Abstract: A method that may include receiving network information indicative of (a) network elements that comprise edge network element, (b) connectivity between the network elements, and (c) connectivity of edge network elements to one or more other networks; and generating a visual representation of the network, the visual representation comprises multiple layers, each layer comprises one or more of the network elements of the network, wherein different layers are associated with different importance values; wherein the visual representation is associated with selection metadata for selecting which part out of multiple parts of the visual representation to display, wherein each part comprises at least a part of a single layer the multiple layers.

Abstract: A method that may include receiving network information indicative of (a) network elements that comprise edge network element, (b) connectivity between the network elements, and (c) connectivity of edge network elements to one or more other networks; and generating a visual representation of the network, the visual representation comprises multiple layers, each layer comprises one or more of the network elements of the network, wherein different layers are associated with different importance values; wherein the visual representation is associated with selection metadata for selecting which part out of multiple parts of the visual representation to display, wherein each part comprises at least a part of a single layer the multiple layers.

Abstract: A method for automatically translating a banner information, the method may include receiving by a computer the banner information, wherein the banner information is included in at least one banner and describes an identity of a software product; and translating by the computer the banner information into a unique software product identifier using a content of knowledgebase that comprises an attributes schema and translation rules; wherein each software product is associated with a single unique software product identifier; wherein the unique software product identifier comprises a structured set of attributes; wherein at least one translation rule is a pattern based translation rule; wherein the attributes schema specifies a set of allowable attributes and of allowable values of the attributes.

Abstract: A method for simulation aided security event management, the method comprises: generating attack simulation information that comprises multiple simulation data items of at least one data item type out of vulnerability instances data items, attack step data items and attack simulation scope data items; wherein the generating of attack simulation information is responsive to a network model, at least one attack starting point and attack action information; identifying security events in response to a correlation between simulation data items and event data; and prioritizing identified security events.

Abstract: A method for evaluating a deployment of a network access change request, the method includes: (a) formatting a network access change request to provide a formatted network access change request; wherein the formatted network access change request includes multiple formatted request items; wherein the multiple formatted request items includes a requested access type, an address of an access source, an address of an access destination; (b) determining multiple relationships between the multiple formatted request items and corresponding items of at least one entity out of a network model and a current network policy; and (c) responding to the network access change request in response to the multiple determined relationships.

Abstract: A method, system and computer program product for evaluating an IDP entity, the method includes evaluating an effect of at least one IDP rule applied by the IDP entity on legitimate traffic, based upon a network model; evaluating an effect of at least one IDP rule applied by the IDP entity based upon a network model and an attack model; determining an effectiveness of the IDP entity in response to the evaluated effects.

Abstract: A method for evaluating potential attacks of worms, the method includes: associating, in response to information representative of a network and of worm entities, between worm entities and potential worm sources to provide associated worm sources; determining potential worm attacks that start from the associated worm sources; and evaluating at least one potential worm attack security metric associated with the potential worm attacks.

Abstract: A method for evaluating a deployment of a network access change request, the method includes: (a) formatting a network access change request to provide a formatted network access change request; wherein the formatted network access change request includes multiple formatted request items; wherein the multiple formatted request items includes a requested access type, an address of an access source, an address of an access destination; (b) determining multiple relationships between the multiple formatted request items and corresponding items of at least one entity out of a network model and a current network policy; and (c) responding to the network access change request in response to the multiple determined relationships.

Abstract: A method for evaluating a deployment of a network access change request, the method includes: (a) formatting a network access change request to provide a formatted network access change request; wherein the formatted network access change request includes multiple formatted request items; wherein the multiple formatted request items includes a requested access type, an address of an access source, an address of an access destination; (b) determining multiple relationships between the multiple formatted request items and corresponding items of at least one entity out of a network model and a current network policy; and (c) responding to the network access change request in response to the multiple determined relationships.

Abstract: A method, system and computer program product for evaluating an IDP entity, the method includes evaluating an effect of at least one IDP rule applied by the IDP entity on legitimate traffic, based upon a network model; evaluating an effect of at least one IDP rule applied by the IDP entity based upon a network model and an attack model; determining an effectiveness of the IDP entity in response to the evaluated effects.

Abstract: A method, system and computer program product for evaluating an IDP entity, the method includes evaluating an effect of at least one IDP rule applied by the IDP entity on legitimate traffic, based upon a network model; evaluating an effect of at least one IDP rule applied by the IDP entity based upon a network model and an attack model; determining an effectiveness of the IDP entity in response to the evaluated effects.

Abstract: The present invention provides systems and methods for risk detection and analysis in a computer network. Computerized, automated systems and methods can be provided. Raw vulnerability information and network information can be utilized in determining actual vulnerability information associated with network nodes. Methods are provided in which computer networks are modeled, and the models utilized in performing attack simulations and determining risks associated with vulnerabilities. Risks can be evaluated and prioritized, and fix information can be provided.