New software tool lifts the lid on organisational cyber vulnerability

Bristol, UK – Riskaware Ltd today announced the launch of RA-CYBER – a desktop software toolset designed to provide cyber-situational awareness, by analysing the cyber-vulnerability of organisations’ business processes and exposing the key issues in a highly visual form. 

Figure 1 – A simple RA-CYBER enterprise dependency graph, showing the potential disruption paths

Market surveys indicate that few UK companies and public organisations outside the top tier have a good understanding of the risks associated with cyber-attacks and cyber-crime. Furthermore, even fewer have a clear understanding of their own reliance on cyberspace and how the vulnerabilities they may have could affect their business processes and continuity. This message was reinforced by recent events, in particular by the serious impact of the WannaCry ransomware attacks across the world. Typically, if there is any corporate understanding of these issues, it is localised to a few individuals and does not ascend to board level. Hence, Riskaware saw a pressing need for tools and algorithms that can evaluate the real vulnerabilities of an organisation’s cyber infrastructure and place these in a business context.

Riskaware technical director Dr Martyn Bull commented: “Organisational cyber vulnerability is a whole can of worms. Many organisations cannot tell you exactly what software they are running where, but even after you get to that level, you still need to understand what vulnerabilities each piece of software has and exactly how each application or data asset is important to the enterprise as a whole. It’s a very complex question. RA-CYBER adopts a holistic model-based approach to help provide the answers.”

RA- CYBER is designed to enable cyber-vulnerabilities and their potential impact on the organisation to be understood and communicated to key decision makers, allowing appropriate courses of action to be taken to mitigate the risks. Originally based on a prototype developed in response to a MOD Centre for Defence Enterprise (CDE) competition, RA- CYBER has undergone significant internal research and development and has recently been piloted on various real-world assignments.

The process involves understanding the security status of the cyber infrastructure, the likely impact of potential threats on the system and how mitigation actions can improve the resilience. RA-CYBER utilises a combination of powerful automated analysis and visual analytics, allowing users to perform analysis and queries and then visualise the results in ways that maximise information content, without impacting cognition and understanding.

Trials of the tool have shown that the approach can significantly help in identifying vulnerabilities and understanding how important they are, so that they can be fixed.

Figure 2 RA-Cyber display showing an attack path through the network, to affect a critical node

Figure 3 – RA-OSINT interactive tree-map display showing the key vulnerabilities present in each software package

As well as providing specific analysis of how software vulnerabilities could be exploited to cause organisational damage, RA-CYBER also provides a more general overview of the software and operating system portfolio, showing what vulnerabilities are there and how many are present in each application.

A product fact sheet is provided here. For further information contact Dr Robert Gordon – Robert.gordon@riskaware.co.uk