User friendly data entry screens and a specialized threat builder tool. Defining of assets, vulnerabilities, threats and countermeasures entities and composing threat scenarios is done in minutes.
Additional entities such as entry points and attacker types can be added to the model to make it more comprehensive.
Built-in spell checking and search capabilities.
PTA supplies full descriptions of the practical steps of the threat analysis process. Well structured context sensitive help is available at any step of the modeling.
Parts of the model can be easily excluded from the analysis to enable quick intermediate results.
The PTA quantitative method produce practical recommendations for reducing overall system risk. The method uses parameters such as threats probabilities, potential damages, countermeasures costs and countermeasures mitigation levels.
The financial value of assets and cost of countermeasures can be presented as a combination of fixed and recurring values.
The risk-reduction optimization algorithm produces a prioritized list of the countermeasures. Combining the most cost-effective countermeasures will reduce the overall system risk level to a minimum.
Predefined entities, such as assets, vulnerabilities, threats and countermeasures, can be easily loaded from plug-in entity libraries.
Import entities from text
enables importing data of threat model entities from comma delimited text
files and partial automating of the threat analysis process, for example,
combine standard scanners outputs with the PTA calculative model. Read more
on Integrating PTA with
Nessus in the PTA Professional Forum.
Entity libraries can be customized by the user and shared among several projects to save the burden of re-entering common entities when building application-specific threat models.
Threat models are stored in a dynamic database that can be shared between analysts and developers. There is no limit to the number of entities in the model. Model entities can be added, removed or changed at any time without disrupting the threat analysis process.
The model recovery feature enables safe and easy roll back of changes. It also supports ‘what if’ research process that immediately updates the analysis outcome.
The reporting subsystem provides diverse views of threat model parameters and entities interrelations. For example: vulnerabilities and their associated countermeasures, threats and assets, entities details, risk and mitigation statistics etc. For a description of the basic threat analysis outcomes see List of Practical Threat Analysis Results and Reports.
Reports are displayed in a viewer equipped with wide paging, zoom and printing capabilities.
Reports can be exported to common formats (such as text, HTML, Excel, and RTF) and sent as e-mail attachments.
PTA professional edition can manage and maintain numerous threat analysis projects.
Projects can share entities and parameters loaded form common predefined entities libraries created by experts.
Projects properties support versions management and keywords qualifications.
A variety of documents types (such as PDF, text, Word, Visio and Rational) can be associated with each of the threat model entities. This allows management of additional unstructured information and sharing of knowledge between collaborative parties.
System risk status and project’s "bottom lines" are continuously monitored based on the identified threats and rate of countermeasures implementation.
Project history is displayed and the analysis progress is monitored throughout the system's lifecycle.
You are invited to download and install the PTA Professional Edition at the Free Practical Threat Analysis Download page - the PTA Help file that comes with the software provides detailed and updated description of the tool's features. Visit the PTA Professional Edition Latest Updates page for more information on latest changes and product versions history.
***