Offensive security techniques help us to identify gaps in a system’s architecture. To be useful, we believe attack trees must be contextual and account for business risk. They must also scale without introducing unnecessary overhead in the generation of attack scenarios, false positives, and asset risk alignment.
In this webinar, we have shared some of our ongoing research in automating attack trees for security control generation. We will extend this conversation to the practical side by exploring specific use cases and projecting possible ways to filter attack trees at scale.