Manage and evaluate risk exposure
This page is describing securiCAD Enterprise Suite functionality.
Evaluate the impact of security improvements and flaws as well as different architectural alternatives.
By comparing the results of different alternatives, you can see what changes would be most efficient to introduce
Simulations deliver suggested security improvements automatically
Since simulations show the most likely paths and attacker would follow, they can also show what objects to improve along those paths. Such objects are presented in a list of suggested mitigations. This list will not list everything that according to the model can be improved, but instead only list what improvements would make the attacker’s progress more difficult.
Decision support for upcoming changes in either direction
Different security alternatives have different impact on our most important assets in the model. These alternatives can be compared independently of each other.
Likewise, it is possible to compare the removal of security defenses like for instance lowering a patch level, allowing a new data flow or what impact an operating system turning legacy would have
If improving she security status by altering the architecture of an IT environment is considered, securiCAD will reveal what hosts, services, dataflows etc are most beneficial to an attacker. Such assets, so called Chokepoints, should be taken into consideration first.
Compare different attack scenarios
Like with different security properties, different architectural structures and so on, it is also possible to compare the impact of different attack scenarios.
Such analysis is made by connecting the attacker to different places in the model to represent external (traditional) attacker, phishing, insider, air gap attacks, malicious updates and so on.