VULCON: A System for Vulnerability Prioritization, Mitigation, and Management
- Dartmouth College
- George Mason University, Fairfax, VA
Vulnerability remediation is a critical task in operational software and network security management. In this paper, an effective vulnerability management strategy, called VULCON (VULnerability CONtrol), is developed and evaluated. The strategy is based on two fundamental performance metrics: i). Time-to-Vulnerability Remediation (TVR) and; ii). Total Vulnerability Exposure (TVE). VULCON takes as input real vulnerability scan reports, metadata about the discovered vulnerabilities, asset criticality, and personnel resources. VULCON uses a mixed integer multi-objective optimization algorithm to prioritize vulnerabilities for patching, such that the above performance metrics are optimized subject to the given resource constraints. VULCON has been tested on multiple months of real scan data from a Cyber-Security Operations Center (CSOC). Results indicate an overall Total Vulnerability Exposure reduction of 8.97\% when VULCON optimizes a realistic security analyst workforce's effort. Additionally, it is demonstrated that VULCON can determine monthly resources required to maintain a target TVE score. As such, VULCON provides valuable operational guidance for improving vulnerability response processes in CSOCs.
- Research Organization:
- Pacific Northwest National Lab. (PNNL), Richland, WA (United States)
- Sponsoring Organization:
- USDOE
- DOE Contract Number:
- AC05-76RL01830
- OSTI ID:
- 1470730
- Report Number(s):
- PNNL-SA-133665
- Journal Information:
- ACM Transactions on Privacy and Security, Vol. 21, Issue 4; ISSN 2471-2566
- Country of Publication:
- United States
- Language:
- English
Similar Records
Cyber-Physical Security Assessment (CyPSA) Toolset
Assessing Vulnerabilities, Risks, and Consequences of Damage to Critical Infrastructure