CyVision
A fresh way to see cybersecurity
Textured Background 2.jpg

Patents

Patents

CyVision has the exclusive license for the Cauldron™ technology used to determine network safety against unknown attacks (zero-day attacks).

The advanced Cauldron™ technology has obtained the Army Research Office MURI award numberW911NF-09-1-0525US Patent 7,627,900US Patent 7,555,778US Patent 7,735,141US Patent 7,904,962.

 

Abstract

Disclosed is framework for aggregating network attack graphs. A network may be represented as a dependency graph. Condition set(s), exploit set(s) and machine set(s) may be generated using information from the dependency graph. Exploit-condition set(s) may be generated using the condition set(s) and the exploit set(s). Machine-exploit set(s) may be generated using the exploit-condition set(s) and machine set(s).


Abstract

Disclosed is a network hardening mechanism. The mechanism: generates a dependency graph from a multitude of exploits; constructs a goal conditions expression which may then be used to determine set(s) of safe network configurations. A subset of these safe network configuration sets may then be selected for implementation using hardening costs as a criterion.


Abstract

Disclosed is a system for correlating intrusion events using attack graph distances. The system includes an attack graph generator, an exploit distance calculator, an intrusion detector, an event report/exploit associator an event graph creator, an event graph distance calculator, a correlation value calculator, and a coordinated attack analyze. An attack graph is constructed for exploits and conditions in a network. The exploit distance calculator determines exploit distances for exploitpair(s). The intrusion detector generates event. Events are associated with exploits. Event graph distances are calculated. Correlation values are calculated for event pair(s) using event graph distances. The correlation values are analyzed using a correlation threshold to detect coordinated attacks. 


Abstract

Disclosed is a system for modeling, analyzing, and responding to network attacks. Machines are mapped to components, components are mapped to vulnerabilities, and vulnerabilities are mapped to exploits. Each of the exploits includes at least one precondition mapped to at least one postcondition. An attack graph which defines inter-exploit distances is generated using at least one of the exploits. The attack graph is aggregated. At least one hardening option is determined using the aggregated attack graph. Hardening options include applying at lesat one corrective measure to at least one initial condition, where the initial condition is the initial state of a precondition.