Trust.Kovrr
Monte Carlo Cyber Event Simulation
Cyber Scenario Bespoke Event Catalog
Kovrr uses a Monte Carlo simulation in which the following year is simulated 10,000 times.
Kovrr's cyber risk quantification simulation engine tests the events in the catalogs against the assets and defenses of the company.
The simulation is based on a Monte Carlo simulation, in which we simulate the following year 25,000 times. The events in the simulation are not necessarily events that happened in the past, most of the simulated events are synthetic events we create in the Bespoke Event Catalog. For every simulated year, we simulate which events have happened. The events simulated in the simulation are taken from the event catalogs, and for that reason, the event distributions of the simulations are similar to the distributions in the catalogs.
The simulation is as a matter of fact one unified simulation between the event catalogs. The events are grouped into annual scenario groups, allowing the platform to test the impact of each event and the likely combinations of events that can hit a company within the same year. Each scenario year will have a number of cyber events occurring, some will have no events, and some will have multiple events.
This is an example of a table that describes a few simulated years. For every simulated year, we simulate which events from the event catalogs have happened, if at all, and calculate a dollar value representing the damage associated with each event in the simulation.
This means that the platform combines the parameters of each event in the catalog with the exposure of the company to that event. This results in the calculation of the types of costs that the business is likely to suffer. Costs are modeled in a number of granular categories and rolled up into high-level ‘coverages’ (BI, extortion, liability, etc.). It is common for an event to have several impacts, for example, a double extortion event may involve the exfiltration of data, an availability disruption, and an extortion payment.
The simulated events are simulated on the cyber-sphere level. This means that the different events are simulated to the asset group level, including the asset group from which the attack started, and the asset groups that the attack propagated to. In the figure below, there is an example of an event from the simulation on a demo company. In this example, the attack initiated in the ‘Headquarters’ employee endpoint asset group and propagated all the way to the Infrastructure ‘Data Center 2’ asset group.