Capabilities-based Attack Tree Analysis
Amenaza's SecurITree® software uses a completely different approach to threat risk assessment. Using SecurITree, analysts create graphical models describing their systems and the adversaries that threaten them. These models objectively assess three factors to predict which attacks are likely
- The nature of the target's vulnerabilities
- The adversary's strengths
- The degree to which an attack satisfies the adversary's objectives
This approach combines the "think like an attacker" philosophy used by military Red Teams with the analytical capabilities of engineering models used in other disciplines.
Of course, knowing how you will be attacked is only half of the risk equation. The analyst next incorporates business specific impact information into the attack tree model. This provides a true measure of risk and permits well reasoned, defensible security decisions to be made. SecurITree models are easily distributed for peer review in much the same fashion as a building's blueprints are inspected by several engineers. The effectiveness of the proposed measures can be demonstrated before implementation, thus assuring the prudent use of resources. SecurITree allows you to estimate the ROI of proposed security measures, thus ensuring decision maker support.