Insights

Energy Sector Analysis Process

Energy Sector Analysis Process Energy Sector Analysis Process The Purdue aspect of Threat Modeling and Attack Simulations. Considering a SCADA environment, based on the IEC62443/ICS410/Purdue architecture, we both want to take the conformity with the intended structure and the weakest paths from the origin of an attack to the high-value assets into account. This can …

Energy Sector Analysis Process Read More »

Where Is The Trust Boundary?

Where Is The Trust Boundary? Threat modeling is becoming more and more common for both application development and system analysis. However, most threat modeling approaches remain to be highly manual. Meaning, you must figure out what the system you are analyzing looks like and what types of threats that need mitigation. For smaller applications under …

Where Is The Trust Boundary? Read More »

MAL

Meta Attack Language (MAL) As a means to develop our business we like to think about and prototype new ideas on how to improve and extend threat modeling, attack simulations and securiCAD. This happens down in the Foreseeti mine where our engineers are most happy. We have different shafts with different topics open. This blog …

MAL Read More »

Reverse Attack Simulations

Reverse Attack Simulations As a means to develop our business we like to think about and prototype new ideas on how to improve and extend threat modeling, attack simulations and securiCAD. This happens down in the Foreseeti mine where our engineers are most happy. We have different shafts with different topics open. This blog series …

Reverse Attack Simulations Read More »

The Missing Piece in DevSecOps

Introduction and Summary While DevSecOps offers great potentials, it is also a challenge in practice for many CISOs and DevOps teams. To make DevSecOps practically viable, automated tooling has a key role. Today, companies typically leverage several automated tools. However, they are to a large extent separate silos that identify separate lists – most often long lists – of risks and vulnerabilities. This creates complexities, inefficiencies, costs, and risks, and do often slow down DevOps organizations.    Share on facebook Facebook Share on twitter Twitter A key capability …

The Missing Piece in DevSecOps Read More »

Threat Emulation

The mine shaft blogs – Threat Emulation As a means to develop our business we like to think about and prototype new ideas on how to improve and extend threat modeling, attack simulations and securiCAD. This happens down in the Foreseeti mine where our engineers are most happy. We have different shafts with different topics …

Threat Emulation Read More »

Threat Modeling

Threat modeling Threat Modeling is a practice to proactively analyze the cyber security posture of a system or system of systems. It can be argued that Threat Modeling, when done well, can be the most effective way of managing and improving your cyber security posture.   What is threat modeling?   What are the business values?   Who …

Threat Modeling Read More »

SCADA Reference Architecture​

SCADA Reference Architecture In essence, a SCADA (Supervisory Control And Data Acquisition) solution is a set of systems for controlling distributed physical equipment. Operators control and monitor the physical processes via the centralized system which in turn is communicating with more local systems until the physical equipment is reached. Share on facebook Facebook Share on …

SCADA Reference Architecture​ Read More »

Capability PROFESSIONAL VANGUARD ENTERPRISE
Automated model generation

SDK/APIs

Manual model creation & editing

Attack Simulations

Risk levels, Attack Paths & Chokepoints

Threat Summary & Suggested Mitigations

Multiple attack scenarios & comparisons

Advanced Analysis, Reporting & Progress tracking

Multiple projects and models

Multiple Environments (On-prem, cloud, custom)

Multi-user collaboration

Capability VANGUARD ENTERPRISE
Automated model generation

SDK/APIs

Manual model creation & editing

Attack Simulations

Risk levels, Attack Paths & Chokepoints

Threat Summary & Suggested Mitigations

Multiple attack scenarios & comparisons

Advanced Analysis, Reporting & Progress tracking

Multiple projects and models

Multiple Environments (On-prem, cloud, custom)

Multi-user collaboration

WEBINAR NOVEMBER 19TH 17:00-18:30 CET

Automate Cyber Security in Cloud and DevOps Environments

We warmly welcome You to this webinar where our experts present leading security trends in using open-source software, hacker-powered knowledge, and attack simulations – automated in your pipelines!

detectify_outlined_logo_RBG
cropped-Debricked_LogoTransparentwhite (1)