Automated Cyber Risk Mitigation: Making Informed Cost-Effective Decisions

Automated and cost-effective security configuration for cyber risk management is a complex decision-making process because it requires considering many different factors, including hosts’ security weaknesses, potential threat actors, critical assets’ exposure to threat actors due to network connectivity, service reachability requirements according to business polices, acceptable usability due to security hardness, and budgetary constraints. Although many automated techniques and tools have been proposed to scan host vulnerabilities and verify their compliance with security policies, existing approaches lack metrics and analytics to identify fine-grained network access control based on comprehensive risk analysis using the network connectivity and both the hosts’ compliance reports and live threat activity. In this chapter, we present metrics to assess the enterprise cyber risk considering the (1) network connectivity requirements, (2) the end-host security compliance reports based on vulnerabilities and configuration weaknesses, and (3) their dynamic threat indicators based on host intrusion detection and scoring tools. We then employ these metrics in a formal framework that automatically generates enterprise risk mitigation actions that encompass host-based vulnerability fixes and network access hardening actions. The risk mitigation plans generated using our framework minimize the residual risk given limited mitigation budgets to meet the expected Return On Investment (ROI). The integration of dynamic threat indicators allows our framework to automatically initiate inspection and access control hardening actions for the hosts that show potential malicious activities. We implemented our framework based on advanced formal methods using Satisfiability Modulo Theories (SMT), which has shown scalability for large-size networks.