The Cauldron Process in One Page

Right click to download

The Cauldron Process v02 RB.png

PCI Requirements

This is an easy to to understand chart that explains the types of compliance required for each size organization by the Payment Card Industry.  It also shows the specific assessments required and their required scheduling. The CyVision logo is indicates where the Cauldron tool automatically allows you to perform the required PCI assessments and does the required remediation, directly from your site.

Submit the form below to obtain the chart. Fields marked with an asterisk are required. Your privacy is guaranteed, all fields are encrypted and your information will never be shared.

Understanding the Cybersecurity Ecosystem

Cybersecurity is an ecosystem – interrelated technologies create vulnerabilities and fail to adequately provide management controls. The existing tool sets deployed in the marketplace are not easily inter-operable. There is no common operating picture.

This three page document explains CyVision's approach to solving the problem of today’s persistent problem –an explosion of specific monitoring tools providing unintended result, too much data with too much surface area to cover, too many silo data sets and too many unknowns: Malware is changing daily if not more frequently; too few qualified cyber professionals, not enough time, and of course, too much at risk. This document explores Cauldron as a solution to these problems.

Submit the form below to obtain the document. Fields marked with an asterisk are required. Your privacy is guaranteed, all fields are encrypted and your information will never be shared.

The Changing
Dynamics of
Cyber Assessments

Article about CyVision's Cauldron from The United States Cybersecurity Magazine, Winter 2017 |


Cybersecurity is a lot like meteorology. For example, hurricane
tracking systems fuse disparate weather data into a common
model that supports situational awareness, decision making
and response planning. A single datum, such as wind speed or
barometric pressure is not sufficient to determine the hurricane’s
path. The model’s accuracy is dependent on the integration of
all available data and the model’s capability to allow dynamic
interaction between different data types. The benefit of such
a model is a more precise calculation of areas impacted by the
hurricane’s passage. We can then predict whether the hurricane
will hit the Gulf of Mexico or the Atlantic Coast and whether
it will make landfall at the tip of Florida or the coast of North
Carolina. Warnings can be issued earlier, and responses begun
earlier, which can save millions of lives.

A similar data fusion is necessary to secure an organization’s
cyberspace. Situational awareness derives from understanding
the endpoints (i.e., temperature in the weather analogy), Access
Control Lists (ACL) (i.e., wind speed) and log files (i.e. precipitation).
When it comes to hurricane tracking, the public expects our
forecasters to provide a single fused visualization. There’s no
reason why, when it comes to cybersecurity, enterprises should
expect anything less from their network defenders.

Submit the form below to obtain the article. Fields marked with an asterisk are required. Your privacy is guaranteed, all fields are encrypted and your information will never be shared.

Small Business Information Security: The Fundamentals

NIST developed this interagency report as a reference guideline about cybersecurity for small businesses. This document is intended to present the fundamentals of a small business information security program in non-technical language.

For some small businesses, the security of their information, systems, and networks might not be their highest priority. However, an information security or cybersecurity incident can be detrimental to their business, customers, employees, business partners, and potentially their community. It is vitally important that each small business understand and manage the risk to inf ormation, systems, and networks that support their business.

DHS Study on Mobile Device Security

The study, which also was supported by the Department of Defense and General Services Administration, presents a series of recommendations to enhance Federal government mobile device security.

Mission-Centric Cyber Situational Awareness with Defense in Depth

Abstract—The cyber situational awareness of an organization determines its effectiveness in responding to attacks.  Mission success is highly dependent on the availability and correct operation of complex computer networks, which are vulnerable to various types of attacks.  Today, situational awareness capabilities are limited in many ways, such as inaccurate and incomplete vulnerability analysis, failure to adapt to evolving networks and attacks, inability to transform raw data into cyber intelligence, and inability for handling uncertainty.  We describe advanced capabilities for mission-centric cyber situational awareness, based on defense in depth, provided by the Cauldron tool.  Cauldron automatically maps all paths of vulnerability through networks, by correlating, aggregating, normalizing, and fusing data from a variety of sources.  It provides sophisticated visualization of attack paths, with automatically generated mitigation recommendations.  Flexible modeling supports multi-step analysis of firewall rules as well as host-to-host vulnerability, with attack vectors inside the network as well as from the outside.  We describe alert correlation based on Caldron attack graphs, along with analysis of mission impact from attacks.

Automation Support for

 Security Control Assessments

NIST releases NIST IR 8011 May 2017 for Automation Support

Cauldron is the only product on the market that covers all the requirements, now, and has been since it's NIST license.

Small Business Cybersecurity Workbook

Homeland Security starts with Hometown Security