Threat Modeling with Threat Analysis


AttackTree threat analysis software provides the framework for threat modeling, performing threat analysis and risk assessment according to well-known standards such as SAE J3061, ISO 21434, HEAVENS, EVITA, ISO 26262, DO-356 and ED-203. Users may also customize the analysis using their own consequence categories, severity weightings, likelihood categories and risk levels. Model threats to cybersecurity, safety, financial systems and operations in a variety of industries such as automotive, banking, process and aerospace.

Threat Analysis

Threat analysis is a process by which potential threats to safety, data protection, operations, finances etc. are identified, quantified and prioritized. The purpose of modeling threats is to provide defenders with a systematic analysis of the most likely attack scenarios on an organization’s assets. Potential threats may be ranked by determining an associated risk level that combines the probability of an attack with the severity of the consequences resulting from a successful attack.

Threat analyses are often performed in conjunction with attack tree and mitigation tree analysis. The threat analysis identifies critical threats and attack trees may be used to analyze these threats in more detail. Mitigation trees may then be used to further define the consequence of these threats taking into account various mitigation measures.

The AttackTree threat analysis module is rich in features that allow you to quickly build your threat models using customisable risk matrices, consequences, indicators and controllability values. Construct libraries of reusable data, build your own customized reports and phrase libraries.