foreseeti is a developer and vendor of CAD tools for analysing the cyber security of IT systems
foreseeti is the leading developer and vendor of Computer Aided Design (CAD) tools for analysing the cyber security of IT systems at the design stage. foreseeti’s flagship product, securiCAD, enables rapid development of detailed system models from a security perspective. The models capture the security features of system components and the dataflows permitted between them. Automated analysis identifies potential attack paths through the model and highlights the most vulnerable paths. System designers can then optimise security expenditure. Once the design is agreed, the associated model forms part of the system specification and can be used to automate the configuration of virtualised systems.
The power of the securiCAD approach
The securiCAD approach to cyber security design is powerful for several reasons:
Early security analysis. It enables detailed system security analysis early in the system lifecycle, creating the opportunity to design security into the system at the outset.
Meaningful security metrics. The security of the system can be represented in a single, meaningful metric; the expected time for a hypothetical skilled attacker to complete the easiest attack path to the most valued assets. The expected time to complete each of the constituent attack steps is based on structured consultation with many experienced penetration testers.
More precise than a standard. Attack graph analysis can provide a better guide to actual system security than tests for compliance with a security standard because it models the potential actions of an attacker.
foreseeti – company background
foreseeti was founded in 2014 and consists of a dynamic, dedicated team of highly qualified academics, seasoned security experts, experienced business professionals and skilled developers. Our solutions are used by multinational companies in the banking and energy sectors, and our clients value our practical, hands-on approach.
The name ‘foreseeti’ reflects our product’s ability to ‘foresee’ cyber vulnerabilities and the characteristics of the Norse god, Forseti, famed for his ability to resolve difficult disputes.
foreseeti’s product development work is based on solid academic research. Over ten years ago, a group of researchers at one of Sweden’s most prestigious technical universities, the Royal Institute of Technology (KTH), began exploring modelling methods for the non-functional attributes relating to software architecture, system architecture and enterprise architecture for complex IT environments. Their somewhat revolutionary concepts, attracted research support from KTH, EU funding bodies and industry (and they continue to do so). As they refined their methodology, a subgroup began the development of a research prototype, seeking to close the gap between a complex theoretical problem and a simple practical solution. This led to the development of a concept demonstrator, the Cyber Security Modeling Language (1) (CySeMoL).
CySeMoL, and its derivative, the Probabilistic, Predictive CySeMoL (P2CySeMoL) demonstrated the feasibility of:
Identifying vulnerable attack paths with an accuracy comparable to that of experienced penetration testers (2).
Making predictions of the time for a skilled attacker to compromise a set of IT systems which correlate with the mean time actually taken (3).
Recognising the enormous potential and practical values of the methodologies the group were using, industry partners encouraged the formation of an independent company to develop a commercial product and complementary offerings. From this user demand foreseeti was born and has not stopped growing! It has already received awards as one of Sweden’s most promising technical start-up companies (4).
Support throughout the system lifecycle
Although CAD models might add most value at the design stage, once built they can remain useful throughout the system life. The security metrics derived from the model can be set as benchmarks for maintaining a given level of security. These provide a more flexible requirement than compliance with a security standard. For example, the analysis of attack paths will recognise that patching software matters more on some devices than others, so patching regimes can be tailored to actual security needs.
As the system is implemented, further system details emerge and can be added to the model. As it enters system testing, the correctness of the model can be validated against the implementation. Security aspects of the system that cannot be fully modelled can be included as annotations to the model. The model can then be used to help security managers understand the system and to evidence compliance with security standards.
Modelling existing IT systems
securiCAD can automatically create models from imported data in a known format. This is valuable for modelling existing systems. Data may be available from vulnerability scanners, network traffic or, in the case of virtualised systems, from configuration files. In general, models generated in this way will require some details added by ‘hand’ as not all data is likely to be captured from tools designed for other purposes.
foreseeti continues to collaborate closely with KTH research staff. The two organisations are collocated and some key staff are members of both. Ideas from the KTH research staff that are successfully tested are generally incorporated into securiCAD by foreseeti. The capabilities of securiCAD will advance for the foreseeable future, bringing ever more accurate models which are easier to build, scale to model larger IT systems, have better visualisation tools and make faster attack path calculations.
In conjunction with Applied Security GmbH (apsec), foreseeti already has work funded by the European Commission to further the adoption of a CAD based approach to cyber security. (5) apsec ranks among the top 15 enterprises focusing on IT security in Germany. The partnership of securiCAD and a leading cyber security consultancy service aims to combine the best of man and machine cyber analysis.
foreseeti welcomes expressions of interest in partnering from other consultancies, service providers or training organisations.