Performance summary of cyber detection against executed attack simulations.
This sketch cannot currently be displayed in exports
Hint: You can use the switch in the right top corner to exclude or include archived campaigns from those statistics
Cybersecurity Score (section 1)
This overall score is the average of the scores obtained for all the events in all the campaigns, whatever their status. It measures the detection rate of attack simulations carried out by BlackNoise.
BlackNoise rates each event according to 2 criteria:
The efficiency of the detection: The more effective it is, the higher the score (an "Alerted" event earns more points than a "Logged" event, which itself earns more points than an "Undetected" event). The score is also higher if it concerns a High severity event than a Low severity event, supporting the need to detect the most characteristic malicious actions.
The more information there is on the context of the detection, the higher the score
The complete score calculation formula is indicated in the legend of the graph by clicking on the "i" information button.
Cybersecurity Risks (section 2)
The previous overall score is distributed according to 4 types of risks.
A campaign can only be associated with a maximum of one type of risk
Some campaigns may not be associated with a risk, the events of these campaigns are then not taken into account in this graph.
Each risk score corresponds to the average of the scores for events executed in campaigns associated with the risk in question. Only completed campaigns (Calibrated or Archived status) are taken into account when calculating these risks.
4 types of risks are currently available on the application:
Insider threat
The Threat risk involves internal individuals, such as employees, contractors, or partners, who leverage their legitimate access to carry out malicious activities within the network. It also encompasses attackers who have infiltrated the internal network from the outside (for example, by taking control of a workstation via a phishing attack), even without advanced technical skills. An insider may use their access to conduct malicious activities originating from the organization’s internal network, including data deletion or modification, altering system configurations, disrupting services, or even distributing malware within the network.
External attack
The risk of external attack involves threats from entities located outside the organization’s network, seeking to exploit vulnerabilities to gain access to internal systems. Attackers initially aim to map the external attack surface by collecting technical information related to the IT infrastructure or retrieving publicly available data from reconnaissance services in the cloud. They then try to access the exposed services or applications by guessing login and password or by exploiting known security vulnerabilities to infiltrate the internal network.
Espionage and destruction
Espionage and destruction risks most frequently involve sophisticated attack techniques known as APTs (Advanced Persistent Threats). These attacks are typically targeted and orchestrated by experienced cybercriminal groups, sometimes funded or supported by states. They are often carried out over the long term, with initial phases focusing on discreetly performing preparatory actions (gaining access, reconnaissance, spreading within networks) before triggering actions related to the ultimate objective, such as a ransomware extortion demand or sabotage using a wiper. These risks can also encompass supply chain attacks, where cybercriminals deliberately target a less secure supplier or partner to achieve their end goal of more sensitive targets.
Data breach
A data breach risk can result in unauthorized access, theft or leak of sensitive information. Adversaries may employ several techniques; mostly involving data collection and exfiltration. MITRE ATT&CK Tactics such as data exfiltration through command and control (C2C) channels, cloud services, or alternative mechanisms may be used. These techniques can use encrypted or unencrypted protocols. The impact of a data breach extends beyond financial losses, encompassing damage to reputation, legal consequences, and potential regulatory fines.
Score evolution (section 3)
This is the evolution of the score for all completed campaigns (Calibrated or Archived status)
By using the left and right arrows at the bottom of the graph, you can modify the time frame considered for this visualization.
If one or more campaigns are underway, the estimated average score is shown in purple. It considers the events and detection capabilities assessed at the present time, assuming these campaigns would stop at this stage.