Panacea is developing a Dynamic Risk Management Platform (DRMP) which is designed to protect a complex IT infrastructure by assessing, in a quantitative way, the current level of risk through a multi-dimensional threat analysis and the current business impact. In particular, the DRMP constantly monitors the network topology, which enables the detection of changes, new risks and vulnerabilities. The risk analysis is fed by thousands of dynamically computed potential attack paths, which help identify their impact on the business.
Moreover, the DRMP develops the multi-dimensional attack model, reflecting the role played by human behaviours in the development of a cyber-attack. The model tries to capture how human users access ICT and medical devices, identifying human vulnerabilities that can be exploited to materialise the most common threats in healthcare organisations. The risk computation triggers the definition of technical and non-technical mitigation actions with the aim of reducing the risk level and resulting business impact that the actions may cause. DRMP takes into account ‘human’ vulnerabilities, due to improper behaviour of medical personnel using the assets of the network (i.e. medical devices).
The DRMP adopts a generally different approach from SOAR (Security Orchestration, Automation and Response) solutions, network management systems and vulnerability assessment tools as it focuses on the computation of all possible attack paths from multiple layers (network, access and human) and on the evaluation of their risk. The resulting risk assessment output takes then into consideration different, combined layers and provide a more realistic estimation of the risk.
The tool is designed for: