People are by and large still flying blind. They have no ability to
understand the impacts of how their systems are working together,” he said.
Williams noted that increasing visibility into a system can never be a bad
thing, but it’s not a panacea either.
“The success or value of threat modeling and attack path analysis is highly
dependent on having a process and a team to analyze the results so that
action can be taken and better decisions can be made,” he said.
Indeed, while Cooper argued that the Skybox solution could automate a
firewall audit process that could take a full year to accomplish, and get it
done in five minutes, Williams cautioned that it’s not that simple.
“Technology doesn’t replace the need for a process to deal with the
information and a set of people who can analyze the data,” he said.