Peta AI Project
What is Peta AI?
Peta AI is a research & reconnaissance project designed to showcase how different organizations in terms of cyber security may appear to an external attacker. The name is taken from the number “peta” which is a 1000 Tera or 10^15.
For the purpose of this project we analyzed and chose the largest companies in the world. We based our research on the global 2000 list published by Forbes as well as the Fortune 500; and for each of these organizations, we analyzed what is called the “cyber-attack surface”.
What is an Attack Surface?
Applying the perspective attackers wishing to target a specific organization, we pose questions such as: How would they accomplish it? What kind of information can they find about that organization that is published online, in a Darknet or deep web forum, or in the social media space?
For the purpose of this analysis, we have constructed such an attack surface for each fortune 500 company.
What did we learn?
From our research, a picture emerged depicting companies that are the most vulnerable to cyber-attacks as well as those that are less exposed.
When reviewing our data, we could see which sectors are more prepared for cyber-attacks and which are less so. Moreover, we have also been able to identify which countries have the most trained IT personnel in terms of cyber security with regards to their capability of maintaining resilient and secured servers on the internet.
Why did we do it?
We approached at this methodology from two different directions. The first is by utilizing our threat intelligence capabilities, while the second was derived from our customer’s requirements for red-team exercises. These capabilities and motivations drove us to build a sets of tools and research methodologies that enable us to provide these high-level services.
In addition, we have a top team of researchers that have been building these superb tools and capabilities.
Why are we making this public?
By publicizing these tools and capabilities, we aim to pinpoint companies with a considerable amount of data exposed about them and can easily improve by simply reducing their overall attack surface and internet exposure.
How did we do it?
For the purpose of this exercise, we didn’t do anything intrusive, nor did we scan the companies, or try penetrate their perimeter. All the information displayed, be it Fast, Slow, Small or Dark data, has been carefully collected, dissected, and analyzed using our proprietary tools, techniques, and homegrown capabilities.
Since we did not test this data, we understand that some of it may not be accurate. However, from the high-level of experience we are sharing, we estimate that the results have an accuracy rate of 70-80 percent.
What should companies do next?
We believe that companies that are more exposed, should strive to reduce their level of exposure. We also explain how this can be accomplished.
This research summarizes data from 2016. We will be providing updates and other benchmarks as they progress over time. Meanwhile please feel free to use the tool, information and to ask us to prepare a report for your company.
We will make the same report for any company, we as well as provide the data itself for companies requesting it, or for an approved agent of the company.
Any questions, please contact our team: firstname.lastname@example.org