A MULTI-LAYER TREE MODEL FOR ENTERPRISE VULNERABILITY MANAGEMENT

Conducting enterprise-wide vulnerability assessment (VA) on a regular basis plays an important role in assessing an enterprise's information system security status. However, an enterprise network is always very complex, separated into different types of zones, and consisting hundreds of hosts in the networks. The complexity of IT system makes VA an extremely time-consuming task for security professionals. They are seeking for an automated tool that helps monitor and manage the overall vulnerability of an enterprise. This paper presents a novel methodology that provides a dashboard solution for managing enterprise level vulnerability. In our methodology, we develop a multi-layer tree based model to describe enterprise vulnerability topology. Then we apply a client/server structure to gather vulnerability information from enterprise resources automatically. Finally a set of well-defined metric formulas is applied to produce a normalized vulnerability score for the whole enterprise. We also developed the implementation of our methodology, EVMAT, and Enterprise Vulnerability Management and Assessment Tool, to test our method. Experiments on a small E-commerce company and a small IT company demonstrate the great potentials of our tool for enterprise-level security.