A top-secret military command, which asked not to be identified, is pickier than most organizations about information security. And it’s one of the first users of CycSecure, the first commercial application of Cycorp Inc.’s Cyc Knowledge Base. The command uses CycSecure to ensure that all relevant patches have been applied to fix known vulnerabilities in its networked computers.
CycSecure taps into a variety of sources, including the U.S. Department of Defense’s Information Assurance Vulnerability Assessment notification program, to keep up to date on all known ways a system can be attacked. It also knows about the military command’s computers and networks and combines that knowledge with the vulnerability information to simulate network attacks. When it spots a potential vulnerability in a computer, it can go out to that box to determine whether it is in fact vulnerable and then recommend the appropriate patch.
“It can plan an attack from the outside or from a disgruntled employee on the inside,” says an information systems security analyst at the command. “It’s pretty amazing.”
Continue reading at Computerworld.