realistic modeling

ThreatModeler vs. TMT – Realistic Modeling

In our previous articles comparing ThreatModeler™ and Microsoft’s Threat Modeling Tool (TMT), we considered the tools from an AppSec perspective and the CISO’s perspective. In this installment, we compare the capacity of each threat modeling tool to provide outputs based on realistic modeling of a modern enterprise IT environment as embodied by an online banking[…]

Analyze Endpoint Security

Analyze Endpoint Security with ThreatModeler

The need to analyze endpoint security is becoming an increasing important for organizations. Layered network security defenses are difficult to penetrate. However, once inside the perimeter, legitimate users and adversaries alike have much more freedom of movement. Thus the growing preference for adversarial actors is to conscript the aid of careless or disgruntled insiders –[…]

threat modeling outputs needed

Getting the Threat Modeling Outputs Needed

Many security professionals are die-hard Microsoft Threat Modeling Tool (TMT) fans. After all, it is free, and there are no limits from Microsoft on the number of users or threat models you are allowed to make. Moreover, perhaps most importantly – they have been using TMT since they were first introduced to threat modeling. TMT[…]

Threat Modeling is for Everyone

Threat Modeling is for Everyone, even Playground Kids

Threat modeling – in its simplest form – is about looking at a system or situation from an adversary’s perspective. From that unique perspective it is possible to identify specific potential threats that otherwise would not be considered by non-adversaries. A threat model, then, is an analytical approach to understanding the potential threats by which[…]