SD Elements — Policy-to-Procedure Platform for Agile Development Teams
Promote this Nomination
SD Elements -- Policy-to-Procedure Platform for Agile Development Teams
|Company (that provides the nominated product / solution / service)||Security Compass|
|Company size (employees)||100 to 499|
|Type of solution||Hybrid|
In 3 bullets, summarize why this product or service is different from the competition and deserves recognition:
● Security Compass’s automated threat modeling offering is interwoven into a holistic and comprehensive approach to application security, threat modeling, and compliance for DevOps environments. It's extremely agile and easily accommodates rapid release cycles as well as agile development best practices. Further, SD Elements' Just-in-Time raining content helps developers build security into applications using the requirements generated by automated threat modeling.
Summary of Achievements
Security Compass’s automated threat modeling is part of a holistic approach to application security, risk management, and compliance for DevOps environments.
With the policy-to-procedure platform, SD Elements, development teams and security professionals can generate comprehensive threat models to manage risk in homegrown applications or third-party software. The process starts by answering a short questionnaire about the application’s technical profile. Once SD Elements has this information, it automatically generates a set of threats relevant to the application. Detailed countermeasures are then compiled from the company’s proprietary security database and they’re automated throughout the software development lifecycle (SDLC).
SD Elements also offers project integration capabilities. This allows users to further automate the threat modeling process by pulling information about the application from an enterprise’s project database into SD Elements’ project survey. This completes part of the initial survey for them, thus saving time while onboarding and threat modeling multiple apps in an enterprise environment.
The primary innovation in SD Elements’ threat modeling function is its incorporation of automated threat modeling into fast-paced DevOps environments for EVERY APPLICATION in an enterprise portfolio. This marks a paradigm shift, away from manual and diagrammatic methods, towards automated methods. Once a diagram is generated it means someone has to look at the diagram, which is not scalable in modern development environments. In fact, it is often the case that diagrammatic and manual approaches take so long that many applications are released without any threat modeling having taken place.
SD Elements does not stop at the end of the threat model: actionable tasks for developers and testers are driven and tracked throughout the entire SDLC. After an application is modeled in SD Elements, continuous updates about new vulnerabilities, compliance standards, and defenses are delivered into development processes, helping teams stay up-to-date with emerging threats.