Enterprise Threat Modeling

Enterprise Threat Modeling Quantifies Risk

An ad hoc, per-application threat modeling practice is a good start. After all, bringing secure coding considerations into the application design process makes creating secure, functional products on tight Agile timeframe much more efficient. Over the years, ad hoc threat modeling has demonstrated its value to organizations from an AppSec perspective. However, attempting to manage[…]

Quantifying Compensating Controls

Quantifying Compensating Controls with ThreatModeler

Compensating controls are cyber security mechanisms put in place to satisfy specific security compliance standards for regulatory purposes[i] or to meet a manufacturer’s guidelines.[ii] Such controls are not intended to be less stringent. Rather, the controls must – at a minimum – satisfy the rigor of the original security requirement.[iii] The purpose of compensating controls[…]

Basic AWS Threat Model

Creating a Basic AWS Threat Model – Threat Model of the Month

Increasingly organizational IT leaders need to generate greater value from their IT systems. However, in today’s rapidly evolving, highly interconnected cyber ecosystem, attempting to produce that increase through fixed-capacity, on-premises infrastructures and data centers are infeasible. Cloud computing – whether through AWS, Azure, or other providers – provides the flexibility, scalability, and affordability IT leaders[…]

Staying on top of the Threat Landscape

Make Threat Intelligence Actionable

Today’s enterprises receive a myriad of new threat intelligence from multiple feeds and sources. Most organizations highly value such threat intelligence as essential to a strong security posture and fulfilling their security mission. It can be challenging, however, to make threat intelligence actionable. With the plethora of new threats added daily to the cyber ecosystem,[…]