SecurITree® Attack Tree Analysis Software
SecurITree is a software tool that was created expressly for analyzing hostile threats using attack tree analysis. It is not derived from other general purpose tree analysis products. SecurITree's design is a result of over twenty years of R&D by Amenaza Technologies Limited combined with suggestions and comments from leading customers in the aerospace, defense and intelligence fields. No other commercially available tool offers more complete attack tree analysis functionality. SecurITree also provides fault tree analytic capability and is able to model attacks that are a combination of hostile and random factors.
SecurITree uses a fresh, new approach to threat risk assessment. Using SecurITree's graphical interface, analysts create a model describing their system and its threats (hostile and non-hostile). SecurITree evaluates the attack model and produces a list of attack scenarios - different ways in which the asset could be attacked. Each attack scenario is objectively assessed using three factors to estimate the probability it will be used by the adversary:
- The nature of the target's vulnerabilities
- The adversary's strengths and resources
- The degree to which an attack satisfies the adversary's objectives
This approach combines the "think like an attacker" philosophy used by military Red Teams with the analytical capabilities of engineering models used in other disciplines. It is sometimes known as capabilities-based, attack tree analysis.
Risk ≡ Incident Probability × Incident Impact
As the risk definition equation shows, knowing how you will be attacked is only half of the risk equation. The analyst must next incorporate business specific impact information into the attack tree model. The combination of attack probability and victim impact provides a true measure of risk and permits well reasoned, defensible security decisions to be made.
The initial analysis process identifies situations and scenarios where the level of risk is higher than acceptable. By studying the highlighted scenarios the analyst proposes a number of possible risk mitigation strategies. These may involve changes to processes and procedures, or the implementation of security controls. Before going through the cost and effort of implementing the unproven controls, the analyst incorporates them into the SecurITree model and reevaluates the risk. If the controls are effective, the risk will drop significantly. By comparing several different countermeasures an analyst can identify those that are both effective and cost effective. Only when the results are known will the controls be implemented in the real world.
SecurITree models are easily distributed for peer review in much the same fashion as a building's blueprints are inspected by several engineers. The effectiveness of the proposed measures can be demonstrated before implementation, thus assuring the prudent use of resources. SecurITree allows you to estimate the ROI of proposed security measures, thus ensuring decision maker support. SecurITree captures and documents the thought processes that went into the decision making process - an important part of demonstrating due diligence.