About Cyber SENTRI

Today’s cybersecurity risk assessment processes, all too often, attempt to measure a system’s cyber risk posture without leveraging real-world cyber threat intelligence (CTI)

 

However, it is only by gathering and applying knowledge of CTI that assessors can begin to be able to answer basic, yet fundamental, questions such as: 

      • What are the vulnerabilities that are exposing the system to the most risk and what are the highest priority actions I can take to drive down that system’s risk posture in the most efficient way? 
      • Which are the specific cyber attack techniques the system is most risk exposed to and what are the highest priority actions I can take to either reduce the likelihood of those attack techniques succeeding and/or increase the likelihood that employment of such a technique will be detected?
      • And how risk exposed is my system to world’s most prominent real-world cyber attackers and of those groups, specifically which is my system most risk exposed to? 
      • And, over time, has the system’s cyber risk’s posture with respect to the body of knowledge

 

The problem is that most organizations not only don’t have a means of gathering a comprehensive collection of real-world CTI, but even if they did, they don’t have the risk assessment processes and procedures that could leverage that data.  And so these organizations end up employing cyber risk assessment methods  that are based on nothing more than assessor intuition and opinions.  

Introducing – Cyber SENTRI

Cyber SENTRI was built to address this problem.  The tool is built to leverage the world’s most prominent and comprehensive collection of normalized CTI – MITRE’s Adversary Tactics, Techniques, & Common Knowledge (ATT&CK) knowledge source.  MITRE ATT&CK essentially provides to the world a massive collection of normalized CTI based on the everflowing “stream” of open-source CTI, that is posted on the Internet each day.  The ATT&CK team’s researchers acquire and analyze CTI reports in order to track and document the tactics, techniques, and procedures employed by real-world cyber threat actors observed “in the wild.”  Then they normalize and condenses that information into a standardized catalogue of adversary groups and the tactics & techniques those groups employ .  Cyber SENTRI draws upon this treasure trove of CTI and implements key guidance contained in NIST SP 800-30R1 “Guide For Conducting Risk Assessments.” As a result, the cyber risk assessment methodology that Cyber SENTRI performs is not based on assessor intuition but instead based on the observations of real-world cyber adversaries employing real-world cyber attack techniques