EBIOS RM · MITRE ATT&CK® · Monte Carlo Simulation

Know which cyber risks matter
and prove it.

A guided, five-step workflow that turns scattered policies, systems, and expert knowledge into a clear picture of the risks that actually matter, and a prioritised plan to act on them. A structured, repeatable method does the reasoning and AI does the heavy lifting, with real-world attack modelling and Monte Carlo quantification underneath. Every figure traces back to its source.

Request a demoTake a tour
Aurelian Risk Manager — Process Flow
Milestone 1Security FoundationBusiness Values5 identifiedSupporting Assets12 mappedFeared Events7 documentedSecurity BaselineISO 27001Milestone 2Risk SourcesRisk Sources3 actorsStrategic Objectiveslinked to FEThreat GroupsMITRE enrichedAttack Motivationper actorMilestone 3Strategic ScenariosEcosystem Mappartners & depsStrat. Scenarios3 scenariosAttack Vectorsentry pointsStakeholder Eval.trust levelsMilestone 4Operative ScenariosKill-Chainsstep-by-stepMITRE Techniques21 mappedTargeted Assetsfrom Milestone 1Coverage Gaps16 openMilestone 5Risk TreatmentRisk AssessmentquantifiedSecurity Measures19 proposedResidual Riskper scenarioAction Planprioritisedanalysemodeldetailtreat

Hover over any entity to explore the analysis flow.

Why our suite

Three frameworks, one knowledge graph

Most tools digitise a single framework end-to-end. Aurelian Risk Manager joins three (methodology, threat intelligence, and quantitative risk) on a shared entity model, so analysis crosses framework boundaries without manual stitching.

Aurelian Risk Manager — Architecture
ingeststructureanalysegenerateDocuments & policiesPDF · DOCX · controlsThreat intelligenceexternal feeds · profilesExpert inputbriefings · conversational AIAI agent layercollects · structures · proposesModelling EngineEBIOS RMMITRE ATT&CK®Monte Carlobuilds the shared knowledge graphAnalysis engineskill-chains · coverage · quantificationDeliverablesaudit-ready reports · dashboardsAnalyst validates every step · runs on your infrastructure

EBIOS RM

ANSSI method · ISO 27001-aligned

structures the analytical reasoning

  • Business values · feared events
  • Risk sources · risk objectives
  • Strategic & operational scenarios
  • Security measures · residual risk

MITRE ATT&CK®

Adversary technique catalog

supplies the technical threat model

  • Tactics · techniques · sub-techniques
  • Enterprise · ICS · Mobile coverage
  • Data sources · detections
  • Group & software attribution

Risk Quantification

Event-driven Monte Carlo

puts numbers on the scenarios

  • Frequency × magnitude distributions
  • Loss exceedance curves per scenario
  • Sensitivity & driver analysis
  • Treatment cost-benefit ROI

Core capabilities

From data to insight in one platform

Take a tour. Click through each capability to see the platform in action.

Interactive Workflow1 / 7

Guided analysis, step by step

AI agents guide you through the risk-analysis workshops as a structured, step-by-step dialogue. Each step presents reviewable proposals (selectable tables, editable rows, choice buttons) that the analyst confirms, modifies, or rejects. Reasoning traces and source references stay visible inline. Every decision is recorded in the knowledge graph, traceable end-to-end.

  • Reviewable agent proposals at every step
  • Selectable, editable tables with multi-select
  • Reasoning traces and source citations inline

Regional Hospital · Baseline

EBIOS RM study · 5 workshops · 38 entities

ReviewReset
Workshop Progress54%
WS1Security Baseline
11 entities100%
WS2Risk Sources
6 entities100%
WS3Strategic Scenarios
9 entities80%
WS4Operational Scenarios
14 entities60%
WS5Risk Treatment
8 entities20%
FLOWEvent Flow
Cross-Workshop

Security Baseline

Identify business assets, supporting assets, and feared events.

TablesGraph
Agent · workshop 13 actions · 1.4 s

  • Searched the uploaded inventory and audit

    EHR · PACS · IAM · clinical core

  • Drafted the asset baseline

    4 business assets · 4 supporting systems · 4 feared events

  • Scored severity on a 1 – 4 scale

    criticality, recovery time, regulatory impact

Key findings

Business assetSEV 4

Patient Identity & Access

All clinical systems authenticate against the same directory. A compromise here cascades into EHR, PACS, and lab portal at once.

📄 hospital-inventory.pdf §2.1
Business assetSEV 4

Clinical Operations

Direct in-patient impact when EHR, imaging, or the lab portal is unavailable. Recovery target stated by the BSI audit: 4 hours.

📄 bsi-audit-2026.pdf §4.3
Feared eventSEV 4

Patient identity compromise

Plausible attacker path: phished credentials → directory takeover → silent privilege escalation across clinical systems.

inferred from 3 documents

Cascading dependency identified

Active Directory failure simultaneously disables EHR access, PACS authentication, and the lab portal. Beyond a 4-hour recovery window the hospital must divert incoming patients. Treat identity compromise as Severity 4.

Inside the platform

AI agents and analytical capabilities

Six specialized AI agents operate on a shared knowledge graph. Each handles a specific analytical task, from data collection through threat mapping to report generation. Their outputs are immediately available to all others.

Milestones 1–3

Interview Agent

Conducts structured data collection through guided dialogue. Identifies business values, supporting assets, and feared events.

Milestones 2–4

Research Agent

Searches MITRE ATT&CK® for matching techniques, groups, and tactics, delivering real-time threat intelligence relevant to your context.

Milestones 3–4

Scenario Agent

Generates attack scenarios and operative kill-chains. Maps each step to ATT&CK® techniques, integrating threat data directly into the analysis.

Milestone 5

Risk Assessment Agent

Performs quantitative risk assessment using Monte Carlo simulation. Identifies MITRE coverage gaps and proposes countermeasures, closing the loop between threat modeling and risk treatment.

Milestones 1–3

Document Analysis Agent

Extracts entities from uploaded documents (PDF, DOCX). Integrates existing documentation (security policies, architecture diagrams, audit reports) into the knowledge graph.

All

Report Agent

Generates audit-ready risk reports, executive summaries, and documentation that supports NIS2 / DORA reporting obligations. Every finding is traceable to its source in the knowledge graph.

* MITRE ATT&CK® is a registered trademark of The MITRE Corporation. Aurelian Risk Manager is an independent product, not affiliated with, certified by, or endorsed by MITRE. © 2026 The MITRE Corporation. This work is reproduced and distributed with the permission of The MITRE Corporation.

How it works

From context to countermeasure

Turn your context and threat landscape into risk-based decisions and a clear view of where to invest. Import your existing documentation or start from scratch; the platform handles the methodology, the mapping, and the quantification, so you focus on the decisions that matter.

01InputsDocumentation · Audit findings · Threat research
02Expert interviews & scenario-based risk analysis
03Security measures
04Risk quantification
05Risk-based decision-making

Built on what you already have

Fundamental insight into your organisation

Aurelian Risk Manager builds on the unstructured data you already hold (threat intelligence, internal documents, expert knowledge, and the control frameworks you maintain) and turns it into intelligence about your organisation: a living security DNA that every analysis draws on.

Threat intelligence

Pull adversary techniques and group profiles directly into your scenarios.

MITRE ATT&CK®Threat intelligence feedsThreat-group profiles

Documents & evidence

Existing documentation is parsed into structured graph entities.

PDF · DOCXSecurity policiesArchitecture & audit reports

Control frameworks

Map the controls you already maintain to techniques, so coverage gaps surface on their own.

ISO 27001NIS2BSI IT-Grundschutz

Expert knowledge

Capture analyst and subject-matter context through guided dialogue.

Structured interviewsConversational captureExpert briefings

* MITRE ATT&CK® is a registered trademark of The MITRE Corporation. Aurelian Risk Manager is an independent product, not affiliated with, certified by, or endorsed by MITRE.

Deliverables

What you deliver

Every output is traceable, auditable, and formatted for your audience, whether that is the management board, the regulator, or the security operations team.

Risk Analysis Reports

Complete reports structured along the five-milestone risk analysis (Milestone 1 to 5). Generated from the knowledge graph, every finding links back to its source.

Risk Assessments

Quantified risk values with transparent factor breakdowns. Loss event frequency, vulnerability, and magnitude, comparable across all scenarios.

MITRE Coverage Dashboards

Visual coverage analysis showing which ATT&CK® techniques are addressed and where gaps remain. Export as PDF or interactive HTML.

Prioritized Action Plans

Implementation roadmaps ordered by risk reduction impact. Each recommendation traces from countermeasure to technique to kill-chain to business value.

Event-driven Monte Carlo Simulation

Regional Hospital · Baseline

EBIOS RM study · 5 workshops · 38 entities

ReviewReset
Workshop Progress54%
WS1Security Baseline
11 entities100%
WS2Risk Sources
6 entities100%
WS3Strategic Scenarios
9 entities80%
WS4Operational Scenarios
14 entities60%
WS5Risk Treatment
8 entities20%
FLOWEvent Flow
Cross-Workshop

Risk Treatment

Event-driven risk quantification across operational scenarios.

LossMeasuresCoverageTables

Annual loss distribution

·10 000 Monte Carlo runsconverged
P50P90€0€1M+annual loss exposure (€)

Expected loss

0K

mean ALE

P90

0K

1-in-10 tail

VaR (95%)

0K

regulatory metric

Example scenarios *

How different teams can make use of agent-based risk analysis

Different roles, different starting points, the same shift from defending the methodology to acting on the results.

Preparing for NIS2 had always meant weeks of workshops built around empty spreadsheets, with each session starting from scratch. We now describe our environment a single time — clinical systems, suppliers, the controls already in place — and the agents produce a first draft of the asset baseline and the feared events for the team to review and correct. That same description carries through every subsequent workshop, so nothing is re-keyed and nothing quietly drifts out of date. When we present to the board, each figure can be traced back through the underlying analysis, which has moved the discussion away from defending our methodology and towards deciding what to act on first.
Portrait of Lena

Lena

CISO · Healthcare

* Illustrative scenarios, not real customers; images do not depict real people.

Ready to see it in action?

See how Aurelian Risk Manager turns weeks of manual analysis into a structured, AI-assisted workflow.

Get in touch

Contact

Interested in a demo?

Whether you are evaluating tools for NIS2 compliance, looking to streamline risk analysis engagements, or exploring structured threat modeling for research, describe your use case and we will get back to you.

  • Walkthrough tailored to your infrastructure and threat context
  • Discussion of deployment and integration options
  • Information on early access availability

This website uses cookies and similar browser storage, along with selected third-party services. The site remains usable without consent. Details in the privacy policy.

Privacy