ThreatModeler Software, Inc.

Promote this Nomination

Additional Info

Company (that provides the nominated product / solution / service)ThreatModeler Software Inc.
Websitehttp://www.threatmodeler.com
Company size (employees)10 to 49
Type of solutionCloud/SaaS

In 3 bullets, summarize why this product or service is different from the competition and deserves recognition:

Traditional threat modeling was a resource and time heavy activity – manual and non-collaborative. ThreatModeler is a collaborative platform where security experts or non-security professionals alike can build threat models within a few hours instead of weeks. The process is completely automated. No matter where you are in the world you can build a threat model or connect with your team on the status of the threat model, for example, from your iPad or computer. Initially, threat modeling was an activity that was only for applications and their data flow. ThreatModeler changed their approach. ThreatModeler gives you comprehensive insight into the attack surface of your application and the environment in which the application is hosted, enabling DevOps to think like a hacker. Through its integration with CI/CD and ALM toolchain, ThreatModeler empowers security architects, developers and operations to keep track of mitigation progress until the architecture threat modeled is production ready. ThreatModeler is the pioneer in introducing threat modeling for cloud as well as automate it with one click functionality to save a lot of time and bring people together to work on DevOps with security built in. ThreatModeler also enables DevOps to scale with its patented Threat Model Chaining feature – entire or part of threat models can be nested as their own components into other threat models. Any changes to the threat model are reflected in the models in which they are nested.

Expected or actual date of impact

• Threat Modeling time reduced by 90%.
• One of our customers went from building 250 threat models (with reliance on security architects) in a year to 1,000 (implemented as a self-service model).
• Less resource intensive and requires no meetings or white boarding.
• Increased threat coverage vs. manual threat modeling by 60%
• Platform agnostic (Traditional threat modeling applications like TMT are Windows-only)

Brief Overview

ThreatModeler is an automated threat modeling solution that fortifies enterprise SDLCs by defining, identifying and predicting threats, empowering security and DevOps teams to make proactive security decisions. ThreatModeler™ provides a holistic view of the entire attack surface to minimize overall risk. We are the industry’s No. 1 threat modeling platform est. in 2010, in partnership with 100+ Fortune 1000 companies spanning multiple verticals to secure highly sensitive, regulated, complex, specialized and global environments.

Key Features

• Onboard Architect – Our patented Onboard Architect guides you in the creation of consistent, complete threat models for your architectures. Even people with no security expertise can threat model.
• Cloud Accelerator – With just one click, build threat models for cloud environments. The patent pending Accelerator updates your threat model regularly, keeping it in sync with your cloud environment and automatically validating security configurations.
• Built in Compliance: ThreatModeler supports established regulatory standards such as ISO, EU GDPR and PCI. Gain an understanding of your compliance requirements at the beginning of your CDLC. Track compliance progress and drill down on specific standards.
• Intelligent Threat Engine (ITE): A central repository of the most up-to-date threat information pulled from industry standard resources such as MITRE CAPEC, WASC-TC, OWASP, NVD. ThreatModeler’s threat research team maintains the ITE. Instead of manual upkeep, we do it for you, reducing time to threat model applications.
• Reporting: Know what, why and how to secure your architecture and communicate it with our reporting. Uncover data asset threats and understand the actionable outputs needed for mitigation.