Simulation Report

This briefly explains all the report components from the simulations in securiCAD Enterprise.

Report overview

The Report overview shows you a high-level view of your risk posture and highlights from the report. The first section gives you a short summary of the sections below in the report.

  • Total risk exposure: total amount of risk for all the high value assets combined
  • Highest risk exposure: the high value asset with the highest risk.
  • High value assets: the number of high value assets that are reachable by the attacker.
  • Lowest time to compromise: the high value asset with lowest Time-To-Compromise

High value assets

The high value assets table is an overview and status of your selected high value assets. You can select a specific high value asset to get more detailed results for that specific asset.

  • ID column: refers to the object’s ID in the model (IDs are assigned automatically).
  • Name: is the name of the high value asset
  • Attack step: is the specific attack step we have assigned as the target for the attacker.
  • Consequence: is the user defined impact value for that particular attack step.
  • Probability: is the total success rate for the attacker reaching the specific Attack step
  • TTC: is the amount of effort required for the attacker to succeed in more than 50% of the attacks.
  • Risk: is the probability multiplied with the consequence.
  • Critical path: opens the critical path for that particular high value asset and visualizes how the attacker succeeded with the attack.

Critical attack paths

The critical paths show the different attack steps an attacker (red node to the left) is expected to use to reach the high value asset (blue node to the right).
The first path we see is the most likely attack path. Every node is an attack step and the arrows in between them shows in what order they are reached. Multiple paths to the same node indicate that the attacker has to reach multiple attack steps to be able to succeed with the next one or that there are multiple equal paths available.

In the top toolbar there is an option to increase the Detail level to show additional alternate paths. These additional paths are other possible paths that the attacker succeeds with but requires more effort and are therefore less likely.

Chokepoints

Chokepoints are assets where successful attacks on high valued assets converges in the model. On the right are your high value assets and on the left is the attacker. All assets in between are assets in the model which appears in a majority of the critical paths.
The width of chokepoints indicates how much risk the chokepoints contributes with. You can click on chokepoints or high value assets to filter the critical path visualization.

Risk overview

The Total Risk value denotes the sum of the total expected risk of all assets with consequences set on them. It is calculated by taking the user defined consequence of all attack steps multiplied by its respective probability of an attacker reaching that attack step. The gauge shows the current risk in proportion to the sum of all user defined consequences.

Confidentiality Risk denotes the total percentage of expected loss of confidentiality on all assets with consequences set on them. The value is calculated by summarizing the probability of success of an attacker reaching attack steps that affects confidentiality.

Integrity Risk denotes the total percentage of expected loss of integrity on all assets with consequences set on them. The value is calculated by summarizing the probability of success of an attacker reaching attack steps that affects integrity.

Availability Risk denotes the total percentage of expected loss of availability on all assets with consequences set on them. The value is calculated by summarizing the probability of success of an attacker reaching attack steps that affects availability.

The Risk Matrix is a matrix that is used during risk assessment to define the various levels of risk of attacks. On the vertical axis, we have the probability for the attack to succeed within a given number of days. On the horizontal axis, we have the consequence estimates between 0 and 10.

Threat summary

The Threat Summary is a summary of threats and actions performed by the attacker to reach the high value assets during the simulation.

Threat Description

General description of the threat or action performed.

Mitigation Information

Information about potential mitigations that can be applied to reduce or prevent the threat. Some threats will not have applicable mitigations as they are natural consequences of other threats or legitimate actions.

MITRE ATT&CK & STRIDE

Threats and actions performed by the attacker are mapped to taxonomies and frameworks such as STRIDE and MITRE ATT&CK where its applicable.

Threat Trace

Shows the trace information to the current threat. Trace data comes in two forms: cause and effect.
For example, a permission, policy or firewall rule might be the cause of an threat and the ability to perform an action could be an effect of the threat.

Applicable Security Controls

A list security controls you can apply in order to prevent the threat. This is not applicable to all threats.

Affected High Value Assets

Shows which high value assets that are affected by this particular threats. Click on the high value assets to show the Critical Paths to those specific high value assets.

Suggested mitigations

securiCAD will automatically suggest mitigations given high value assets in the model. These suggestions are based on how much impact they will have on the risk of high value assets in the model and are ordered accordingly. Suggestions include e.g. "Train Your Users to be Security Aware" with one or more reference to the affected users.

Missing security controls

Missing security controls is similar to suggested mitigations but includes mitigations that cannot be directly applied as they include adding objects to the model.


What’s Next