Managing Cyber Security Vulnerabilities in Large Networks

Document Type


Publication Date



Networks and computers often hold a company's most precious and costly commodities - its intellectual properties and proprietary data. If the network and computer vulnerabilities of any large network - such as the Lucent Technologies intranet - are not identified and mitigated, they could enable an intruder to seriously compromise the security of a company's network, computers, and data. Given the voluminous nodes and hosts in Lucent's intranet, it is not operationally feasible to scan the entire network to search for vulnerabilities. In this paper, we describe a methodology for statistical sampling and analysis, combined with a network and host security discipline for developing Lucent's cyber security profile in an effective, efficient manner. We have also developed a methodology for correlating vulnerabilities in and among the network and operating systems. We found the distribution of high-risk vulnerabilities to be very concentrated. Through root cause analyses, we developed a focused plan for mitigating vulnerabilities effectively and efficiently. These patent-pending methodologies will enable cyber security management in a large networked environment and, if properly deployed, will be to network security what quality control charts are to manufacturing processes.

Publication Title

Bell Labs Technical Journal

First Page Number


Last Page Number




This document is currently not available here.