11-15 May 2020: Haruspex

1) Who are your main users?

We can serve companies from any industry. Up to now, our commercial effort in Italy has been mostly on ICT/OT infrastructure in the manufacturing and utilities working in power production and power and gas distribution. We also have customers in those sectors of the Public Administration handling critical and sensible data. Furthermore, some of these customers are among the main suppliers of the Ministry of Defense and the Italian Navy. The security requirements of these customers cannot be satisfied by traditional solutions such as penetration tests, vulnerability scannings or breach and attack simulation tools, but just through our innovative predictive digital twin solution, which enables what-if analyses and security-by-design approach. Our solution is also NIS and GDPR compliant.
We deal with some of the biggest players in Italy, and we're now approaching on the European arena. Our solution typically works side-by-side with SOC operators.

2) What cybersecurity/privacy challenges do your solutions address?

The Haruspex platform merges digital twins and adversary emulation to proactively assess and manage cyber risk by predicting and remediating attacks before they are implemented by some threat agents. The infrastructure twin is focused on the vulnerabilities of each system components and the attacks they enable. Hence, it describes the hardware and software modules, their vulnerabilities, and the attacks. An agent twin describes its attack surface, its goals, the strategies it applies to selects attacks and handles their failures. Intelligent attackers and worms can be emulated. Several predefined strategies are available and further ones may be added. The platform uses the twins -without disturbing the infrastructure- to emulate the threats and predicts how they will attack the infrastructure and how the infrastructure will react. Hundred of thousands of adversary emulations results in accurate predictions of the attack paths each attacker will exploit with a coverage of stochastic factors such as attack success or failure and time to fatal breach. Millions of adversary emulations are run for customers with highly security requirements. The platform dramatically reduces the number of countermeasures to deploy to neutralize cyber risk by prioritizing those that stop more than one attacker. On-the-field results confirm the platform effectiveness.

3) How do your solutions improve the lives of your users?

Our solutions improve the lives of the owners and the stakeholders and of those that have to manage the infrastructure and the attacks against it.
Our solutions make the lives easier of the owner of the infrastructure because Haruspex assessments neutralize cyber risk and simultaneously minimize the investment in the countermeasures to deploy. Owners have expressed their preference for proactive solution several times in the past and now we can offer such solutions already operational at customers. We also improve the life of people working in a SOC team because our solutions define the minimum set of countermeasures to be applied to neutralize the risk. This strongly reduces the burden of real-time intrusion detection and response. A highly-appreciated feature is the continuous assessment, and the real-time module, powered by an AI engine. The solution is also able to discover and neutralize 0-day usage.
Furthermore, the information our platforms return minimizes the number of false positive alarms. Hence, people working in a SOC can focus on a small number of real attacks without investing their time in discovering real attacks.