Big Data Analytics on Cyber Attack Graphs for Prioritizing Agile Security Requirements
Title | Big Data Analytics on Cyber Attack Graphs for Prioritizing Agile Security Requirements |
Publication Type | Conference Paper |
Year of Publication | 2019 |
Authors | Hadar, Ethan, Hassanzadeh, Amin |
Conference Name | 2019 IEEE 27th International Requirements Engineering Conference (RE) |
Publisher | IEEE |
ISBN Number | 978-1-7281-3912-8 |
Keywords | Agile Security, Agile Security models different types, agile style, attack graph, Attack Path, attack surface, attack surface reduction, Big Data, Big Data analytics, business data processing, business process targets, business processes, business risks, cardinal assets, complex big data graph, compositionality, Computer crime, constant prioritization, critical assets identification, cyber attack graphs, Cyber Digital Twin, cyber-attacks, Data analysis, graph analytics, graph theory, managed assets, Organizations, potential hacking paths, prioritizes surgical requirements, prioritizing Agile Security requirements, process control, pubcrawl, Remediation Requirements, requirements backlog, Requirements Prioritization, risk analysis, risk management, risk-reduction security requirements, Scalability, security, Security Operation Center, security requirements, security scalability, software prototyping, Standards organizations, virtual adversary attack paths |
Abstract | In enterprise environments, the amount of managed assets and vulnerabilities that can be exploited is staggering. Hackers' lateral movements between such assets generate a complex big data graph, that contains potential hacking paths. In this vision paper, we enumerate risk-reduction security requirements in large scale environments, then present the Agile Security methodology and technologies for detection, modeling, and constant prioritization of security requirements, agile style. Agile Security models different types of security requirements into the context of an attack graph, containing business process targets and critical assets identification, configuration items, and possible impacts of cyber-attacks. By simulating and analyzing virtual adversary attack paths toward cardinal assets, Agile Security examines the business impact on business processes and prioritizes surgical requirements. Thus, handling these requirements backlog that are constantly evaluated as an outcome of employing Agile Security, gradually increases system hardening, reduces business risks and informs the IT service desk or Security Operation Center what remediation action to perform next. Once remediated, Agile Security constantly recomputes residual risk, assessing risk increase by threat intelligence or infrastructure changes versus defender's remediation actions in order to drive overall attack surface reduction. |
URL | https://ieeexplore.ieee.org/document/8920695 |
DOI | 10.1109/RE.2019.00042 |
Citation Key | hadar_big_2019 |
- risk analysis
- graph theory
- managed assets
- Organizations
- potential hacking paths
- prioritizes surgical requirements
- prioritizing Agile Security requirements
- process control
- pubcrawl
- Remediation Requirements
- requirements backlog
- Requirements Prioritization
- graph analytics
- risk management
- risk-reduction security requirements
- Scalability
- security
- Security Operation Center
- security requirements
- security scalability
- software prototyping
- Standards organizations
- virtual adversary attack paths
- business risks
- Agile Security models different types
- agile style
- attack graph
- Attack Path
- attack surface
- attack surface reduction
- Big Data
- Big Data Analytics
- business data processing
- business process targets
- business processes
- Agile Security
- cardinal assets
- complex big data graph
- Compositionality
- Computer crime
- constant prioritization
- critical assets identification
- cyber attack graphs
- Cyber Digital Twin
- cyber-attacks
- data analysis