Cyber-threat resilience.

CyberViz is an analytical cyber simulation tool centered on three core areas: a) recognizing vulnerabilities within a cyber network; b) deploying defensive strategies to protect it; and c) evaluating performance to optimize iterative strategies. CyberViz is integrated with Raytheon’s Cyber Analysis Modeling Evaluation for Operations (CAMEO) software, which serves as the simulation engine on the backend. Operators engage with the tool to practice strategically placing defenses to efficiently and effectively defend against possible network attacks through “what-if” scenarios. To increase the situational awareness of a cyber operator focusing on defensive efforts, the networks presented include a unique trust ring visualization meant to signal the propagation of a known threat throughout the network. Following any simulation, the system provides summaries of defensive strategies, specific defensive and offensive metrics and comparative tools devised to guide an operator to increase performance in subsequent trials.

 

Network
Visualization
 

Supports 2D and 3D views of network configurations arranged by Operating System or by state of vulnerability, with dynamic layering for closer analysis

Defensive Strategy
Dashboard

Offers 4 relevant deployable defenses, with suggested duration and interval settings

Performance
Metrics
 

Calculates both defensive and offensive measures of success and comparison following each trial, to guide an operator's iterative strategies

Vunlerability Analysis
 

Includes a library of common vulnerabilities and exposures (CVEs) and their respective relationships to each node in a given network to guide defensive strategy


CyberViz Demo Video

The narrated video introduces the background of the technology, the overall layout of the network, and the flexibility and functionality of the interface.

You'll learn how a series of iterative defense strategies affects the overall health of the system, and gain a better appreciation of the applications of the CyberViz "what-if" analytical simulation tool.

 

 

Problem

Subject Matter Experts in the field of Cyber Security were recruited to evaluate an early prototype of CyberViz in order to validate initial assumptions, generate requirements for future iterations, and improve the overall functionality of the system.

Solution

Five subject matter experts participated in a usability study, ranging in years of experience in cyber security from 1.5 to 15 years. The evaluation began with a brief introductory demonstration of the tool. Participants were then asked to complete a series of five tasks with the tool, each time conducting a Concurrent Think Aloud to voice their thoughts as they proceeded to interact with the tool. The tasks focused on general comprehension, network visualization, vulnerability research, defensive deployment, and measures of effectiveness comprehension. Following each task, participants were asked to reflect on the ease of the task, as well as how the tool might compare to those used in their own job roles. After gathering general feedback and suggestions for improvement, participants completed a generic usability assessment known as the System Usability Scale.  Each session was recorded and lasted about two hours for each participant.

 

Overall, subject matter experts understood how the tool worked, and were able to successfully deploy defenses and review performance. The most common critique shared throughout the evaluations was the inability to patch multiple known vulnerabilities on a given node, which was rectified in the final product. Additionally, visibility to the level of criticality of vulnerabilities, in addition to the amount of nodes affected by a given vulnerability was also built into the existing product according to feedback.  Operators also would have liked to have seen a distinction in the network between user machines and servers, but generally found the visualization useful. When asked to compare the prototype to tools used in practice, one operator pointed out its similarity to a test environment that would have to be constructed in order to test a defensive strategy. This led to the insight that having a system like CyberViz might ultimately save time for an operator looking to run exploratory simulations. As indicated above, feedback collected from these evaluations was instrumental in the concepts for the redesign of the eventual product.

 

Testimonials

It was a great demo and everyone was impressed - thanks for helping make it happen!

Raytheon partner referring to Raytheon’s Engineer Week in Largo, FL (2015)