Sign In

Risk analysis, security testing and security metrics


Together with VTT, companies are able to ensure security of their products through the whole production life cycle – from design phase requirements to runtime maintenance. Nowadays, security is needed in all kinds of products – from physical hardware products to software services utilised in mobile devices. Therefore, risk analysis and security testing are mandatory components in any product development project.

For years, VTT has been building the competence to perform security risk analysis in several international research and customer projects. The results of risk analysis help companies to recognise and prioritise security objectives for their products. It is important that security threats and consequences are recognised as early as possible. This way development resources can be allocated properly.

VTT's world-class security metrics-based know-how enables customers to follow the fulfilment of security objectives and track changes within a security context. Our MVS (Metric Visualisation System) tool makes it possible to visualise the results of security measurement and to map security metrics for security risks.

Due to increased connectivity, it is extremely important to perform security testing and risk analysis for existing products as well, in order to reveal security threats that have emerged due to changes in an external environment. For this purpose, VTT has a laboratory environment that makes it possible to perform a wide range of security testing in a closed and secure environment

VTT Cyber War Room

We have a special Cyber War Room, where cyber security testing can be performed in a controlled environment, reliably and confidentially. The VTT Cyber War Room includes a mini-Internet simulation environment that is completely isolated from all other telecommunications and where the devices or software being tested can be subjected to highly realistic cyber-attacks in a controlled way.

Because the laboratory is completely isolated, a wide range of attacks can be tried to test the performance of various systems. The Cyber War Room enables the conducting of attacks aimed at seizing systems, implementation of typical hacker attack strategies and botnet attacks. Monitoring effective attacks and developing tools for cyber situational awareness are also important functions of the Cyber War Room.

Cyber laboratory improves security

In many organisations, the security level of information networks and critical technical systems is far too weak. VTT aims at improving this by utilizing the cyberlab setup more widely. Previously, the security level could only be estimated, because it was difficult to carry out a comprehensive security test on actual systems.

The VTT cybersecurity team is the largest independent research group in this field in Finland. The team's expertise on attacks and defence is being continuously improved and enhanced strategically. An appropriately managed cyber attack capability is an important emerging area of expertise for cybersecurity professionals, as its purpose is to ensure that the best possible means can be used to defend against malicious cyber activities.