Amenaza's SecurITree software enables analysts to make objective, risk-based security decisions regarding a system's threats. SecurITree's attack tree-based threat models analyze thousands of possible attacks against a defender's system. Each attack is assessed for feasibility by comparing each threat agent's capabilities with the resources they would require to execute the attack. Attacks are also evaluated to determine how well they satisfy an attacker's goals (thus providing an understanding of their degree of motivation). Attacks are assigned an estimate of probability based on the degree to which a given adversary finds them to be both feasible and desirable. Finally, each attack's likelihood is combined with the anticipated impact on the victim to yield an assessment of risk.
Once attacks with unacceptable levels of risk are identified, analysts can evaluate the effectiveness of proposed controls by adding the countermeasures to the threat models and observing the amount of risk reduction achieved.