SD Elements — Policy-to-Procedure Platform for Agile Development Teams

Additional Info

CompanySecurity Compass
Websitehttp://www.securitycompass.com
Company size (employees)100 to 499
Type of solutionHybrid

Overview

Security Compass’s automated threat modeling is part of a holistic approach to application security, risk management, and compliance for DevOps environments.

With the policy-to-procedure platform, SD Elements, development teams and security professionals can generate comprehensive threat models to manage risk in homegrown applications or third-party software. The process starts by answering a short questionnaire about the application’s technical profile. Once SD Elements has this information, it automatically generates a set of threats relevant to the application. Detailed countermeasures are then compiled from the company’s proprietary security database and they’re automated throughout the software development lifecycle (SDLC).

SD Elements also offers project integration capabilities. This allows users to further automate the threat modeling process by pulling information about the application from an enterprise’s project database into SD Elements’ project survey. This completes part of the initial survey for them, thus saving time while onboarding and threat modeling multiple apps in an enterprise environment.

The primary innovation in SD Elements’ threat modeling function is its incorporation of automated threat modeling into fast-paced DevOps environments for EVERY APPLICATION in an enterprise portfolio. This marks a paradigm shift, away from manual and diagrammatic methods, towards automated methods. Once a diagram is generated it means someone has to look at the diagram, which is not scalable in modern development environments. In fact, it is often the case that diagrammatic and manual approaches take so long that many applications are released without any threat modeling having taken place.

SD Elements does not stop at the end of the threat model: actionable tasks for developers and testers are driven and tracked throughout the entire SDLC. After an application is modeled in SD Elements, continuous updates about new vulnerabilities, compliance standards, and defenses are delivered into development processes, helping teams stay up-to-date with emerging threats.

How we are different

● Security Compass’s automated threat modeling offering is interwoven into a holistic and comprehensive approach to application security, threat modeling, and compliance for DevOps environments. It's extremely agile and easily accommodates rapid release cycles as well as agile development best practices. Further, SD Elements' Just-in-Time raining content helps developers build security into applications using the requirements generated by automated threat modeling.
● SD Elements delivers solutions for all enterprise use cases – business, security, risk & compliance. By shifting security left (building automated threat modeling and security requirements management into the software development lifecycle from the start), organizations can manage risk cost-effectively at the speed and scale that business demands.
● SD Elements not only provides organizations with effective and easy automated threat modeling, but it creates an auditable record of all security and compliance activities related to the threat model. New and rigorous cybersecurity laws, like GDPR and NY DFS, not only require companies to follow secure development procedures but also require them to prove their compliance to regulating bodies. SD Elements makes this, and corporate accountability, easy. If a company is hit with a data breach, CIOs and CISOs can prove that the company was following proper application security policies or they can identify which controls are not complete or verified to be working.