FAQs
General
What is an attack tree?
An attack tree is a conceptual diagram that represents the various ways an adversary might attack a system. It breaks down a potential security threat into its smaller parts and simplifies assessing the risk of an attack.
How can attack trees benefit my organization?
Attack trees can help you systematically identify and assess potential security threats, prioritize risks, and develop effective mitigation strategies. This improves your organization's overall security posture and helps protect critical assets.
Do I setup my own attack trees?
You must setup your own attack trees. RiskyTrees will automate the analysis and will simplify the process to build the attack tree.
Product
What features does RiskyTrees have?
You can create attack trees, build threat models, manage subtrees, perform analysis on likely attack paths, import and export tree data, as well as create organizations to share work.
How do I start using RiskyTrees?
The app is a web SaaS app, meaning all you need is an internet browser and internet connection. You sign-in through your Google account and can begin creating trees.
When will RiskyTrees leave beta?
We are not sure when RiskyTrees will leave beta. But we intend to add a more detailed analysis, integrations, real-time co-working, improved org management, faster tree building, templates and built-in configurations and models, community sharing, enhanced UX, and more.
Is the software suitable for non-technical users?
Absolutely. Our software offers an intuitive user interface that makes it accessible for both technical and non-technical users. We provide basic models and configurations that allow non-technical users to build trees and get immediate value.
Security
Is RiskyTrees secure?
Riskytrees is built by security engineers for security teams and adheres to industry standard security frameworks including NIST. All data is encrypted in transit and at rest using modern cryptographic algorithms. Customer data is logically separated from each other and stored in a dedicated virtual private cloud inaccessible to the public Internet. Strong authentication is used to gain access to any infrastructure.
Are my attack trees private?
Yep! All attack trees are your own and we will never access your data without explicit permission. If you would like to keep your trees offline and completely inaccessible, we offer enterprise plans that allow you to deploy your own instance.
Pricing and licensing
Is RiskyTrees truly free?
Yes! Our standard plan gives you full access to the platform and allows you create as many trees, configs, models, and nodes as you want.
This is for evaluation, educational, non-profit, personal, or research use only.
Who is the Organization and Enterprise plan for?
Our Organization plan is for businesses that want to have company-owned trees and want to allow multiple team members work on each project.
Our Enterprise plan is for large businesses that may need specialized pricing and the ability to run their own instance for maximum security.
Are there any contracts or hidden fees with the paid plans?
No contracts and no hidden fees! You’re either charged monthly or one time annually. Cancel or remove users at anytime.
I’m a non-profit, researcher, or educator. Is there special pricing available?
We would love to offer you a generous discount no matter the size! Please contact us for specialized pricing plans.