Cauldron mission-centric cyber situational awareness with defense in depth

The cyber situational awareness of an organization determines its effectiveness in responding to attacks. Mission success is highly dependent on the availability and correct operation of complex computer networks, which are vulnerable to various types of attacks. Today, situational awareness capabilities are limited in many ways, such as inaccurate and incomplete vulnerability analysis, failure to adapt to evolving networks and attacks, inability to transform raw data into cyber intelligence, and inability for handling uncertainty. We describe advanced capabilities for mission-centric cyber situational awareness, based on defense in depth, provided by the Cauldron tool. Cauldron automatically maps all paths of vulnerability through networks, by correlating, aggregating, normalizing, and fusing data from a variety of sources. It provides sophisticated visualization of attack paths, with automatically generated mitigation recommendations. Flexible modeling supports multi-step analysis of firewall rules as well as host-to-host vulnerability, with attack vectors inside the network as well as from the outside. We describe alert correlation based on Caldron attack graphs, along with analysis of mission impact from attacks.