ForeFuture

Viktiga resultat som projektet gav

Projektet syftade till att utveckla metoder och verktyg som kombinerar attacksimulering med underrättelser/"threat intelligence", som tillhandahåller en hotbild som är specifik för ett visst företag. Detta syfte har uppnåtts, och projektet har resulterat både i nya forskningsresultat och utökad funktionalitet i produkter. Idéerna har validerats i en studie med ett företag som tillhandahåller kritisk infrastruktur.

Långsiktiga effekter som förväntas

The project clearly demonstrated the importance of the proposed cyber-security solutions. Our results open up the way of the design of highly advanced and adaptive defense methodologies. The results from the project aim to open new research areas which could lead to deeper and better understanding of how to maximize the effectiveness of adaptive defense strategies. Other possible paths of research to how to incorporate other modalities of intelligence in cyber defense strategies, to further build and improve the holistic risk view.

Upplägg och genomförande

Swedavia were used as the real world case in terms of the analyzed network and target at risk. By specifying a lightweight version of parts of their network setup KTH were able to construct a representation of the network to run simulations against. The network representation together with specifications regarding used softwares in the network. Made it possible for Recorded future to automatically build a threat map of threat actor capabilities and intent directed towards the specific network. Similarly a threat map for relevant high risk malware is automatically constructed.