• Home
• Benefits
  • Better
    • Defensible Decisions
    • Holistic Approach
    • Architectural Focus
    • Determine ROI
    • Communication
    • Optimize Risk
    • Due Diligence
  • Faster
  • Cheaper
• Risk Modeling
  • Methodology
    • Premise
    • Attack Tree Analysis
    • Advantages
  • Software
  • FAQ
• Demos
• Documents
  • Documents
  • Tutorial
  • Links
• Software Trial
• U.S. Gov't & Defense
  • GSA
  • NCAGE / CCR
  • National Stock Numbers
  • Sensitive Environments
• Company Info
• Contact Us

Software

Most security software applications are tactical in nature - they purport to solve some security problem. SecurITree is a strategic tool that helps you understand which problems need to be solved and which can be safely ignored. SecurITree models take into consideration the vulnerabilities in your system, the capabilities of your adversary and the impacts of particular attacks. SecurITree shows you the logical outcome of your knowledge and assumptions. Because SecurITree is a Java-based application it runs on all major computing platforms including Windows, Macintosh and Linux.

Versions:

SecurITree is avalable in several versions. Below is a partial list of these versions, with both Amenaza's part number and the National Stock Number (NSN). Please contact us for pricing information.

• SecurITree Enterprise License
  • The Enterprise license consists of a bundle of ten (10) full function licenses. At the time of purchase the customer indicates which of the ten licenses will be deployed as floating with the remainder being designated as node-locked. Floating licenses are concurrent usage and are managed by a network license manager at the customer's site. The customer is free to install as many copies of SecurITree on their network as they desire. The license manager communicates with the SecurITree equipped PCs via the corporate network and assigns licenses from a pool. Node-locked licenses are associated with a specific PC and are appropriate for laptops or other systems that may not have network connectivity.
  • Part Number SCT-ENT10-PRM
• SecurITree Full Version:
  • Allows the analyst to create attack tree models showing possible attacks against assets and the resulting damages. Incorporates sophisticated analytic functions that use information about your enemies to determine which attacks they will use against your systems. Provides the analyst with the ability to explore the effectiveness of proposed risk mitigation solutions.
  • Part Number SCT-FULL-PRM, NSN #7030-20-001-5993
• SecurITree Creator Version:
  • Allows the creation of attack tree models showing possible attacks against assets and the resulting damages. This version is most appropriate where the organization has separated the attack tree model creation and analysis operations into separate functions.
    
  • Either a SecurITree Analyzer or SecurITree Full Function license is required to perform the complete analysis process.
  • Part Number SCT-CRT-PRM, NSN #7030-20-001-5999
• SecurITree Analyzer Version:
  • Allows the analysis of attack tree models (created by either SecurITree Creator or SecurITree Full Function). Provides sophisticated analytic functions that use information about your enemies to determine which attacks they will use against your systems. Provides the analyst with the ability to explore the effectiveness of proposed risk mitigation solutions.
  • Part Number SCT-ANA-PRM, NSN #7030-20-001-6001
• SecurITree Viewer:
  • A low cost product that allows attack trees to be viewed and printed. Recommended for situations where people (e.g., decision makers) need to be able to inspect attack trees that have been created by other versions of SecurITree.
  • Part Number SCT-VIEW-PRM, NSN #7030-20-001-6004
• SecurITree IT Library:
  • The IT Library is a collection of pre-built attack trees representing ways of attacking popular information technologies (e.g., Windows, Oracle, Apache, 802.11). An analyst can save great amounts of time and build upon Amenaza's expertise by including these components in their own models. The structure of a technology tree emphasizes defects in the technology's architecture. The collection is updated periodically.
  • Part Number SCT-ITLIB-PRM, NSN #7030-20-001-5996
  • Part Number SCT-ITLBE10-PRM

Note: All of the above products include one year of technical support and no charge updates. Yearly support agreements are available and recommended after the initial support period expires. Educational licenses are available for qualified educational institutions.

• SecurITree for Consultants:
  • A time expiring Full Function version of SecurITree that provides consultants the ability to work on a project at one, named client's site for a period of 90 days. Includes technical support, product updates and the use of the IT attack tree libraries for the license period.

Back to Risk Modeling...