The SecurITree Advantage
Incident Risk ≡ Incident Probability × Incident Impact
It is impossible to achieve an appropriate level of security at a reasonable cost unless you know how you will be attacked and what the impact will be to you.
Conventional risk analysis technologies rely on checklists and statistics - neither of which are effective for hostile threats. They deliver voluminous, difficult to understand reports which require huge amounts of work to repeat when conditions change. If you are satisfied with these old fashioned approaches then proceed with caution! The material on this site may forever change your way of viewing threat risk analysis.
Capabilities-based attack tree analysis works in a broad variety of disciplines ranging from information technology to physical security. Amenaza's customers include defense and intelligence organizations, health care providers, critical infrastructure companies, aerospace manufacturers, financial organizations, laboratories, consulting companies and progressive Fortune 1000 clients. Throw away your obsolete hostile risk analysis methodologies and model the future of your security. Think like an attacker! Think SecurITree!
Advantages of SecurITree's Capability-Based Attack Tree Approach
- Objective results - a clear, repeatable reasoning process is used to determine which threats are important. Distinguishes between the illusion of perceived risks and iceberg tips of actual risks.
- Defensible decisions - SecurITree captures the assumptions about the attacker's capabilities, the defenses protecting the asset and the impact of a successful attack. The logic that was used to make decisions can be reconstructed even when analysts' memories have faded. This makes it easier to defend decisions in times of trouble.
- Understandable presentations - graphical attack trees are easily understood by specialists and non-specialists alike. Attack trees are a compelling format for conveying the relevant information needed by management to make informed decisions.
- Identifies effective solutions - the attack tree structure makes it easy to see architectural defects in defenses. This leads to the construction of robust solutions that deliver the maximum bang for the buck. Since the analysis process identifies the weaknesses that your adversaries will exploit, your security resources are not squandered in protecting against hypothetical threats. The effect of proposed solutions can be tested before implementation.
- Adaptable to real world changes - Sudden changes in the environment can be quickly reflected in analysis. "What-if" thought experiments can be explored. Assumptions about the asset's defenses or the attacker's capabilities can be changed instantly as new information becomes available.
- Scalable and reusable - Once a basic model of a particular situation has been created, it can be used as a template for other, similar situations. The knowledge of experts is captured in attack tree libraries and can be reused by less specialized analysts. The skills of many diverse subject matter experts can be combined in one project.