Real Time and Continuous Cyber Risk Assessment that helps to bridge the gap between decision makers and operational staff
Context and challenge to answer
In most organisations information security risk assessment has been done in the same way for many years: at discrete points of time, with period checks in a form of audit. In cyberspace this is not enough anymore.
Cyber risk assessment must be continuous and, if possible, performed in near real time. It should use data about events and information coming from tools and solutions such as Security Information and Event Management (SIEM), vulnerability scanners, Intrusion Detection System (IDS) and others, while being able to reason about threats and impacts that apply to particular business and technical context of an organisation.
Description and offered functionality
CERCA solution has several components. Risk models are written in machine executable R language and can be customised for each organisation in a cost-efficient way, by using already existing templates. These risk models are fed into risk assessment engine (RAE) that also received inputs from real time sensors.
CERCA is offering connectors to many off the shelf sensors, so that organisation can reuse existing risk detection and mitigation mechanisms. It can also be integrated with external data sources, such as vulnerability database or threat intelligence sources, currently being developed.
Finally, the impact assessment components is bridging the gap between business oriented decision makers and technical staff, by providing direct link between technical incidents and economic consequences.
Value proposition for Atos
CERCA can be used in several scenario, including the improvement of correlation and detection rules in complex scenarios of event correlation in SIEM (security event and information management) solutions.
Thanks to the automation of risk assessment operations, it reduces cost of human intervention, while improving effectiveness and efficiency of cybersecurity, thanks to continuous and near real time assessments.
Potential use cases
It can be used by security consultants to complement their risk assessments, as well as by the staff of security operation centre (SOC) that needs to assess risks in the near real time.
Finally, it can also be used by business decision makers to understand the economic impact of different cybersecurity mitigation mechanisms or investment choices.
Cyber insurance companies could use it to have up to date overview of cyber risk situation in a specific business and technical context of an organisation.
In the future we plan to include more risk model templates, such as financial sector template. In addition, we are working on automated deployment which would simplify need to install and integrate different sensors. This also makes CERCA competitive when it comes to price, as there is less need for specific expertise in deployment and integration phase.