Building a threat library from scratch requires identifying the most up-to-date threat sources and obtaining the information from each one. Once established in some type of a repository, the threat data specific to a component is then applied in the threat model being built. One negative aspect of this approach is that existing threat data rapidly becomes outdated as new threats emerge and current ones evolve. A high level of effort and time is required to maintain a threat library, involving continuous cycles of reviewing all of the threat data sources and adding any new data to the library as threats are published. There is also the challenge of consistency across multiple threat modeling practitioners, each maintaining their own threat library which leads to fragmentation of information. It is not resource efficient and is not scalable.
ThreatModeler provides a comprehensive threat library from industry vetted sources such as MITRE CAPEC, WASC-TC, OWASP, NVD as well as from MyAppSecurity’s research team. As soon as new threats are identified and published, the library routinely accesses these sources and self-updates itself with the latest information. This level of automation lowers the cost of maintenance as well as providing flexibility in serving relevant content in context of the threats applicable to a specific threat model. On top of all these advantages, ThreatModeler’s threat library is completely customizable to add further flexibility in being tailored to an organization’s needs.
What are the benefits of a Centralized Threat Library?
- Enterprise security and IT are kept continuously updated on new threats as they emerge
- Real-time new threats are published, they are automatically added to the threat library and applied to each threat model
- Provides rapid assessment of the relevance of existing and new threats against the all their applications
- Reduces cost and effort of maintaining a manual threat library
Ready to get started? Request a ThreatModeler Demo today!