Trestle - Architecture Technology Corporation

Complex cyber ecosystems such as cloud computing offer great benefits but can leave your organization open to very costly liabilities.

Trestle Test Record Dashboard Trestle™ is a hierarchical security modeling and analysis application that gives you the ability to

Discover actual technical vulnerabilities in your systems—not just what vendors promise,
Evaluate the risks those vulnerabilities pose in your specific applications,
Prioritize and mitigate those risks, and
Share results, compare alternatives, and monitor for continuing compliance.

How Will Trestle Help You?

Pinpoint Problems Faster

Performs on-line tests to determine whether modeled vulnerabilities are actually present, then presents results in context so you can see their impact.

Discover New & Unknown Risks

Automates routine compliance testing to ensure new risks have not been introduced due to configuration changes by a cloud provider or due to newly-discovered software vulnerabilities.

Analyze More Thoroughly & Repeatably

Provides a structured, hierarchical framework for security models; no more reams of risk assessment text.

Improve Compliance

Uses a standards-based approach to extend host-based security analysis techniques to the cloud and large-scale systems.

Improve System Designs

Assists in assessing design tradeoffs.

Improve Analytics

Computes multiple tree-derived metrics, such as costs, impact, requirement analysis, or compliance.

Trestle Tree Model Editor

Need to systematically document system security arguments?
Need to create attack trees at large scales?
Need to automate your security controls compliance monitoring?
Need to see at a glance what the most severe risks are?

Trestle Features

Flexible tools support a variety of tests: SCAP OVAL descriptions, commands/scripts run on remote systems, cloud service API queries against Amazon Web Services and OpenStack, and National Vulnerability Database (NVD) queries
Create both attack trees and constructive hierarchical models
Import NIST 800-53 controls, XCCDF checklists, and CWE™ taxonomies
Compute aggregate metrics such as remediation cost, minimum attack complexity, or maximum attack severity
Generate reports in PDF, HTML, and RTF formats
Runnable as a standalone graphical app or integrated with the Eclipse development environment
Command line edition available for automated/periodic tests

Download a free trial of Trestle!

Trestle’s graphical and command-line tools run on Microsoft^® Windows 7 and newer, Apple^® Mac OS X^® 10.8 and newer, RedHat^® Enterprise Linux^® (or compatible) 6.x and newer, SUSE Linux Enterprise Server 11 SP2, and Ubuntu Linux 12.04 LTS and 14.04 LTS.