Integrating risk management techniques into your cyber security strategy is essential for protecting critical assets that support organisational goals. Instead of responding to attacks after they’ve already caused damage to your network, good management of cyber risk requires organisations to take a more proactive stance against future attacks.
How does CyberAware platform support a proactive stance?
Proactive risk management in cyber security involves analysing potential cyber attacks from the attacker’s perspective, performing impact analysis, and taking action to mitigate harmful effects.
Riskaware has developed software APIs and visual analytics that empower organisations to understand and communicate current cyber risk, given analysis of real network vulnerabilities through cyber attack prediction and simulation.
The aim is to help organisations identify how critical assets might be impacted by cyber attacks, and ultimately facilitate the design of cost-effective cyber security controls that reduce cyber risk to acceptable levels.
Riskaware has developed these capabilities for defence and commercial organisations.
How do you reduce cyber risk?
The likelihood and impact of any cyber attack will depend on the type of attack, the target asset, and the sophistication and motive of the attacker. It is therefore necessary to fully evaluate the risks present to your specific cyber landscape before creating a risk management plan or cyber security strategy.
The first step is to identify critical assets that support your goals as an organisation. This may be part of your existing risk management strategy. Traditionally organisations may then perform Vulnerability Analysis (VA) across their networks to identify key cyber vulnerabilities.
This can be effective – but misses the bigger picture. Organisations should also consider the following questions:
- How exploitable are these vulnerabilities in practice given the network topology, cyber threat sophistication and vulnerability technical requirements?
- What future attacks might be expected given an initial threat alert on the network perimeter?
Riskaware’s CyberAware tools aim to help organisations reduce their cyber risk through better situational awareness and automated analysis. This is based on two approaches:
- Predicting likely attacks given network alerts, network characteristics and known attack patterns
- Modelling attack paths from simulated cyber threats to critical assets
This is all underpinned by visual analytics – giving analysts the tools to discover and communicate local and systemic risk to varying stakeholders. Results from analysis can then be used to add evidence for specific remediation strategies, whether that is targeting software patching or network alterations to make lateral movement harder.
Does cyber attack prevention differ between organisations?
Strategic and operational priorities inherently vary between organisations. Whilst this may help inform priorities for safeguarding the Confidentiality, Integrity and Availability (CIA) of key information and services, all three components of information security are potentially significant during a cyber attack. For example:
- Integrity impacts (e.g. modifying records) can be used to plant false flags and distract investigations
- Availability impacts (e.g. denial of service) to force systems to use redundancies
- Confidentiality impacts (e.g. disclosure of sensitive information) to provide intelligence on people and systems
These impacts could all enable attackers to eventually gain access to key systems and realise their intended goal. Furthermore, cyber attackers will often deploy multiple kill chains to improve the likelihood of the desired impact.
Therefore, a global view of the network that considers novel attack chains is required. This could lead to deploying controls, such as patching, in less obvious and potentially more cost-effective areas of the network real estate.
What Cyber Threat Intelligence (CTI) supports the CyberAware Platform?
This is a global knowledge base containing comprehensive data about real-life adversary tactics and techniques that can be used to inform reliable threat models.
Common Attack Pattern Enumeration and Classification (CAPEC) is a publicly available list of attack patterns used by adversaries. An attack pattern describes how attacks are designed, executed and potentially mitigated.
The National Vulnerabilities Database (NVD) contains standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). With this, automatic vulnerability management, security measurement, and compliance can be enabled.