Prometheus is an innovative solution for comprehensive security posture analysis of computing infrastructures and applications. It operates by continuously monitoring trustworthy data sources, such as national vulnerability databases, to identify vulnerabilities specific to the devices and configuration of a given infrastructure.
Prometheus employs named entity recognition (NER) and word embeddings to automatically extract the semantic meaning of vulnerabilities, including their preconditions and postconditions. This information is then used to construct potential attack graphs, which are analyzed to evaluate the security posture.
Prometheus adopts a multi-layered approach, categorizing vulnerabilities into distinct layers such as machine learning, system, hardware, network, and cryptography. This allows for prioritized risk analysis, mitigation strategies, and patching efforts based on the specific nature and severity of vulnerabilities at each layer.
The system generates two types of attack graphs: cumulative (or multi-layer) attack graphs and layered attack graphs. Cumulative attack graphs show how an attacker could exploit vulnerabilities across multiple layers, while layered attack graphs focus on the exploitation of vulnerabilities within the same layer. This dual representation provides a comprehensive understanding of the potential attack paths.
Prometheus also incorporates a risk scoring system that computes exploitability, impact, and risk scores for each attack graph. This quantification process helps identify the most impactful attack paths within the network infrastructure, enabling security professionals to prioritize mitigation efforts.
A otro idioma
del contenido fuente
arxiv.org
Ideas clave extraídas de
by Xin Jin,Char... a las arxiv.org 05-02-2024
https://arxiv.org/pdf/2312.13119.pdfConsultas más profundas