FAQ: securiCAD Professional and securiCAD Enterprise

Here are some of the frequently asked questions foreseeti receives regarding securiCAD Professional and securiCAD Enterprise.

The engine and its logic

How do you know it works?

The attack-trees and probabilities are based on decades of published and peer-reviewed research. In addition, foreseeti periodically run “Turing tests” where securiCAD is pitted against a group of professional cyber specialists to compare the results of AI versus humans. So far, the results have been conclusively proven correct.

How do you know the probabilities?

The probabilities for the attacks are based on research. The default probabilities for defenses (i.e. patching levels, firewall rulesets etc.) are based on the foreseeti team’s collective experience but can be adjusted to the actual environment (i.e. inserting actual figures rather than probabilities). If the model is imported from e.g. AWS, this is done automatically.

The probabilities themselves are quite simple and can be viewed and assessed in each attack step and object. They are based on years of research and the validity of each probability can be gauged by an experienced cybersecurity-person up front. The complicated thing in securiCAD is the math that combines all the probabilities into an attack path.

How often do you update the threat/statistical model?

About twice a year. While individual vulnerabilities may change on a daily basis, the types of vulnerabilities do not change much over time (Example: OWASP top ten almost exactly the same today as in 2011).

Why do you not need to know versions of patches/OS etc.?

While individual vulnerabilities may change on a daily basis, the types of vulnerabilities do not change much over time (Example: OWASP top ten exploited vulnerabilities are almost exactly the same today as in 2011).

We are not saying you don’t need to know that generally speaking. It is just that we are working holistic high-level architecture assessments. And given that we don’t want force the user to collect every single detail of every single nut and bolt we work on type level. If you do know your exact patch level, then you can easily assign the aggregated value.

­­­ Do I have to add the attack graph/threat model definition myself?

No, securiCAD will automatically generate and simulate attacks on an attack graph based on your model. To our knowledge, securiCAD is the only software in the world that has this feature.

Importing from existing data sources

Can I create my model automatically by importing data from existing sources?

Yes – if you have the required data sources and trust them. The recommended way of working is to manually create a high-level representation of the environment to be analyzed, and then enrich that environment with existing data sources.

Can securiCAD collect information from our environment?

securiCAD can handle import of many different data sources. For new data sources (e.g. proprietary logs), a parser needs to be constructed to translate the data fields into securiCAD language. This can normally be done within a few working days by foreseeti’s technicians.

What data sources do you support for automatic modeling?

securiCAD Enterprise features a Software Development Kit (SDK)that can be used to parse almost any data source to enrich your model with automatically generated objects. securiCAD Enterprise also features a set of predefined parsers that handles data from e.g., Visio, Nmap and a set of popular vulnerability scanners, firewalls and cloud services.

How long does it take to develop a parser for you/us?

Approximately 1-2 working days depending on the data source.

Is there an API/SDK?

Yes, securiCAD Enterprise features an API for access to data generated by the tool as well as the ability feed securiCAD with data for continuous simulations and reporting. An SDKis available to parse data sources for automatic generation of models.

Can securiCAD collect information from our environment through e.g. locally installed agents?

No, not automatically. You need to collect the data yourself or use available data sources such as vulnerability scanners and firewall configurations, but it can then be imported into securiCAD.

 

Security

Will securiCAD have any effect on our real environment?

No, securiCAD simulates in a virtual environment.

How safe is it to put in confidential/sensitive information into securiCAD?

securiCAD professional is run offline. The security is handled by the client itself.

securiCAD Enterprise is offered as an AWS based cloud service. foreseeti applies high security to its delivery. Details around foreseeti’s security management are available on request.

It is also possible to run all versions of securiCAD on-site in the customers own datacenters without external connections

Can I install securiCAD air-gapped?

Yes