Predictive Security Posture Management

Beyond the Top 20

Organizations getting started with a cybersecurity program quickly discover the various Top 20 (or some other number) checklists. No one disagrees that these checklists are a great starting point -- but that is exactly what they are -- a starting point. For organizations that lack depth and expertise in cybersecurity they are a good way of addressing the low hanging fruit of attack vectors. But with today's sophisticated adversaries checklist security simply isn't enough. Most of the large organizations that make the news after being hacked were probably doing the basics.

Organizations with high asset value (or whose systems potentially affect safety) are high value targets for adversaries. Such organizations must move beyond checklists. Amenaza's attack tree analysis methodology lends much deeper understanding into an organization's resilience. SecurITree allows defenders to see their systems from the point of view of their attackers, and understand which controls are appropriate (and how and where to deploy them).

 

Praemonitus, Praemunitus

 

An ancient Latin proverb counseled that forewarned is forearmed.

The behavior of adversaries can be predicted. Such knowledge enables defenders to prevent attacks from ever happening.

Amenaza's attack tree-based SecurITree threat modeling software makes this possible and practical.