CyVision Technologies, Inc.

A Fresh Way To See Cyber Security™

Why CyVision Technologies?

The industry has moved from Compliance to Risk Management

• BLUF/BAS:
• Deliver enhanced security services faster, better and at a lower cost in a
commodity marketplace

• Manager of Managers for Cyber

• Capacity vs. Capability

• The total cost of cybersecurity

Cauldron™ holds Nine (9) Patents

 How is It Done?

Cauldron™ analyzes the three Cauldron™ generates a

ACL
(3) types of cyber security Log/Big Data combined view of
data common to all networks Data vulnerabilities
SMEs make the decisions
Scan
Data

Cauldron™ is a RAM-based, Requires no APIs

portable software Scripting or BAT file
Visual Threat
application that can run on automation
Picture
any network No implementation costs
Risk Equation - Prioritization Scoring

• Risk = Vulnerability × threat × consequence

• Elements that go into a prioritization score

• Is the vulnerability external or internal?
• Does it connect to a Critical Asset – yes/no?
• If it connects to a Non-critical Asset – can that asset
connect to a critical asset – yes/no?
• What is the value of the vulnerability – CVSS score?
Priority Scoring Examples

totals 27
An external that reaches a Critical Asset with a CVSS score of 7

totals 24.5
An external that reaches a Non-Critical Asset (that can reach a
Critical Asset) with a CVSS score of 7
totals 22
An external that reaches a Non-Critical Asset (that cannot reach a
Critical Asset) with a CVSS score of 7
totals 22
An internal that reaches a Critical Asset with a CVSS score of 7

totals 19.5
An internal that reaches a Non-Critical Asset (that can reach a
Critical Asset) with a CVSS score of 7
totals 17
An internal that reaches a Non-Critical Asset (that cannot reach a
Critical Asset) with a CVSS score of 7
Risk Equation

• Risk = Vulnerability × threat × consequence

• Vulnerability comes from CVSS score
• Threat – external v internal
• amount of control over the source/attacker
• Where are they coming from and how are they reaching the critical assets.
• Consequence = asset
• condition of the asset; functionality of the asset; reachability
• How do you approach the problem?
• Do you re- architect your environment?
• How do you reduce the attack surface?
• How do you know how everything is connected?
Priority Scoring Results
 Secure Design
The Business Need for Cauldron™

Businesses want to:

Better Reporting
1. Understand their security profile at cyber
appropriate speed and cost
2. Design network changes to improve security
3. Deploy resources in the most effective means
to work smarter to secure the enterprise

Smart Remediation
Cyber attack incidents increase exponentially every year.
Cauldron™ helps businesses identify these types of
threats for prioritized remediation.
 The End Result

Cauldron™ develops a full network

assessment that aggregates and
evaluates network data to create a
vulnerability index

No more guessing; Cauldron™

MAPS the attacks and shows how to
defend and protect your network
 The Cauldron™ Advantage

• Dashboards Display Several Security • Cauldron™ displays a Common

Tool “Windows” on one Screen Operating Picture
Common Enterprises

Can you find the Vulnerability?

1. Visually Identify threats
2. Prioritize Mitigation

Cauldron™
3. Strengthen Posture

• Data is displayed without proper context; • A Manager of Managers that provides

no prioritization to mitigate security Enhanced Visualization and Defense in Depth
threats
Next Steps

• Are you a user?

• Are you a service provider?
• Are you a reseller?
• A solution provider?
• Are you an OEM?
• Are you “all of the above”?
• Are you “none of the above”?