Rather than requiring users to supply information about the network, CycSecure has the ability to scan the network and build up a model of that network in the KB. Since the process is automated and nondisruptive, the network model can be kept continuously updated, and the security reasoning is always taking place over the most recent, accurate picture of the network.

CycSecure discovers potential compromises that would otherwise go undetected because they involve attack plans with a large number of steps, often exploiting different "minor" vulnerabilities present on several machines. Other tools either lack this capability or run canned exploit "scripts" of well-known past attacks; thus they are unable to find novel attacks and can be harmful to the network.

The most critical vulnerabilities are not always the ones which in isolation appear to be the most serious, but rather those which can be exploited as steps and sub-steps in attack plans having the most serious overall consequences.

Being aware of the actual sequences of actions that can compromise your network enables the user to decide how and where to modify the network in order to thwart attack plans. Instead of just making those changes directly, however, they can use CycSecure's "What if" analysis.

CycSecure users can see the effects of any planned changes to the network configuration, network security policies, etc. by editing CycSecure's model of their network and rerunning vulnerability analyses on the edited model. The "what if" analysis can be carried out before users commit to time-consuming network changes which may themselves introduce new vulnerabilities.

Because CycSecure represents your network as a model that can be updated and reasoned over, it is easy to track network changes by querying the model. Saved queries representing compliance states or known problem states can be rerun frequently in order to find noncompliant or problematic systems.

Since the attacks and the analyses are happening on a simulation of the network instead of the actual network, CycSecure mitigates the risk of system damage, downtime, and bandwidth consumption. Other state-of-the-art vulnerability assessment tools operate by an invasive technique -- actually running known exploits against a network -- which disrupts network functionality. Since those tools are potentially disruptive, users often choose to run them infrequently. CycSecure is non-invasive, both in scanning and in analysis, so it can be run continuously.

Objects, processes, and conditions (many of which have already modeled in the Cyc knowledge base on which CycSecure is built) can be optionally integrated into its generated attack and defense plans.

The declarative nature of CycSecure's knowledge model means that virtually all of the information and expertise developed to support attack and defense planning can also serve to support related applications such as the generation of individualized instruction and dynamic evaluation/certification of security personnel.  The knowledge model plus the inference engine together have a dynamic nature as well, of course: the assertions logically chain together into arguments (like proofs, but with some steps being only default-true) corresponding to plausible attack scenarios and, for any attack, plausible defense scenarios.  These dynamic scenarios could be used to drive a simulator, helping teach (or test) administrators to cope with varied challenging situations, akin to the use of flight simulators in training/testing pilots.