Existing network security audit systems are often detection-based rather than prevention-based. These existing systems generally work in one of two ways: (1) real time intrusion detection; and (2) proactive vulnerability analysis and penetration testing. Real time intrusion detection systems often use packet sniffing capabilities and/or other network response tools to detect attacks on the network. Existing real time systems thus take a defensive rather than an offensive approach to network security.
After an intrusion on the network is detected, current network security audit systems often make remediation attempts to mitigate the problem. Such remediation attempts are generally initiated manually for the particular device on the network that is being attacked. As the devices on the network increase, however, manual remediation attempts become costly and inefficient for dealing with security attacks.
Furthermore, because real time intrusion detection information typically comes too late to be useful in formulating a defense, it is generally used forensically to determine the extent of compromise on the network security. Furthermore, real time intrusion detection information is generally of no or little value in determining the level of compliance with enterprise security policy and/or regulatory policy.
With respect to vulnerability analysis tools, such tools typically only search for known vulnerabilities. In this regard, consultants are often hired to conduct penetration-testing tasks using several vulnerability analysis tools in conjunction with the knowledge that they have accumulated over time in handling specific vulnerabilities.
However, for networks of even just a few thousand nodes, consultants typically can only review a small sampling of the network (typically only 5-10 percent). Information on the sampled nodes are then extrapolated to give some measure of vulnerability for the entire network. Such extrapolation, however, can often be extremely inaccurate.
Remediation attempts for policy violations provided by the prior art are also typically manually handled. The prior art further provides little ability for accurately tracking such remediation attempts. Furthermore, it is generally only the sampled assets that obtain remediation attention.
Accordingly, what is desired is a prevention-based network security audit system that provides an automated assessment of security and regulatory policies, network vulnerability analysis, manages remediation efforts, and makes recommendations for improving the security of the global network on a periodic basis to help prevent attacks before they occur.