Traditionally threat modeling has been a manual exercise usually utilizing whiteboards or diagramming tools. This is mostly a manual process and requires security expertise as well as domain expertise in terms of the application, system or device being architected along with in-depth knowledge of the inner-workings of those systems’ components and protocols. A consequence of this approach has resulted in threat modeling often being a highly academic exercise that offers little in the way of real-world value in an era of iterative lean and agile development cycles The pitfalls of this approach were a manual, time and resource intensive, complicated and expensive exercise while failing to provide actionable output.
ThreatModeler is the first solution to introduce an automated expert system for threat modeling. The Intelligent Threat Engine which utilizes functional information from the application/system’s architectural components to automatically identify all the threats applicable to these components. It harnesses the real-time information in ThreatModeler’s Centralized Threat Library to further associate threat intelligence to the threats discovered in the form of security requirements, test cases, threat agents, code review guidelines and code snippets to give the user all the necessary information needed to prioritize their mitigation efforts and effectively lower risk. The ITE also addresses changes to the architecture and automatically updates the list of threats based on these changes. For any new threats discovered and for updates to the centralized threat library, the ITE automatically updates all the threat models which ensures they remain current and consistent with the threat landscape. In addition, the ITE also creates an itemized list of security requirements and security test cases for each of the threat models.
Intelligent Threat Engine Benefits:
- Increases efficiency by automatically identifying threats
- Classifies threats according to risk to provide a prioritized mitigation strategy
- Provides consistent and concrete output with correlation of multiple information feeds
- Enables a user with little or no knowledge of security to quickly build threat models and automatically generate threats reports
- Automatically defines the security and testing requirements