China
Africa
Explore chapters and articles related to this topic
Malware Detection and Mitigation
Published in Nicholas Kolokotronis, Stavros Shiaeles, Cyber-Security Threats, Actors, and Dynamic Mitigation, 2021
Gueltoum Bendiab, Stavros Shiaeles, Nick Savage
The Security Content Automation Protocol or OpenSCAP37 (LGPL v2.1 license) is an auditing tool maintained by NIST. It is used by many institutions in both the private and public sectors for enforcing their security policy and minimizing the threat of an attack on their infrastructure. OpenSCAP is both a library and a command-line tool that can be used to analyze and evaluate each component of the SCAP standard. SCAP supports automated configuration, vulnerability and patch scanning, technical control compliance activities, and security measurement.
Technology
Published in Park Foreman, Vulnerability Management, 2019
Security Content Automation Protocol (SCAP, pronounced “ess-cap”) is an overarching suite of the aforementioned standards that include CVE, CVSS, CPE, XCCDF, and OVAL. The NIST maintains the SCAP content, which defines how all of these protocols work together in an automated fashion. It also contains the content of all of these standards in the NVD.
Cyber Diversity Index for Sustainable Self-Control of Machines
Published in Cybernetics and Systems, 2022
Autonomous Computing (AC) implements automation in system maintenance and develops mechanisms and techniques for system self-healing and automatic software patch generation when exposed to zero-day attacks (Gaudin et al. 2010). Demand for automation and solutions to fragmentation issues drive the development of new technologies such as Security Orchestration, Automation and Response (SOAR) (Engelbrecht 2017) or Security Operations and Analytics Platform Architecture (SOAPA) (Oltsik and Cahill 2017) in addition to the traditional Security Information Event Management (SIEM) used in Security Operation Centers (SOC). The United States Department of Homeland Security has sponsored a number of different techniques to automate information sharing such as: Trusted Automated eXchange of Indicator Information (TAXII™), Structured Threat Information eXpression (STIX™) and Cyber Observable eXpression (CybOX™) (CERT 2019). The Security Content Automation Protocol (SCAP) is a group of standards that enables the automation of vulnerability management and policy compliance (NIST 2019a). OpenSCAP (2019) is the practical implementation of the SCAP model, supported by most major Linux distributions. OpenSCAP supports hardening guides such as Security Technical Implementation Guides (STIG) provided by the Defense Information Systems Agency (DISA) (2019) and hardening images from the Center for Internet Security (CIS) (2019). The SCAP components were created and are maintained by several entities, including NIST, MITER Corporation, National Security Agency (NSA), and the Forum of Incident Response and Security Teams (FIRST) (NIST 2019b). Baah et al. (2016) identify several gaps in Cyber Defense Automation (CDA) which prevent automation moving toward self-healing or self-immunising systems. They identified seven components: 1) attack/vulnerability detection, 2) attack/vulnerability analysis, 3) impact blocking, 4) recovery, 5) vulnerability patching, 6) system cleansing, and an optional 7) active response component. They report that no known technical effective defence systems perform treatment and classification and that there is a high level of false positives related to automated vulnerability discovery and remediation techniques. Vulnerability triage is a highly manual task. Blocking systems are still by-passable and not fully automated and automated blocking actions are unscalable. Automated patching for buggy applications is unscalable and there are no controls in place to verify the impact of the patch.