Meet KAT, our Context Analysis Tool

During the COVID-pandemic in the Netherlands KAT was made. During this workshop we will explain the inner workings and show you the tool in action.

The tool KAT has been developed during the COVID-19 pandemic when it became more and more apparent that it wasn’t possible to arrange security the traditional way. When the minister has his own software development, the systems that are built turn crucial rapidly and cover the nation you become vulnerable to political attacks, interference from other nations and all sorts of different attacks. The attack surface is huge, because of the many systems with all sorts of characteristics. Looking at that reality we soon saw that many of the tasks still are poorly automated and tools only partially answer the question you have. Surely the don’t answer relevant compliance questions. And definitely not in a way that you can label as forensically sound.

KAT is a serious attempt deliver information gathered in a forensic sound way in such a way we can distinguish facts from opinions. By storing object information based on time we understand the data we have and we can rapidly query objects and their state at any given time. Based on rules we determine technical vulnerabilities, violation of policy or standards. Not only for general tools but also for more specifc tools. Something seen more in the health care industry. When new vulnerabilities evolve we can’t only see that we are vulnerable but also since when. In the Netherlands the tool isn’t in use for all the covid test providers, but also will be used to scan hospitals through the CERT in the medical sector. KAT basically delivers you a turn key working engine that offers you the possibility to situationally aware assess you technical environment: a Context Analysis Tool.