Our products > Cybersecurity >ConfigAssure: Accurate, Secure Designs that Minimize the Cyberattack Surface

ConfigAssure™: Efficiently Configure Systems for Built-in Cyber Resilience

Accurate, secure designs for networks, infrastructure, and industrial control systems that minimize the cyberattack surface

Complex systems, including computer and communications networks, industrial control systems, military platforms, and critical infrastructure, are comprised of large numbers of components. These components have many configuration variables whose settings define logical interconnections and determine system behavior.

This configuration space offers an immense attack surface, which is vulnerable to intrusion, malware, and other cyberthreats. Hackers have successfully exploited configuration vulnerabilities and errors – such as incorrect enablement of privileges or erroneous file access – in many of the most disruptive, extensive, and costly outages and attacks. Our ConfigAssure™ solution efficiently generates configurations, which not only achieve full compliance with requirements, but also minimize the configuration attack surface to build in cyber resilience. 

Jump to

​How it works
Features
​​Advantages
Resources
Research, services and products of interest
​Request more information

Anchor Element

Copy for linking on the same page:

https://www.peratonlabs.com/?data-scroll-to-anchor=HowItWorks

Copy for linking from an external page:

https://www.peratonlabs.com/?data-anchor-link=HowItWorks

---

How it works

Correctly configuring complex cyber infrastructure is notoriously difficult, as it requires setting values for thousands of configuration variables to simultaneously meet hundreds of functional and performance. Even modest-sized systems will have more possible configurations than stars in the universe
​
ConfigAssure formulates the problem of attack surface minimization while preserving functionality as a constrained optimization – that is, optimize (minimize) the configuration attack surface, subject to (a large set of) functional, operational, security, and performance constraints. ConfigAssure applies simulation, machine learning, and our innovative constrained optimization engine to quickly produce compliant, secure configurations and  designs.

​

Anchor Element

Copy for linking on the same page:

https://www.peratonlabs.com?data-scroll-to-anchor=features

Copy for linking from an external page:

https://www.peratonlabs.com?data-anchor-link=features

---

Features

• Input to ConfigAssure consists of system requirements, functional models, configuration parameters, and standard operating procedures (SOPs) for system operators.
• ConfigAssure models the attack surface as an objective function of vulnerability scores (e.g., enabled privileges and permissive file accesses).
• In minutes ConfigAssure can determine thousands of configuration settings to minimize the objective function (vulnerability score) while satisfying hundreds of constraints (system requirements).
• ConfigAssure is widely applicable to any complex system, including computer and communications networks, ICS, and other platforms and infrastructure,
• ConfigAssure also provides explanatory information, which helps operators gain understanding to manage the system, and suggestions for modifications to SOPs to reduce configuration vulnerability.​​​

Anchor Element

Copy for linking on the same page:

https://www.peratonlabs.com/?data-scroll-to-anchor=Advantages

Copy for linking from an external page:

https://www.peratonlabs.com/?data-anchor-link=Advantages

---

Advantages

• ​ConfigAssure uses an accessible, mainstream programming language
• No input on threats or adversary behavior is required 
• ConfigAssure provides what-if analyses and helpful explanations to aid users in understanding the design space and its trade-offs. 
• It has been successfully applied to computer systems, satellite networks, and to the design (placement) of power grid sensors.
• ConfigAssure can also be used to repair faulty configurations and to help systems reconfigure in order to recover from attacks.

---

Anchor Element

Copy for linking on the same page:

https://www.peratonlabs.com/?data-scroll-to-anchor=links

Copy for linking from an external page:

https://www.peratonlabs.com/?data-anchor-link=links

---

Research, services and products of interest

Research

• Cybersecurity research: innovations to protect mission-critical networks, services, systems and infrastructure 

Services

• Industrial Control Systems and IoT Security: solutions to protect ICS, low-power WANs, IoT and SCADA systems for energy, utilities and smart cities
  
• Network migration and modernization​: design and implement hybrid / private / public infrastructure for security, affordability, resilience and ease of operation

Products

• Cyber Virtual Assured Network (CyberVAN™): high-fidelity network environment for cyber experimentation, operational planning, validation and training
  
• Distributed, Assured, and Dynamic Configuration (DADC™): efficient, secure, and accurate design for cyber infrastructure, cloud and cyber physical systems.

Anchor Element

Copy for linking on the same page:

https://www.peratonlabs.com?data-scroll-to-anchor=requestinfo

Copy for linking from an external page:

https://www.peratonlabs.com?data-anchor-link=requestinfo

---

Request more information