SecurITree

Hostile behavior can be predicted.

 

SecurITree

Attack tree-based threat
modeling

Attack tree analysis has long been used in critical aerospace, intelligence and defense applications. Although the attack tree approach is well suited to assessing risk in commercial IT, OT and embedded applications, there were barriers to its adoption in those fields. A lack of awareness in attack tree analysis techniques left analysts unsure of how to build and analyze attack trees. Attempts to build attack tree models using conventional drawing tools quickly demonstrated they are ill suited to the task.

Attack Tree

Amenaza's SecurITree® modeling software was purpose built for the task. Capable of analyzing hundreds of thousands (or millions) of attack scenarios, SecurITree's powerful analytic capabilities make analysis practical. Its ability to gauge the effect of countermeasures before implementation is game changing. Amenaza's onsite training courses allow analysts to feel confident that the models they create accurately reflect the systems they are charged with protecting.

Dr Edward Amoroso, leader of the elite advisory group TAG Cyber, tells why system level threat modeling using SecurITree is vital. Read about the advantages of system level threat modeling here.

 

 

 

 

 

 

If you can't see what lies ahead, you may get eaten!

Walking blindfolded off cliff into sharks
Performance-based GRC (Governance, Risk and Compliance)
Victim or Victor

When getting attacked is just not an option – you've got to get it right!

  • Outsmart your adversaries and stay one step ahead.
  • SecurITree is the leading choice for predictive threat modeling of critical systems.
  • SecurITree's threat models enable predictive Security Posture Management (SPM).
  • Amenaza believes that cyber attacks can be predicted – and that a savvy defender can use that knowledge to prevent the attack from ever happening (or mitigate the effects thereof).

Beyond the Top 20

Organizations getting started with a cybersecurity program quickly discover the various Top 20 (or some other number) checklists. No one disagrees that these checklists are a great starting point -- but that is exactly what they are -- a starting point. For organizations that lack depth and expertise in cybersecurity they are a good way of addressing the low hanging fruit of attack vectors. But with today's sophisticated adversaries checklist security simply isn't enough. Most of the large organizations that make the news after being hacked were probably doing the basics.

Organizations with high asset value (or whose systems potentially affect safety) are high value targets for adversaries. Such organizations must move beyond checklists. Amenaza's attack tree analysis methodology lends much deeper understanding into an organization's resilience. SecurITree allows defenders to see their systems from the point of view of their attackers, and understand which controls are appropriate (and how and where to deploy them).

 

Old cassette tape - Top 20

When Security Really Matters

Amenaza's Predictive SPM modeling technology is used by leaders in:

Aerospace
Aerospace
Amenaza's SecurITree software is used extensively by aerospace manufacturers for the analysis of avionics security (anti-tamper protection) as well as ground-based IT support systems. SecurITree was used to provide information assurance on the avionics of a major fighter jet project. Six of the top ten U.S aerospace-defense companies use SecurITree. It is also used by foreign allies.
Embedded
Embedded and IoT Devices
Amenaza's SecurITree software has been used to analyze the security and tamper resistance of a diverse set of embedded technologies. These range from satellite TV decoders to point of sale terminal devices. A major reference work on IoT Security (Practical Internet of Things Security, by Drew Van Duren and Brian Russell) features screen shots from SecurITree in its chapter on attack tree threat modeling.
pacemaker
Medical Devices
Few other fields require as stringent safety and security measures as that of medical devices. Two of the world's largest medical device manufacturers use Amenaza's SecurITree software models to assess and secure their products. This includes laboratory / patient care equipment as well as devices implanted in patients (such as pacemakers).
PLC
Operational Technology
Control system operators in diverse fields use Amenaza's SecurITree software models to analyze and secure their systems. As IT and OT continue to converge, SecurITree's holistic view allows both types of systems to be reviewed in a single model.
Nuclear
Infrastructure / Nuclear Power
Amenaza's SecurITree software models attacks against pipelines, power grids and other critical infrastructure. One industry body created extensive models of attacks against the bulk power system. SecurITree is especially well suited for assuring that critical nuclear power security requirements are met. The NRC Regulatory Guide 5.71 specifically mentions the importance of attack tree analysis for nuclear power.
Automobile
Auto Manufacturing
As automobiles become more intelligent and under computer control the need for security becomes paramount. Amenaza's SecurITree is used for security assurance of automobile control-by-wire systems, and for development of next generation autonomous vehicles.
IT
Information Technology
Amenaza's SecurITree was initially designed for the security analysis of corporate IT systems. A library of pre-built attack trees related to popular information technologies is available.
Train
Transportation
Amenaza's SecurITree project has been used for the analysis of rail security. Industry groups have created models to help understand how to better protect critical transportation systems.

When Security Really Matters

Amenaza's PSPM modeling
technology is used by leaders in:

Aerospace
Aerospace
Amenaza's SecurITree software is used extensively by aerospace manufacturers for the analysis of avionics security (anti-tamper protection) as well as ground-based IT support systems. SecurITree was used to provide information assurance on the avionics of a major fighter jet project. Six of the top ten U.S aerospace-defense companies use SecurITree. It is also used by foreign allies.
Embedded
Embedded and IoT Devices
Amenaza's SecurITree software has been used to analyze the security and tamper resistance of a diverse set of embedded technologies. These range from satellite TV decoders to point of sale terminal devices. A major reference work on IoT Security (Practical Internet of Things Security, by Drew Van Duren and Brian Russell) features screen shots from SecurITree in its chapter on attack tree threat modeling.
pacemaker
Medical Devices
Few other fields require as stringent safety and security measures as that of medical devices. Two of the world's largest medical device manufacturers use Amenaza's SecurITree software models to assess and secure their products. This includes laboratory / patient care equipment as well as devices implanted in patients (such as pacemakers).
PLC
Operational Technology
Control system operators in diverse fields use Amenaza's SecurITree software models to analyze and secure their systems. As IT and OT continue to converge, SecurITree's holistic view allows both types of systems to be reviewed in a single model.
Nuclear
Infrastructure / Nuclear Power
Amenaza's SecurITree software models attacks against pipelines, power grids and other critical infrastructure. One industry body created extensive models of attacks against the bulk power system. SecurITree is especially well suited for assuring that critical nuclear power security requirements are met. The NRC Regulatory Guide 5.71 specifically mentions the importance of attack tree analysis for nuclear power.
Automobile
Auto Manufacturing
As automobiles become more intelligent and under computer control the need for security becomes paramount. Amenaza's SecurITree is used for security assurance of automobile control-by-wire systems, and for development of next generation autonomous vehicles.
IT
Information Technology
Amenaza's SecurITree was initially designed for the security analysis of corporate IT systems. A library of pre-built attack trees related to popular information technologies is available.
Train
Transportation
Amenaza's SecurITree project has been used for the analysis of rail security. Industry groups have created models to help understand how to better protect critical transportation systems.

 

 

SecurITree continues to be the best
available tool for security risk
assessments on our military programs.

- Fortune 100 aerospace customer
F35

 

 

SecurITree screen shots

 

 

Chessboard
Praemonitus, Praemunitus

 

An ancient Latin proverb counseled that forewarned is forearmed.

The behavior of adversaries can be predicted. Such knowledge enables defenders to prevent attacks from ever happening.

Amenaza's attack tree-based SecurITree threat modeling software makes this possible and practical.

 

Amenaza in the News

CIO Review

Amenaza chosen as one of Canada's Top 10 Risk Management Providers!
Read more >
SENSE Consortium Panel

Impact of IoT on Cyber Risk

SENSE Consortium Panel
Read more >

 

Caffeinated Risk

Security risk analysis using attack trees with Terry Ingoldsby

(Caffeinated Risk - McCreight & Leece)
Listen >
Waterfall Podcast

Podcast - The Science of Security

Waterfall Security Solutions - Episode #53
Listen >
Engineering-grade OT Security - A Manager's Guide

Engineering-grade OT Security - A Manager's Guide
by Andrew Ginter

See Chapter 6
Get Waterfall book >

 

 

 

See if Attack Tree Analysis is right for you
Get your free SecurITree trial today