Why do I need specialized software to use attack trees?
Attack trees are fundamentally pretty simple. This leads many people to believe that a pencil and paper are all that are required to create and analyze attack trees. In principle, that is true. However, this rarely turns out to be practical. The next thing most people try are drawing tools such as CorelDraw® and Visio®. Both of those products are excellent for drawing pictures and diagrams. Unfortunately, they were never designed for attack tree analysis and, when used for that purpose, don't provide many advantages over the humble pencil and paper solution.
Even relatively small and simple attack trees may have hundreds, or even thousands, of paths leading from the leaf nodes to the root node (attack scenarios). It is difficult for a human to analyze all of these paths in a timely, error-free manner. When analysis is performed manually, "what-if" operations become completely impractical.
The most sophisticated forms of attack tree analyses use information about the resource costs of each attack scenario, the attractiveness of the attack to the attacker and the negative impacts on the victim. Each of these factors are seen through the eyes of the adversary or victim. Performing all of the necessary computations manually would be time consuming, tedious and error prone.
Amenaza's SecurITree software was purpose built to perform attack tree analysis. SecurITree is not a derivative of some other tree drawing tool. It is the culmination of more than a decade of Amenaza's own research coupled with feedback from Amenaza's customers in aerospace, defense, intelligence and commercial fields. No commercially available software tool provides greater attack tree analytic functionality. Organizations using SecurITree have reported productivity gains of up to 700%!