Network security analysis must coordinate diverse sources of information to support effective security models. The modeling, process must capture security-relevant information about targets and attackers. By capturing the trust relationships, vulnerabilities, and attacker capabilities, a security analyst can define and characterize complex, multistage attacks. Along with conducting systematic analyses on multistage attacks, the opportunity also exists to facilitate large scale detection and visualization, of security events by embedding modeling and analytical components within a more expansive security framework. We present a formalism and methodology for multistage network attack analysis. Applications to network security management, including a network vulnerability analyzer prototype, are also described.