The holistic view of cyber security, with simulation by design: foreseeti
Among the various challenges facing cybersecurity professionals today, perhaps one of the most practical hurdles to overcome is where to put the scarce resources available to security teams.
Understanding your organization’s true cyber security risk exposure, and getting to grips with the relevance of each different vulnerability to your business are mandatory first steps to being able to allocate resources correctly and with maximum mitigating effect.
As hackers and bad actors become more sophisticated (and even hacking is now available as-a-service, if you know where to look!) a great deal of resources has been ploughed into uncovering specific vulnerabilities of a network.
But each vulnerability has an associated risk on a case-by-case basis. The risk picture can be dramatically altered by how vulnerabilities relate to each other. Risk levels also depend on the service potentially under threat, its prominence in the enterprise, its level of business-criticality and so on. It is very difficult, therefore to get a weighted, strategic overview: an holistic view of risk.
Recently, there have been swathes of technological efforts focussing on listing and prioritizing vulnerabilities: maps which show known exploits against their severity.
At the end of the day, however, security teams are still presented with a long list of vulnerabilities, which doesn’t help give the enterprise a true picture of its particular susceptibility to attack. Creating a strategy is therefore highly problematic: its basis can only be experts’ best-guesses, with limited true insight.
A Swedish cyber risk management company, foreseeti, has combined its knowledge of quantitative methods with artificial intelligence technologies to assess companies’ holistic risk exposure to cyber threats.
Its years of research and industry knowledge provide a system of cyber-attack simulations to holistic vulnerability assessment, so companies can see the true picture of both their technical and structural vulnerabilities. Looking at risk exposure specific to the organization gives far superior results to simply attempting to patch isolated security flaws – the approach one might consider “traditional.”
foreseeti helps companies identify the specific combinations of vulnerabilities which attackers might use to reach high-value network assets & services, and then quantifies each instance of potential breach.
Decisions on how and where to distribute teams’ limited resources, therefore, can be data-driven and value-based, rather than allocation of resource on a hunch.
Computer-aided design and simulation have revolutionized architecture, engineering, manufacturing, and dozens more industries. Now it’s cybersecurity’s turn: foreseeti’s virtual attack simulation system, securiCAD, allows companies to truly assess risk exposure and therefore work pro-actively, before a breach.
Any mitigation can be tested against its alternatives, with an overview of the holistic risk effect picture giving insight at the design stage of a cyber security policy formulation exercise.
The key here is that assessments take place in a non-intrusive, automated manner with no interruptions to business functions as the possible permutations of security resource allocations are tested en masse in simulation. This meta-view gives a true, data-driven cyber risk assessment on behalf of the individual organization, its specific business model, topology and priorities.
Article by Tech_HQ