ATCorp Releases CSAS - Cloud Security Analysis Suite for Applications in the Cloud

News provided by

Feb 26, 2016, 08:30 ET

EDEN PRAIRIE, Minn., Feb. 26, 2016 /PRNewswire/ -- As government and private sector applications move to "the cloud," system analysts have few ways of measuring their exposure to known and unknown security risks. ATCorp has announced the availability of CSAS, a software tool that helps software developers and analysts discover actual vulnerabilities and configuration problems in their systems. It allows analysts to evaluate the overall risks those vulnerabilities pose in their specific applications, and mitigate those risks as warranted.

Photo - http://photos.prnewswire.com/prnh/20160224/337014

CSAS's approach applies to multiple applications:

Cloud application security analysis
Track system requirements
Software testing and validation
Impact/fault tree analysis to relate possible modes of attack
Attack reconstruction
Tracking of software vulnerability in complex applications

Key Ingredients

Unlike competing assessment systems, CSAS provides a framework for mapping high-level security concerns, such as the protection of sensitive data. CSAS's models also help compute metrics such as minimum remediation cost or attack complexity.

CSAS integrates into existing workflows by employing standards such as the U.S. National Institute of Standards and Technology (NIST) Security Content Automation Protocol (SCAP) and tools such as the NIST National Vulnerability Database (NVD). CSAS's tools can query Amazon Web Services (AWS) and OpenStack cloud configurations, as well as examine configuration data on individual cloud machine instances and external databases.

CSAS provides a number of benefits including:

Provides more thorough & repeatable analysis, through a structured, hierarchical framework for security models
Saves time: performs on-line tests to determine which modeled vulnerabilities are actually present
Improves and extends existing host-based security analysis techniques to the cloud and distributed systems
Saves labor, pinpoints problems faster; automates routine compliance testing to ensure risks have not been introduced due to configuration changes by the cloud provider or newly-discovered software vulnerabilities
Improves system designs: assists with design tradeoffs
Improves analytics: computes other tree-derived metrics, such as costs, impact, requirement analysis, or compliance

CSAS is available as a standalone graphical application for security analysts, a command-line edition for automated processing, and a version aimed at software developers that integrates with the Eclipse development environment.

CSAS v1.0 is available now for Microsoft Windows, Apple Mac OS X, and Linux. See more at: https://www.atcorp.com/csas/

The Team

ATCorp's cybersecurity team responsible for CSAS is part of their ATC-NY cyber R&D division based in Ithaca, NY. ATC-NY has worked with a number of private and government agencies including the U.S. Department of Homeland Security, Science and Technology Directorate who helped support the effort to develop CSAS.

About Architecture Technology Corporation

Architecture Technology Corporation (ATCorp) is headquartered in Eden Prairie, MN. Founded in 1981, ATCorp specializes in advanced research and software-intensive solutions for complex problems in Information Security, Cyber Security, Enterprise-Scale Network Computing Architectures, and Next Generation Networking. ATCorp is known for a number of cutting edge products in Cyber Defense, Automatic Mapping (robotics) and Information Pedigree products. ATCorp's customers include firms in the private sector and government. To read more about their products and services visit ATCorp at: https://www.atcorp.com/.

Contact: Press Information
Paul O'Neill, Direct Channel
Voice: (508) 588-4448
Email

SOURCE Architecture Technology Corporation