What is Haruspex?

Haruspex s.r.l. is an innovation high-tech company that works in a very advanced and critical area of the cyber security. It has developed an innovative suite of integrated software modules that predicts, assesses and manages the cyber risk in existing systems even at design time. Haruspex replaces Fear, Uncertainty and Doubt with big-data techniques to predict attackers behaviour against the ICT infrastructure targets, to assess the resulting risk, and to select the optimal set of countermeasures in order to minimize or even eliminate the cyber risk.


The suite is based upon a model-based method that evaluates and manages the risk in customer selected scenarios. The suite does not collect historical cyber risk data, it produces it by using the models of infrastructure and the model of the attackers.


The suite returns the optimal set of countermeasures, in terms of cost-efficiency, to minimize the risk of your system. This lowers the security investment and can handle vulnerabilities where no countermeasures are known.


Models enable the suite to assess your system before it actually deployed or attacked. In particular, Haruspex allows you to conduct 'what-if' analyses even before to buy components for your system. This definitively minimizes your investments and save your money.

Haruspex, Monte-Carlo simulations and models

The Haruspex cyber risk assessment and management process can be divided in four steps
- Automatical building the model of the ICT infrastructure with the system component, their vulnerabilities and the corresponding attack
- With a user-friendly interface, it automatically builds the model of attackers to define their targets and their behaviours
– It runs the infrastructure model and those of the attackers through several Monte-Carlo simulations to build predictive data
– It uses the data to improve the infrastructure robustness by selecting the best set of countermeasures to deploy in terms of cost/effectiveness

An important property of this suite is that it replaces historical data that is usually used to evaluate risk with predictive data produced from the models of the system and of the attackers. This implies that the risk can be assessed and managed before deploying the system. In this way, you can adopt a proactive approach where the risk is assessed as a step of the system design rather than after a successful intrusion.