MIT's Lincoln Laboratory has developed a network mapping tool that enables managers to track likely hacking routes.

The NetSPA for Network Security Planning Architecture tool scans the network architecture, the individual computers it connects and a list of likely vulnerabilities to generate a threat mitigation programme.

"It's a matter of what the attacker can get to and in what order," said Kyle Ingols, a computer scientist working on NetSPA.

"If you spend time patching vulnerabilities the attacker can't get to first, you've left your network exposed longer."

The software also suggests the quickest way effectively to block holes, and ways to configure the network to mitigate the damage from an undetected attack.

"Instead of patching or fixing or blocking 1,000 hosts, we could say there are 10 critical hosts and patch those first," said Ingols.

The tool uses commonly available vulnerability scanners but speeds up the scanning process and adds scans of firewalls and router settings to predict likely hacking routes.