Vulcan Cyber Adds Graph Tool to Better Manage Attack Surfaces
Vulcan Cyber today unveiled a graph technology tool that promises to make it simpler to visualize cybersecurity attack paths and measure the impact those attacks might have on an organization.
Tal Morgenstern, co-founder and chief product officer for Vulcan Cyber, said the Vulcan Cyber Attack Path Graph enables cybersecurity teams to better prioritize their remediation efforts by providing a holistic view of increasingly complex distributed computing environments. Risks can be identified using, for example, MITRE ATT&CK tactics and techniques to surface potential attack paths.
The first release of Vulcan Cyber Attack Path Graph provides support for Amazon Web Service (AWS) cloud, including the ability to analyze security groups, access control lists (ACLs) and subnets to create a topology map. In the longer term, Vulcan Cyber Attack Path Graph will be able to combine vulnerability data from tools capable of scanning multiple environments.
While cyberattacks have increased in volume and sophistication, one major issue that doesn’t receive much attention is the fact that the attack surface cybersecurity teams are asked to defend is growing exponentially. Applications are now routinely deployed everywhere from the network edge to the cloud. Cybersecurity teams today have limited visibility into highly distributed computing environments, noted Morgenstern.
Existing risk scoring tools focus on the severity of a given vulnerability but don’t provide cybersecurity teams with enough context concerning, for example, how widely a specific vulnerability issue impacts the organization, he added.
That context is critical because it enables the business to prioritize remediation efforts based on their actual level of risk and streamlines the effort required to patch every instance of that vulnerability across multiple application environments, said Morgenstern.
Prioritizing remediation efforts is a major issue because organizations don’t have infinite application development resources. Most developers typically allocate 10% of their time to developing and deploying patches versus spending time building new applications. As such, it’s critical for cybersecurity teams to identify which vulnerabilities represent the most critical threat to the business.
Building and maintaining a large list of vulnerabilities only further alienates developers when, for example, they discover the vulnerability in question resides in an application that doesn’t face the internet. That issue, in fact, is at the core of the cultural divide between cybersecurity teams and application developers. Too often, that divide plays into the hands of cybercriminals that are always looking for vulnerabilities they can exploit to access critical business data to exfiltrate.
Of course, there is a natural tendency to want to defend the entire IT environment. However, given the size of the defensible attack surface, that isn’t feasible. As Frederick the Great once noted, “He who defends everything defends nothing.” Like it or not, cybersecurity teams have limited resources compared to cybercriminals, so it’s critical to marshal them in the most effective way possible. After all, the goal isn’t necessarily to prevent every breach but to limit the blast radius.
