ForeFuture

Purpose and goal

** Denna text är maskinöversatt ** The project aimed to develop methods and tools that combine attack simulation with intelligence/"threat intelligence", which provides a threat picture specific to a particular company. This aim has been achieved, and the project has resulted both in new research results and increased functionality in products. The ideas have been validated in a study with a company that provides critical infrastructure.

Expected results and effects

** Denna text är maskinöversatt ** The project clearly demonstrated the importance of the proposed cyber-security solutions. Our results open up the way of the design of highly advanced and adaptive defense methodologies. The results from the project aim to open new research areas which could lead to deeper and better understanding of how to maximize the effectiveness of adaptive defense strategies. Other possible paths of research to how to incorporate other modalities of intelligence in cyber defense strategies, to further build and improve the holistic risk view.

Planned approach and implementation

Swedavia were used as the real world case in terms of the analyzed network and target at risk. By specifying a lightweight version of parts of their network setup KTH were able to construct a representation of the network to run simulations against. The network representation together with specifications regarding used software in the network. Made it possible for Recorded future to automatically build a threat map of threat actor capabilities and intent directed towards the specific network. Similarly a threat map for relevant high risk malware is automatically constructed.