Obviews – dynamic cyber risk assessment

Companies face the increasing number and complexity of cyberattacks. According to BSI cybercrime costs to the economy grew reached $2.000 billion in 2019 ($300 billion in 2014). With constrained time and resources, security teams need to focus their actions on the most important attacks and to regularly assess the security level of their information system. A cyber risk assessment requires to correlate data on the entire IS, vulnerabilities, existing security controls and all potential attacks.

Obviews offers a decision support solution capable of assessing the most likely future attacks and the optimal remediation. These remediations will be classified according to their operational cost and their impact on the system. Embedding an AI engine, our software will be able to adapt and perform real-time security assessment. These analyses will allow to regularly quantify cyber risk and respond to the problems and communication needs of risk managers, financial managers and cyber insurers.

The solutions rely on: Risk assessment methodologies: they are the one defined by National Cybersecurity Authorities like ANSSI in France. They benefit from an important track record; AI engine: this brick allows the software to perform dynamic cyber risk assessment in an evolving environment. It relies on two subdomain: automatic asset discovery with vulnerabilities qualification and expectation propagation algorithms. Software design: the challenge is to develop userfriendly interfaces.

Duration:  2020 – 2021 (16 months)

Funding source (Code): EIT DIGITAL (20636-A2002)

Participant entities: Universidad Politécnica de Madrid, University of Rennes 1, GFT, Pipple

Laboratory/internal web: http://medal.ctb.upm.es/projects/OBVIEWS/

Responsible: Alejandro Rodríguez González

Co-Responsible: Antonio Jesús Díaz Honrubia