ThreatModeler And Its Quest For Complete Cyber Security
Companies do their best to protect themselves from cyber security threats. However, without fully understanding the threats with real-time situational visibility across the full cyber ecosystem, their efforts cannot consistently produce solutions that are practical and well-designed to operate at a holistic level. Is this a matter of concern? Not since the dedicated team at ThreatModeler Software is on a quest to provide complete cyber security solutions to all its clients. Headquartered in New York, ThreatModeler Software, Inc. is an innovative software development company whose flagship product, ThreatModeler™, automates enterprise threat modeling.
With ThreatModeler™, organizations can fully integrate security into their entire IT system and software development life cycle, thus helping them realize sustainable ROI on their security resources. Threat modeling is not a new concept, but has been used by military strategists since Sun Tzu. Only recently, though, has it been applied to cybersecurity as a means to optimize network security and identify application vulnerabilities before production. Once potential threats are identified, the process then defines countermeasures which will mitigate the threats. Threat modeling can be done by anyone. It is an analytical process by which defenders gain and understand the perspective, motives, and patterns of potential attackers.
Enterprise threat modeling, however, is a bit more complex. The keys to successful threat modeling at this level are automation, collaboration, and integration. Archie Agarwal, having observed the lack of scalable, automated threat modeling solutions enterprises before starting ThreatModeler, comments: “Without automation, threat modeling outputs are just static documents. This is fine if an organization only needs to secure a handful of isolated applications. However, for enterprises with hundreds or even thousands of new applications each year, existing within a highly interconnected cyber ecosystem, manual threat modeling approaches are of little practical value. This is especially true for organizations that have adopted a DevOps with CI/CD production methodologies.”
“ThreatModeler™ does more than automate the threat modeling process,” continues Agarwal. “Through our industry-leading platform, all SDLC and cybersecurity stakeholders throughout an organization can collaborate on every aspect of developing and implementing end-to-end cybersecurity. Moreover, the ThreatModeler™ platform fully integrates into existing DevOps and CI/CD workflows and toolsets – making it possible to understand the upstream threats and downstream impacts at the speed of business and the scale of innovation.” Understanding the upstream threats and downstream impacts are crucial to forming an end-to-end security policy.
The ThreatModeler™ platform utilizes process flow diagrams instead of data flow diagrams to more thoroughly reveal how an attacker will move through an application or IT system from entry point to the targeted assets. ThreatModeler believes that their automated platform, which accurately identifies 99% of the potential static and dynamic application vulnerabilities, will result in significantly better cyber security solutions and make ThreatModeler a true cyber security partner to all its clients. ThreatModeler was awarded 1st place in Cyber Security Excellence Awards, 2017 & 2018, in the category of threat modeling product. It also found a key mention in Gartner’s Hype Cycle for Application Security, 2017, for automating ‘security requirements definition, risk assessment, and threat modeling,’ with SDLC integration. Most recently, ThreatModeler Software was named winner of Cyber Defense Magazine’s InfoSec Awards, 2018, in the category of threat modeling.
In an era where the impact of missed vulnerabilities and unmitigated cyber risk is significant, it will be interesting to see how soon the markets react to and embraces ThreatModeler’s solutions. It is only a matter of time before ThreatModeler becomes synonymous with cyber security.
