2016 DBIR Attack Surface Analysis

Attack graphs are the engine for the attack surface analysis. If this all looks very confusing and you're not sure where to start, watch this quick six minute tutorial video.

Choose your attack surface based on industry or pattern:

The Error pattern is explicitly not included as it inherently is not based on puposeful action. NAICS Sector 55 is not included for lack of data. For more information on the correct NAICS code for your organization, visit http://www.farsmarterbids.com/reference/naics-list.php

Choose what you are trying to protect:

In the graph to the right, attacks start at the lower right at the "Start" node. They move through actions and attributes until they finally conclude at the "End" node in the upper left. Depending on what worry you select, the graph will change to represent that subset of the data.

There are three options for analysis below:

  • All Actors Analysis: This analysis provides a recommendation on what to do to protect against all the potential bad guys out there. It's like planning to handle all of your breaches. Within the graph it is addressing all shortest paths from any action to any attribute.
  • Likely Actor Analysis: This analysis provides a recommendation on how to deal with the single most likely attacker. It's like planning to handle the single, most likely breach. Within the graph it is addressing the shortest path from start to end. (This is the analysis used in the 2015 PHIDBR and 2016 DBIR.)
  • Compare Mitigations: This will allow choosing two sets of actions/attributes to mitigate and comparing the improvement.
For all analysis, the attack difficulty or improvement is a relative score. While that means there are no absolute values, (like 'dollars' or 'time'), the values can be compared to each other. They can be thought of as the relative degree of difficulty of exploitation, cost of exploitation, or speed of exploitation compared to all other paths.

To learn more about the app, read the associated blog post: A DBIR Attack Graph Web App! or the in-depth blog post about the associated analysis: The DBIR Attack Graph: Redux!.

All Actors Analysis
Likely Actor Analysis
Compare Mitigations

Analysis:

Please click the 'analyze' button to analyze the graph.

Attack Paths:

The bar chart below represents the length of the path for an attacker to get from a certain action to compromise a certain attribute. It may take more than 1 step for them do so, however the actual steps aren’t shown. As described above, the values are all relative with '1' representing the highest degree of difficulty for a single step. Mouse over bars to see the starting action and ending attribute.

Mitigation Rate:

You can also set a mitigation rate. For example, if your patch completion rate is 95%, for a mitigation that requires patching, you would enter "95" to simulate the 95% patch rate. This is a rudimentary implementation, but offers basic control. By default, the mitigation is assumed 100% effective ("100"). Mitigation Rate:
Note: because no path is completely removed, only lengthened, any mitigation rate of less than 100% may run to the maximum 50 iterations. It willt take some time to complete

Analysis:

Please click the 'analyze' button to analyze the graph.

Mitigations:

Paths:

Mitigation Set 1

Analysis

Mitigations
Set 1
Set 2
All Actors, Paths Denied:
All Actors, Improvement:
Likely Actor, Improvement:

Please click the 'analyze' button to compare mitigations using the graph.

Mitigation Set 2

Note: Setting mitigation completion rate, while algorithmically possible, is not currently supported in the UI or webapp for "Compare Mitigations" analysis.