Vulnerability management tools for COTS software - A comparison

S.M. Welberg; S.M. Welberg

Vulnerability management tools for COTS software - A comparison

S.M. Welberg, S.M. Welberg

Research output: Book/Report › Report › Professional

261 Downloads (Pure)

Abstract

In this paper, we compare vulnerability management tools in two stages. In the first stage, we perform a global comparison involving thirty tools available in the market. A framework composed of several criteria based on scope and analysis is used for this comparison. From this global view of the tools, we detected that only three tools perform correlated analysis. Correlated analysis can be done in two ways: (i) correlation of scanning results with the output from other security devices such as firewall and intrusion detection systems, or (ii) correlation between vulnerabilities composing attack scenarios. Although both correlations add value to vulnerability management, the latter is especially important to unveil stepping stones which could be exploited by attackers. The comparison shows that two out of three tools perform correlation of the second type but scalability and the amount of manual input required seems to be their biggest problems.

Original language	Undefined
Place of Publication	Enschede
Publisher	Information Systems (IS)
Number of pages	9
Publication status	Published - 21 Feb 2008

Publication series

Name	CTIT Technical Report Series
Publisher	Centre for Telematics and Information Technology, University of Twente
No.	TR-CTIT-08-15
ISSN (Print)	1381-3625

Keywords

IR-64654
METIS-265734
EWI-12034

Access to Document

Cite this

Welberg, S. M., & Welberg, S. M. (2008). Vulnerability management tools for COTS software - A comparison. (CTIT Technical Report Series; No. TR-CTIT-08-15). Enschede: Information Systems (IS).

@book{0d802b507acd413bb349223a0517481b,

title = "Vulnerability management tools for COTS software - A comparison",

abstract = "In this paper, we compare vulnerability management tools in two stages. In the first stage, we perform a global comparison involving thirty tools available in the market. A framework composed of several criteria based on scope and analysis is used for this comparison. From this global view of the tools, we detected that only three tools perform correlated analysis. Correlated analysis can be done in two ways: (i) correlation of scanning results with the output from other security devices such as firewall and intrusion detection systems, or (ii) correlation between vulnerabilities composing attack scenarios. Although both correlations add value to vulnerability management, the latter is especially important to unveil stepping stones which could be exploited by attackers. The comparison shows that two out of three tools perform correlation of the second type but scalability and the amount of manual input required seems to be their biggest problems.",

keywords = "IR-64654, METIS-265734, EWI-12034",

author = "S.M. Welberg and S.M. Welberg",

year = "2008",

month = "2",

day = "21",

language = "Undefined",

series = "CTIT Technical Report Series",

publisher = "Information Systems (IS)",

number = "TR-CTIT-08-15",

}

TY - BOOK

T1 - Vulnerability management tools for COTS software - A comparison

AU - Welberg, S.M.

PY - 2008/2/21

Y1 - 2008/2/21

N2 - In this paper, we compare vulnerability management tools in two stages. In the first stage, we perform a global comparison involving thirty tools available in the market. A framework composed of several criteria based on scope and analysis is used for this comparison. From this global view of the tools, we detected that only three tools perform correlated analysis. Correlated analysis can be done in two ways: (i) correlation of scanning results with the output from other security devices such as firewall and intrusion detection systems, or (ii) correlation between vulnerabilities composing attack scenarios. Although both correlations add value to vulnerability management, the latter is especially important to unveil stepping stones which could be exploited by attackers. The comparison shows that two out of three tools perform correlation of the second type but scalability and the amount of manual input required seems to be their biggest problems.

AB - In this paper, we compare vulnerability management tools in two stages. In the first stage, we perform a global comparison involving thirty tools available in the market. A framework composed of several criteria based on scope and analysis is used for this comparison. From this global view of the tools, we detected that only three tools perform correlated analysis. Correlated analysis can be done in two ways: (i) correlation of scanning results with the output from other security devices such as firewall and intrusion detection systems, or (ii) correlation between vulnerabilities composing attack scenarios. Although both correlations add value to vulnerability management, the latter is especially important to unveil stepping stones which could be exploited by attackers. The comparison shows that two out of three tools perform correlation of the second type but scalability and the amount of manual input required seems to be their biggest problems.

KW - IR-64654

KW - METIS-265734

KW - EWI-12034

M3 - Report

T3 - CTIT Technical Report Series

BT - Vulnerability management tools for COTS software - A comparison

PB - Information Systems (IS)

CY - Enschede

ER -