2011 Articles
ALDR: A New Metric for Measuring Effective Layering of Defenses
Attackers continually innovate and craft attacks that penetrate existing defenses. New security product purchasing decisions are key in order to keep organizations as secure as possible. Current information available to inform these decisions is often limited to individual security product detection/blocking rates for some test set of attacks. Actual security performance, however, depends on how a security product performs in the context of an organization’s existing security products. Even a security product that tests well on its own may be completely redundant when deployed into an existing environment. We propose a new metric that measures the total security granted by a combination of security products. Also, this metric makes the computation of the added benefit of an additional security product easy. We take the results of each individual security product parsing a certain data set and then, take the union of the results of all security products deployed at that organization. Our metric is the attacks in this union divided by the total attacks in the data set or, in other words, the total detection rate achieved by the whole system. This metric can be computed using existing evaluation techniques and provides a more accurate overall picture of the security posture of an organization as well as a way to measure the real contribution of a specific security product in the context of other security layers.
Subjects
Files
- law2011-aldr-final.pdf application/pdf 153 KB Download File
Also Published In
- Title
- Fifth Layered Assurance Workshop (LAW 2011), Orlando, Florida, December 5-6, 2011
More About This Work
- Academic Units
- Computer Science
- Published Here
- October 12, 2012