EVMAT: An OVAL and NVD Based Enterprise Vulnerability Modeling and Assessment Tool

Enterprise-wide vulnerability assessment is one of the key processes of Enterprise Risk Management. However, due to the complexity of IT systems, it requires extremely time-consuming effort for information security professionals to evaluate enterprise vulnerability scores and security status on a regular basis. Security administrators are seeking for an automated tool that helps monitor and evaluate the overall vulnerability of an enterprise. This paper presents a novel tool, EVMAT, which provides a dashboard solution for monitoring enterprise vulnerability levels for properly enterprise risk management. It firstly models the enterprise vulnerability topology and then gathers relevant information automatically and remotely from different constituents and resources existed in enterprise network. Next it computes and analyzes the vulnerability situation of the enterprise according to a carefully-designed metrics. Experiments on a small E-commerce company demonstrate the great potentials of our tool for enterprise-level security.