Reports

From Words to Intelligence

Leveraging the Cyber Operation Constraint Principle, Natural Language Understanding, and Association Rules for Cyber Threat Analysis

April 2023

Cyber adversary’s are human being. They use computer network, deploy servers and tools, manage project and risks. They organize. And if they last in time, they become bureaucratized. They need to create, maintain and protect their intellectual property and their human ressources. When a company create a product, it is not for a single order, isn’t it ? Same for attackers.

Intrusion after intrusion, hiring after resigning, cybercriminal groups generates process and procedures. Its members develop preferences and habits. For the most motivated and sophisticated of them, they don’t pick target by chance. They want this specific target. This associated intrusion, targeted, tailored, often requiere more than what’s the attacker groups have in their arsenal.

To fill the gap between what they have and what they need, they will find alternative solution derived from their comfort zone. It is our hypothesis. If verified, it would mean that adversaries’ actions and adaptations, if we could observe them, would create a criminal signature rooted in their organizational structure, their skills and their habits. It is such a prototype that we presented at the Botconf peer-reviewed conference in April 2017. Our full paper has been published in the Journal on Cybercrime and Digital Investigation.

REVAMPING THREAT MODELING

Improving Cyber Risk Management by integrating real-world threat activity into the risk mitigation process

January 2023

Cyber Risk Management is a preventive activity aiming to reduce an organization vulnerability, reduces harms to the system and increase the risk taken by adversaries in their malicious operation. The problem is that threat assessment in risk management is rarely tied to realworld cyber threat that are effectively accurate in relation with the studied object.

In this article, we explore the utility of threat analysis in the context of cyber risk management, conducting a review of various threat modeling methods. Building on this foundation, we then present our contribution to the field: the integration of cyber threat intelligence into the threat modeling and risk management processes.

What you will learn:

State of the Art Threat Modeling Methodologies
What are the four types of Threat Modeling Methodologies?
How to use STIX Open Vocab to improve Persona non Grata?
How to use STIX Open Vocab to improve CVSS scoring?
How to use MITRE ATT&CK to improve Attack Trees and STRIDE?
How to Improve PASTA with STIX Open Vocab, MITRE ATT&CK, MITRE CAPEC and the Cyber Kill Chain?
How to Improve PASTA with STIX Open Vocab, Persona non Grata, MITRE ATT&CK, MITRE CAPEC and the Cyber Kill Chain?

CYBER RESILIENCE GROWTH

A Preventive Cyber Security Strategy Guide for SMB in Singapore September 2022

Many SMEs in Singapore place a strong emphasis on commercial priorities. Growing revenue and guaranteeing a positive cash flow are the two biggest concerns of businesses, followed by reducing costs. While you have to block all incoming strikes, attackers have to succeed ones. Then it is equally important to be shield and to be ready to take the next hit. Cyber Resilience is the path where a successful cyber intrusion have little to no impact.

This Guide offers a step by step approach to turn any SMB into a Cyber Resilient organization. You will gain a deep business-oriented knowledge with cybersecurity principles. If you already have a strategy in place, you will also find useful tips and resources to strengthen your Security Posture.

What you will learn:

How to plan a cybersecurity strategy?
What is the Security Baseline and how to implement it?
How to boost Leadership governance?
How to Budget Cybersecurity investment?
How to comply with Data Privacy & Security requirements?
How to get Government Funding (Singapore only)?
How to make your path to cyber resilience?