Dynamic Risk Measurement and Mitigation for Proactive Security Configuration Management

The factors on which security depends are of dynamic nature. These include emergence of new vulnerabilities and threats, policy structure and network traffic. Due to the dynamic nature of these factors, objectively identifying and measuring security metrics is a major challenge. However, such an evaluation can significantly help security professionals in decision making such as choosing between alternative security architectures, designing security countermeasures, and to systematically modify security configurations in order to improve security. Moreover, this evaluation must be done dynamically to handle real time changes in the threat toward the network. In this paper, we propose a security metric framework that quantifies objectively the most significant security risk factors, which include existing vulnerabilities, historical trend of vulnerability of the remotely accessible services, prediction of potential vulnerabilities for any general network service and their estimated severity and finally propagation of an attack within the network. We have implemented this framework as a user-friendly tool called Risk based prOactive seCurity cOnfiguration maNAger (ROCONA)and showed how this tool simplifies security configuration management using risk measurement and mitigation. We also combine all the components into one single metric and present validation experiments using real-life vulnerability data from National Vulnerability Database (NVD) and show high accuracy and confidence of the proposed metrics.