Abstract: A computer system method includes receiving a network topology and associated configuration data, wherein the network topology indicates a host location and a threat location, determining a vulnerability associated with the host location, determining a security exposure for the host location with respect to the threat location from the configuration data, the network topology, and to incomplete configuration data for the host location, determining a first vulnerability certainty for the host location with respect the vulnerability in response to incomplete configuration data, thereafter receiving updated network data selected from a group consisting of: updated configuration data, updated network topology, determining an updated security exposure for the host location with respect to the threat location from the updated network data, and to the incomplete configuration data, and displaying a difference between of the first security exposure and the second security exposure on the display.

Abstract: A method for a computer system includes receiving configuration data from a network device in a network, determining a topology for a portion of the network from the configuration data, wherein the topology indicates a server location and a threat server at a threat server location in the network, determining a vulnerability including vulnerability attributes for the first server location, and when configuration data for the first server location is incomplete, the method includes determining a security exposure of the first server location with respect to the threat server in response to the configuration data, the topology, and to the configuration data associated the host server location, determining a vulnerability certainty for the first server location with respect the vulnerability in response to the configuration data associated the host server location, and outputting a visual representation of the security exposure and the vulnerability certainty on a display.

Abstract: A method for a computer system includes receiving a topology of a network including a server location and a threat server at a threat server location, determining a vulnerability security risk for the server location, determining remediation actions including a first action and a second action in response to the vulnerability, determining updated security risks associated with the server location including an first updated security risk for a first action and a second updated security risk for, and displaying a prioritized list of remediation actions on the display, wherein the first remediation action is prioritized over the second remediation action when the first updated security risk value with respect to the security risk value shows a greater improvement in risk than the second updated security risk value with respect to the security risk value.

Abstract: A method for a computer system including a display includes determining a plurality of security metrics associated with a plurality of servers within a network, displaying a tree map on the display representing at least a portion of the network, wherein the tree map comprises a plurality of shapes associated with servers from the plurality of servers, wherein a size of shapes in the plurality of shapes are determined in response to a first security metric from the plurality of security metric associated with the servers, and wherein an appearance of the shapes are determined in response to a second security metric from the plurality of security metrics associated with the servers.

Abstract: A system and method of testing a computer network recording header information of data packets in a live traffic pattern on the computer network which identifies source and destination addresses for testing of the computer network; modifies the recorded header information by replacing the source and destination addresses of the recorded header information with the source and destination addresses for testing, and re-calculates the checksum for each data packet based upon the source and destination addresses for testing; and transmits a test traffic pattern with the modified header information on the computer network without establishing a live connection with the destination address.