Security Posture by Example

Scenario 7 - Active Attack, no known material consequences foreseen

One of the corporate subsidiaries of Amalgamated Example Company is a manufacturer of seat belt webbing for the automotive industry, SitTight.Amalgamated.Example.com. The Auto-ISAC delivered STIX objects very similar to those in previous examples. In this scenario, the seat belt subsidiary has a complete and accurate inventory of its devices and complete SBOMs for all those devices. Similar to scenario 6, a device was found with a vulnerable component. Kestrel threat hunting was initiated and in this scenario, intruders were discovered already in the company's administrative systems.

The executive dashboard was updated to "Active Attack, no known material consequences foreseen" since the attack was caught early on and the threat hunting team predicts the attackers can be contained before material damage is done.