SD Elements – the industry’s first Balanced Development Automation platform – by Security Compass

Promote this Nomination

Additional Info

Company (that provides the nominated product / solution / service)Security Compass
Company size (employees)100 to 499
Type of solutionSoftware

In 3 bullets, summarize why this product or service is different from the competition and deserves recognition:

- SD Elements helps agile organizations build security into the SDLC from the start by enabling them to model threats faster and manage risk cost-effectively. By automating key threat modeling processes, organizations can speed up application development and release software faster.

- SD Elements does not stop at the end of the threat model. Actionable security tasks for developers and testers are provided and tracked through the entire SDLC. It also offers project integration capabilities which allows users to pull information about applications from a company’s project database. When information is automatically fed into the SD Elements’ survey, it saves time while onboarding and threat modeling multiple apps in an enterprise environment. This also helps in scaling threat modeling across the entire applications portfolio as it simplifies the processes and enables self-service for developers to integrate security.

- Security Compass’s just-in-time security training provides developers with the content and direction they need, enabling them to apply what they’ve learned, as they build security into applications according to the requirements generated by automated threat modeling.

Brief Overview

Every organization should perform threat modeling for their applications. However, there are a number of challenges with manual threat modeling. Given its time-consuming nature, this process is difficult to scale in a fast-paced modern development environment. In fact, due to the overwhelming number of applications in a typical enterprise, threat modeling is often skipped entirely.

In light of these challenges, Security Compass’ automated threat modeling is interwoven into a holistic and comprehensive approach to application security, threat management, and compliance for DevOps environments. As the industry’s first Balanced Development Automation (BDA) platform, SD Elements augments organizations’ traditional threat modeling activities through automation. Their platform enables organizations to identify threats at a significantly faster rate and secure their complete application portfolio. Organizations utilizing the SD Elements’ BDA capabilities can expect to see an 80% reduction in the time it takes to conduct threat modeling.

SD Elements also enables organizations to act on the threat model output, through code samples and training, as well as multiple software development lifecycle (SDLC) integrations such as ALM, scanners, and CI/CD plugins.

After an application is modeled in SD Elements, continuous updates about new vulnerabilities, compliance standards, and defenses are delivered into development processes, helping teams stay up-to-date with emerging threats. For critical, high-risk apps, Security Compass offers manual threat modeling in conjunction with SD Elements’ automated capabilities to capture domain-specific and domain-agnostic threats.

Manual threat modeling requires breaking down the application’s components in a data flow diagram to define assets and trust boundaries. Use cases are manually examined to determine potential threats. Outputs from a manual threat model can then be entered into SD Elements for security requirements tracking and automation.