Managing cyber security vulnerabilities in large networks

Networks and computers often hold a company's most precious and costly comm odities-its intellectual properties and proprietary data. If the network an d computer vulnerabilities of any large network-such as the Lucent Technolo gies intranet-are not identified and mitigated they could enable an intrude r to seriously compromise the security of a company's network, computers, a nd data. Given the voluminous nodes and hosts in Lucent's intranet, it is n ot operationally feasible to scan the entire network to search for vulnerab ilities. In this paper, we describe a methodology for statistical sampling and analysis, combined with a network and host security discipline for deve loping Lucent's cyber security profile in an effective, efficient manner. W e have also developed a methodology for correlating vulnerabilities in and among the network and operating systems. We found the distribution of high- risk vulnerabilities to be very concentrated. Through root cause analyses, we developed a focused plan for mitigating vulnerabilities effectively and efficiently. These patent-pending methodologies will enable cyber security management in a large networked environment and, if properly deployed, will be to network security what quality control charts are to manufacturing pr ocesses.