Rather than requiring users to supply information about the network, CycSecure has the ability to scan the network and build up a model of that network in the KB. Since the process is automated and nondisruptive, the network model can be kept continuously updated, and the security reasoning is always taking place over the most recent, accurate picture of the network.

CycSecure discovers potential compromises that would otherwise go undetected because they involve attack plans with a large number of steps, often exploiting different "minor" vulnerabilities present on several machines. Other tools either lack this capability or run canned exploit "scripts" of well-known past attacks; thus they are unable to find novel attacks and can be harmful to the network.

The most critical vulnerabilities are not always the ones which in isolation appear to be the most serious, but rather those which can be exploited as steps and sub-steps in attack plans having the most serious overall consequences.

Being aware of the actual sequences of actions that can compromise your network enables the user to decide how and where to modify the network in order to thwart attack plans. Instead of just making those changes directly, however, they can use CycSecure's "What if" analysis.

CycSecure users can see the effects of any planned changes to the network configuration, network security policies, etc. by editing CycSecure's model of their network and rerunning vulnerability analyses on the edited model. The "what if" analysis can be carried out before users commit to time-consuming network changes which may themselves introduce new vulnerabilities.

Because CycSecure represents your network as a model that can be updated and reasoned over, it is easy to track network changes by querying the model. Saved queries representing compliance states or known problem states can be rerun frequently in order to find noncompliant or problematic systems.

Since the attacks and the analyses are happening on a simulation of the network instead of the actual network, CycSecure mitigates the risk of system damage, downtime, and bandwidth consumption. Other state-of-the-art vulnerability assessment tools operate by an invasive technique -- actually running known exploits against a network -- which disrupts network functionality. Since those tools are potentially disruptive, users often choose to run them infrequently. CycSecure is non-invasive, both in scanning and in analysis, so it can be run continuously.