EBIOS RM · MITRE ATT&CK® · Monte Carlo Simulation

Three frameworks. One analysis.
Real-time risk insight.

Systems grow more interconnected. Threat actors more sophisticated. Compliance deadlines more pressing. Aurelian Risk Manager combines an EBIOS RM-inspired risk methodology, the MITRE ATT&CK® knowledge base, and event-driven Monte Carlo simulation in a single knowledge graph — turning weeks of manual analysis into hours of structured, AI-assisted workflow.

Request a demo See how it works

Aurelian Risk Manager — Knowledge Graph

Hover over any entity to explore the analysis flow.

EBIOS RM-style methodologyANSSI-inspired

MITRE ATT&CK® integratedEnterprise, ICS, Mobile

Event-driven risk analysisMonte Carlo

ISO 27001 mappingControl reference

Output for NIS2 / DORA reportingAudit-ready format

The challenge

Complexity is outpacing protection

The gap between what organizations need to analyze and what they can assess manually is widening — across systems, threats, and regulatory requirements.

Complexity and fragmentation

Cloud services, supply chains, and hybrid infrastructure multiply the systems that need assessment. At the same time, risk methodology, threat intelligence, and quantification live in separate tools and spreadsheets — context is lost at every handoff.

Escalating threat sophistication

State-sponsored groups, ransomware operators, and supply chain attacks combine known techniques in novel ways. Effective risk analysis requires mapping specific threats to your infrastructure — not applying generic checklists.

Compliance under time pressure

NIS2, DORA, and sector-specific regulations demand documented, repeatable risk analysis. A traditional EBIOS RM cycle takes weeks of expert workshops. Regulatory timelines don't wait.

Aurelian Risk Manager addresses all three.

The efficiency gain

Integrated analysis replaces manual coordination

Aurelian Risk Manager connects what was previously separate: structured risk methodology, threat intelligence, and quantitative assessment operate on a shared knowledge graph. AI agents handle the data collection and mapping — the analyst focuses on decisions.

Weeks→< 1 day

Full EBIOS RM-style analysis cycle

Manual→AI-mapped in real time

MITRE ATT&CK® technique mapping

Fragmented→Single knowledge graph

Risk data across frameworks

How it works

Three steps from context to countermeasure

Import your existing documentation or start from scratch. The platform handles the methodology, the mapping, and the computation — you focus on the decisions that matter.

Define your scope

AI-powered extraction

Upload existing documentation — security policies, architecture diagrams, audit reports. The Document Analysis Agent extracts entities and builds the initial knowledge graph. Or start from scratch with the Interview Agent guiding you through structured dialogue.

Run the analysis

3 frameworks, 1 workflow

Six specialized AI agents guide you through a five-workshop analysis modelled on EBIOS RM. MITRE ATT&CK® techniques are mapped automatically. Kill-chains are built visually. Monte Carlo simulation quantifies each risk. All outputs converge in a single knowledge graph.

Generate deliverables

Audit-ready output

Export reports in an EBIOS RM-style format, quantitative risk assessments, MITRE ATT&CK® coverage dashboards, and prioritized action plans. Every finding is traceable from business value to countermeasure — ready for management review or regulatory audit.

See the full platform

Inside the platform

AI agents and analytical capabilities

Six specialized AI agents operate on a shared knowledge graph. Each handles a specific analytical task — from data collection through threat mapping to report generation. Their outputs are immediately available to all others.

WS 1–3

Interview Agent

Conducts structured data collection through guided dialogue. Identifies business values, supporting assets, and feared events.

WS 2–4

Research Agent

Searches MITRE ATT&CK® for matching techniques, groups, and tactics — delivering real-time threat intelligence relevant to your context.

WS 3–4

Scenario Agent

Generates attack scenarios and operative kill-chains. Maps each step to ATT&CK techniques, integrating threat data directly into the analysis.

WS 5

Risk Assessment Agent

Performs quantitative risk assessment using Monte Carlo simulation. Identifies MITRE coverage gaps and proposes countermeasures — closing the loop between threat modeling and risk treatment.

WS 1–3

Document Analysis Agent

Extracts entities from uploaded documents (PDF, DOCX). Integrates existing documentation — security policies, architecture diagrams, audit reports — into the knowledge graph.

All

Report Agent

Generates reports in an EBIOS RM-style format, risk assessments, executive summaries, and documentation supporting NIS2 / DORA reporting obligations. All findings are traceable to their source in the knowledge graph.

Core capabilities

From data to insight in one platform

Complex information, connected

Business values, IT assets, threat actors, attack scenarios, MITRE techniques, and security measures exist as interconnected nodes in a single graph. Every relationship is navigable — from a feared event to the attack steps that cause it, to the countermeasures that address it. Changes propagate: adding a new threat source automatically surfaces relevant techniques, gaps, and downstream risks.

Multiple entity types and relationship categories
Cross-framework linking in real time
Schema-driven and extensible at runtime

Regional Hospital — Cyber Risk Analysis

EBIOS RM-style · 1,200 beds · Healthcare

WS1

Security Baseline

→

WS2

Risk Sources

→

WS3

Strategic Scenarios

→

WS4

Operational Scenarios

→

WS5

Risk Treatment

Business Assets

3 entities

Patient CareCriticalinterview

CIAC·H I·Crit A·CritRTO 4h · RPO 30 minowner CMO

Supporting assets3

PACS ServerEHR SystemClinical Workstations

Linked feared events2

ICU operations haltCritical

Patient data confidentiality lossSevere

Diagnostic ImagingCriticaldoc

Lab Results DeliveryHighinterview

Interview Agentlive

Agent

Let's map your critical Business Assets first — these anchor every downstream scenario. Which clinical operations would face the most severe consequences if disrupted for more than 24 hours?

You

Diagnostic imaging — without PACS, radiologists can't read scans and elective surgeries get cancelled.

Agent

Classifying Diagnostic Imaging as Critical (availability-driven).

Reasoning

•Revenue at risk: ≈ 120 elective surgeries/day × €4–6k = €480–720k/day forgone
•Cascade: 4 dependent processes (ICU triage, OR scheduling, oncology, ER imaging)
•Compliance: missed mammography screening windows → malpractice exposure ≈ €200k/case

→Recorded · CIA = (H, H, Crit) · RTO < 4h · linked to PACS Server

sourcesdoc·ops_report_2025.pdf §3.2bench·DACH Hospital Ops Benchmark 2025

Reply…⏎

Methodology

Five workshops. Each one builds on the last.

Following the EBIOS Risk Manager approach, our methodology structures cyber risk analysis into five sequential workshops. Information accumulates — business values become feared events, feared events attract threat actors, threat actors drive scenarios, scenarios expose gaps, gaps produce countermeasures. In the platform, this chain is fully connected and traceable.

Workshop 1— Security baseline

Security Foundation

Starting point

Organisational contextExisting documentationStakeholder interviews

Define what matters and what could go wrong. The Interview Agent collects critical business values through structured dialogue. The Document Analysis Agent extracts entities from existing policies, architecture diagrams, and audit reports. Both sources converge in the knowledge graph — creating the analytical foundation for all subsequent workshops.

Key outputs

Business Values

What the organisation needs to protect

Supporting Assets

IT systems, networks, applications

Feared Events

Impact scenarios tied to each business value

These outputs define the scope and impact model. Every downstream analysis traces back to the business values and feared events established here.

Next: Risk Sources & threat actor identification

Why our suite

Three frameworks, one knowledge graph

Most tools digitise a single framework end-to-end. Aurelian Risk Manager joins three — methodology, threat intelligence, and quantitative risk — on a shared entity model, so analysis crosses framework boundaries without manual stitching.

EBIOS RM

ANSSI risk methodology

structures the analytical reasoning

Business values · feared events
Risk sources · risk objectives
Strategic & operational scenarios
Security measures · residual risk

MITRE ATT&CK®

Adversary technique catalog

supplies the technical threat model

Tactics · techniques · sub-techniques
Enterprise · ICS · Mobile coverage
Data sources · detections
Group & software attribution

Risk Quantification

Event-driven Monte Carlo

puts numbers on the scenarios

Frequency × magnitude distributions
Loss exceedance curves per scenario
Sensitivity & driver analysis
Treatment cost-benefit ROI

What integration produces — artifacts no single framework alone can

Strategic scenarios at technique level

EBIOS strategic scenarios mapped to specific ATT&CK kill-chains — not just tactic categories.

Per-scenario monetary loss curves

Loss exceedance curves traced back to the feared event and risk source that drive them.

Coverage gaps across the graph

Techniques present in your threat model that have no security measure — surfaced automatically.

Treatment ROI in €

Residual risk reduction per security-measure spend, derived from the same simulation.

Dialogue over forms

Agents collect data through structured conversation — not checkbox lists. You describe your context, the system maps it to the graph.

Closed-loop coverage

Technique gaps from kill-chains flow directly into countermeasure recommendations. The pipeline from threat model to risk treatment is continuous.

Full analyst control

Every AI-generated output is editable and traceable. The analyst validates, adjusts, and approves. Nothing enters the analysis without review.

Deliverables

What you deliver

Every output is traceable, auditable, and formatted for your audience — whether that is the management board, the regulator, or the security operations team.

Risk Analysis Reports

Complete reports structured along an EBIOS RM-style five-workshop analysis (WS1–WS5). Generated from the knowledge graph — every finding links back to its source.

Risk Assessments

Quantified risk values with transparent factor breakdowns. Loss event frequency, vulnerability, and magnitude — comparable across all scenarios.

MITRE Coverage Dashboards

Visual coverage analysis showing which ATT&CK techniques are addressed and where gaps remain. Export as PDF or interactive HTML.

Prioritized Action Plans

Implementation roadmaps ordered by risk reduction impact. Each recommendation traces from countermeasure to technique to kill-chain to business value.

Event-driven Monte Carlo Simulation

Annual loss distribution

·10 000 Monte Carlo runsconverged

Expected loss

€380K

mean ALE

P90

€890K

1-in-10 tail

VaR (95%)

€780K

regulatory metric

Ready to see it in action?

See how Aurelian Risk Manager turns weeks of manual analysis into a structured, AI-assisted workflow.

Request a demo Start free trial

Contact

Interested in a demo?

Whether you are evaluating tools for NIS2 compliance, looking to streamline risk analysis engagements, or exploring structured threat modeling for research — describe your use case and we will get back to you.

Walkthrough tailored to your infrastructure and threat context
Discussion of deployment and integration options
Information on early access availability

Three frameworks. One analysis.Real-time risk insight.