14 DAY TRIAL // The Massachusetts Institute of Technology, through its Lincoln Laboratory, will soon deliver a security solution that has never been employed before. Instead of focusing on the entire network, researchers say that the product, named NetSPA (Network Security Planning Architecture), will aim to discover the weakest spots and the routes that could be employed by criminals to launch a hack attack.
“It's a matter of what the attacker can get to and in what order,” says Kyle Ingols, a computer scientist working on NetSPA. Patching all hosts in a network can take a very long time, which is something that, in most cases, security professionals don't have. “If you spend time patching vulnerabilities the attacker can't get to first,” Ingols says, “you've left your network exposed longer.”
What NetSPA aims to do is find out which, from hundreds or thousands of hosts, are the critical ones. By patching them first, the network security is not put at risk for such a lengthy period of time. Basically, what the product has to do is to determine which would be the shortest way for a hacker to jump from a vulnerable host to another and finally assume control over the entire network.
Although the product hasn't been released on the market yet, it has evolved dramatically since its initial stages. If, in the early days, the maximum number of computers that NetSPA could handle was of 17, things have changed today. What researchers needed to do was to group the filtering rules set by firewalls or routers, and avoid taking them separately for each machine in the network, because this would be an operation too hard to handle even for algorithms.
Now, models common to at least two computers in the network are employed by the same algorithm. “The researchers have also developed new types of attack graphs and efficient algorithms to compute these graphs.” reads the announcement for the new product. One of the capabilities of NetSPA is that it can detect unexpected ways via which hackers can perform an attack. The MIT team offers the example of a long-forgotten authorization for an external IP to the network (such as is the case of a transaction made years ago, which implied mutual accessibility to the networks of both partners), which can still be exploited.