About CTAaaS and the Spreadsheet Client
Today’s cybersecurity risk assessment processes, all too often, attempt to produce a measure of a system’s cyber risk posture, but this suffers from one critical flaw: the processes are essentially conducted independent of the body of knowledge of real-world cyber threat actors and the attack techniques they employ.
It is the knowledge of real-world CTI that helps assessors answer basic, yet key risk assessment questions including the following:
- What is the likelihood that the assessed system will being targeted by cyber threat actors?
- What is(are) a cyber threat actor’s likely intent(s) with regards to attacking the assessed system?
- Which attack techniques are likely to be initiated against the assessed system?
- Which attack techniques are likely to succeed against the assessed system?
- Following the successful employment of one technique, what would likely be the next technique initiated against the assessed system?
Risk assessments that are unable to address the above basic questions will simply produce severely flawed results that cannot be trusted because they are not threat informed.
CTAaaS was built to address this problem. The tool performs cybersecurity risk assessments of a given system and includes the body of CTI knowledge in its risk assessment process by leveraging the MITRE Adversary Tactics, Techniques, & Common Knowledge (ATT&CK) database. MITRE ATT&CK essentially chronicles the tactics, techniques, and procedures of real-world cyber threat actors and condenses that information into a standardized listings of adversary groups and adversary tactics/techniques. CTAaaS then uses the guidance in NIST SP 800-30R1 “Guide For Conducting Risk Assessments” to apply that CTI information and ultimately produce a measurement of a given system’s cyber risk posture that is threat informed!