Practical Threat Analysis - a calculative Threat Modeling methodology and a Risk Assessment tool for Security Experts

<body bgcolor="white"> <h1 align="left"><font face="Verdana" size="1"> <a target="_top" href="http://www.ptatechnologies.com/">Home Page</a></font></h1> <h1 align="center"><font face="Verdana" size="1">PTA Professional Edition</font></h1> <h3 align="left"><span style="font-weight: 400"> <font size="1" color="#000000" face="Verdana"> PTA Professional Edition is a desktop software tool developed with the Practical Threat Analysis calculative technology that helps security analysts build practical threat models and perform a quantitative risk analysis of their clients' systems . You are invited to download the PTA Professional Edition trial version at the <a target="content" href="DownloadResult.htm">Free Practical Threat Analysis Download</a> page . The following list details the product's features:</font></span></h3> <h3 align="left"><font face="Verdana" size="1">Easy Threat Modeling</font></h3> <ul> <li> <p align="left"><font face="Verdana" size="1"><b>User friendly</b> data entry screens and a specialized threat builder tool. Defining of assets, vulnerabilities, threats and countermeasures entities and composing threat scenarios is done in minutes.</li><br> </font></p> </li> <li> <p align="left"><font face="Verdana" size="1"><b>Additional entities</b> such as entry points and attacker types can be added to the model to make it more comprehensive. </li> Model entities can be adapted and customized to best fit the specific features of the analyzed system. </li> <br> </font></p> </li> <li> <p align="left"><font face="Verdana" size="1">Built-in <b>spell checking</b> and <b>search</b> capabilities.</li><br> </font></p> </li> <li> <p align="left"><font face="Verdana" size="1">PTA supplies full descriptions of the practical steps of the threat analysis process. Well structured <b>context sensitive help</b> is available at any step of the modeling.</li><br> </font></p> </li> <li> <p align="left"><font face="Verdana" size="1">Parts of the model can be easily excluded from the analysis to enable quick <b>intermediate results</b>. </font></p> </li> </ul> <h3 align="left"><span style="font-weight: 400"><font face="Verdana" size="1">Read More: <a href="http://www.ptatechnologies.com/PTAPro.htm"> http://www.ptatechnologies.com/PTAPro.htm</a></font></span></h3> <h3 align="left"><font face="Verdana" size="1">Quantitative Threat Analysis</font></h3> <ul> <li> <p align="left"><font face="Verdana" size="1">The PTA <b>quantitative method</b> produce practical recommendations for reducing overall system risk. The method uses parameters such as threats probabilities, potential damages, countermeasures costs and countermeasures mitigation levels.</li><br> </font></p> </li> <li> <p align="left"><font face="Verdana" size="1">The <b>financial value</b> of assets and cost of countermeasures can be presented as a combination of fixed and recurring values.</li><br> </font></p> </li> <li> <p align="left"><font face="Verdana" size="1">The <b>risk-reduction optimization</b> algorithm produces a prioritized list of the countermeasures. Combining the most cost-effective countermeasures will reduce the overall system risk level to a minimum.</font></p> </li> </ul> <p align="left"><span style="font-weight: 400"><font face="Verdana" size="1">Read More: <a href="http://www.ptatechnologies.com/PTAPro.htm"> http://www.ptatechnologies.com/PTAPro.htm</a></font></span></p> <h3 align="left"><font face="Verdana" size="1">Predefined Security Entity Libraries</font></h3> <ul> <li> <p align="left"><font face="Verdana" size="1"><b>Predefined entities</b>, such as assets, vulnerabilities, threats and countermeasures, can be easily loaded from plug-in entity libraries.</li> Each entity library suits a specific platform, environment, application type and architecture. For example Web applications, Linux/Microsoft, SQL/Oracle, banking, telecom and healthcare. The PTA plug-in libraries mechanism is intended to facilitate the transforming of security standards compliance knowledge and data into effective mitigation actions. Read more on PTA plug-in libraries in <a target="content" href="Libraries.htm">Common Assets, Vulnerabilities, Countermeasures and Threats Libraries</a> and visit the <a target="content" href="Comments.htm">PTA Professional Forum</a> for getting tips on how to convert standard security compliance methodologies such as ISO 27001 and PCI DSS 1.1 to PTA threat models and use them as a dynamic baseline for employing modern risk management system based on quantitative risk analysis.<br /></font></p> </li> <li> <p align="left"><font face="Verdana" size="1"><b>Import entities from text</b> enables importing data of threat model entities from comma delimited text files and partial automating of the threat analysis process, for example, combine standard scanners outputs with the PTA calculative model. Read more on <a target="content" href="Comments.htm">Integrating PTA with Nessus</a> in the PTA Professional Forum. <br /> </font></p> </li> <li> <p align="left"><font face="Verdana" size="1">Entity libraries can be <b>customized</b> by the user and <b>shared</b> among several projects to save the burden of re-entering common entities when building application-specific threat models.</font></p> </li> </ul> <h3 align="left"><span style="font-weight: 400"><font face="Verdana" size="1">Read More: <a href="http://www.ptatechnologies.com/PTAPro.htm"> http://www.ptatechnologies.com/PTAPro.htm</a></font></span></h3> <h3 align="left"><font face="Verdana" size="1">Flexible Threat Model Database</font></h3> <ul> <li> <p align="left"><font face="Verdana" size="1">Threat models are stored in a <b>dynamic database</b> that can be shared between analysts and developers. There is no limit to the number of entities in the model. Model entities can be added, removed or changed at any time without disrupting the threat analysis process.</li><br></font></p> </li> <li> <p align="left"><font face="Verdana" size="1">The <b>model recovery</b> feature enables safe and easy roll back of changes. It also supports ‘what if’ research process that immediately updates the analysis outcome.</font></p> </li> </ul> <p align="left"><span style="font-weight: 400"><font face="Verdana" size="1">Read More: <a href="http://www.ptatechnologies.com/PTAPro.htm"> http://www.ptatechnologies.com/PTAPro.htm</a></font></span></p> <h3 align="left"><font face="Verdana" size="1">Rich Security Reporting and Audit Subsystem</font></h3> <ul> <li> <p align="left"><font face="Verdana" size="1">The <b>reporting subsystem</b> provides diverse views of threat model parameters and entities interrelations. For example: vulnerabilities and their associated countermeasures, threats and assets, entities details, risk and mitigation statistics etc. For a description of the basic threat analysis outcomes see <a target="content" href="PTAReports.htm">List of Practical Threat Analysis Results and Reports</a>.</li><br> </font></p> </li> <li> <p align="left"><font face="Verdana" size="1">Reports are displayed in a <b>viewer</b> equipped with wide paging, zoom and printing capabilities.</li><br> </font></p> </li> <li> <p align="left"><font face="Verdana" size="1">Reports can be <b>exported</b> to common formats (such as text, HTML, Excel, and RTF) and sent as e-mail attachments.</font></p> </li> </ul> <p align="left"><span style="font-weight: 400"><font face="Verdana" size="1">Read More: <a href="http://www.ptatechnologies.com/PTAPro.htm"> http://www.ptatechnologies.com/PTAPro.htm</a></font></span></p> <h3 align="left"><font face="Verdana" size="1">Security Knowledge Management</font></h3> <ul> <li> <p align="left"><font face="Verdana" size="1">PTA professional edition can manage and maintain <b>numerous threat analysis projects</b>.</li><br> </font></p> </li> <li> <p align="left"><font face="Verdana" size="1">Projects can <b>share entities</b> and parameters loaded form common predefined entities libraries created by experts. </li> <br> </font></p> </li> <li> <p align="left"><font face="Verdana" size="1">Projects properties support <b>versions management</b> and keywords qualifications.</li><br> </font></p> </li> <li> <p align="left"><font face="Verdana" size="1">A  variety of documents types (such as PDF, text, Word, Visio and Rational) can be associated with each of the threat model entities. This allows management of <b>additional unstructured information</b> and sharing of knowledge between collaborative parties.</li><br> </font></p> </li> <li> <p align="left"><font face="Verdana" size="1">System risk status and project’s "bottom lines" are <b>continuously monitored </b>based on the identified threats and rate of countermeasures implementation.</li><br> </font></p> </li> <li> <p align="left"><font face="Verdana" size="1"><b>Project history</b> is displayed and the analysis progress is monitored throughout the system's lifecycle.</li><br></font></p> </li> </ul> <p align="left"><font face="Verdana" size="1">You are invited to download and install the PTA Professional Edition at the <a target="content" href="DownloadResult.htm">Free Practical Threat Analysis Download</a> page - the PTA Help file that comes with the software provides detailed and updated description of the tool's features. Visit the <a target="content" href="LatestUpdate.htm">PTA Professional Edition Latest Updates</a> page for more information on latest changes and product versions history.</font></p> <p align="left"><span style="font-weight: 400"><font face="Verdana" size="1">Read More: <a href="http://www.ptatechnologies.com/PTAPro.htm"> http://www.ptatechnologies.com/PTAPro.htm</a></font></span></p> <p align="center"> <font face="Verdana" size="1"> ***</font></p> <p align="center"> </p> <p align="center"><font face="Verdana" size="1"> <b> <a target="content" href="DownloadResult.htm">Download the PTA Professional Edition Tool</a></b><br> <a target="_top" href="http://www.ptatechnologies.com/">Home Page</a></font></p> </body>