• Home
• Benefits
  • Better
    • Defensible Decisions
    • Holistic Approach
    • Architectural Focus
    • Determine ROI
    • Communication
    • Optimize Risk
    • Due Diligence
  • Faster
  • Cheaper
• Risk Modeling
  • Methodology
    • Premise
    • Attack Tree Analysis
    • Advantages
  • Software
  • FAQ
• Demos
• Documents
  • Documents
  • Tutorial
  • Links
• Software Trial
• U.S. Gov't & Defense
  • GSA
  • NCAGE / CCR
  • National Stock Numbers
  • Sensitive Environments
• Company Info
• Contact Us

Company Background

Amenaza Technologies Limited is the result of a project to solve a problem. In 1997, an information security practitioner in Calgary, Canada had been called on to perform a threat risk assessment for a client. As with previous assignments, the analyst inspected the site, gathered information through interviews and used his experience to write a report detailing areas of concern and making recommendations for improvements. Also as in previous cases, the analyst realized that the reasoning process used to reach conclusions was not well defined and would be difficult to explain or defend. There had to be something better.

In late 1997, the security analyst, Terrance Ingoldsby, began to seriously research the methodologies and approaches used to evaluate risk. Terrance was lucky enough to listen to a presentation given by Bruce Schneier, the well known security expert, at the 1997 Computer Security Institute conference. Schneier described a novel approach for understanding threats to systems which he called "attack trees"†. It quickly became obvious that Schneier's idea was a quantum leap ahead of traditional approaches. The only problem was that no software tools existed to support Schneier's modeling technique. Trying to build and manipulate the models manually would be a hopeless task. Disappointed, Ingoldsby returned from the conference determined to adopt the technique as soon as tools emerged.

In late 1998, Ingoldsby attended another security conference and heard Schneier give almost the same speech as a year before. Schneier issued a plea for people to come forward and develop tools to support his idea. Not content to wait any longer, Ingoldsby decided to organize a group of people to do the necessary research and development to implement an attack tree-based modeling tool. Early in 1999 Ingoldsby and his associates in a previous venture joined forces with software developer Christine McLellan, and began to scope out the project.

It was discovered that, although Schneier's early work had set the basic framework, many details and issues needed to be resolved. Research continued and the first experimental versions of the software arrived in 2000.

Buoyed by support from a major Calgary-based energy company, early in 2001 the project members formed Amenaza Technologies Limited. Forged in the crucible of real world consulting engagements, Amenaza's product, SecurITree, is the most advanced attack tree-based risk modeling tool available today.

Amenaza Technologies Limited was incorporated in January, 2001

Back to Company Info...

† Attack trees were first described by Bruce Schneier in the late 1990s. One of Schneier's articles on the subject can be found at http://www.counterpane.com/attacktrees-ddj-ft.html