The first automated and collaborative solution for creating security ThreatModels
Centralized Threat Framework
Building a threat framework from scratch requires identifying the most up-to-date threat sources and obtaining the information from each one. Once established in some type of a repository, the threat data specific to a component is then applied in the threat model being built. One negative aspect of this approach is that existing threat data rapidly becomes outdated as new threats emerge and current ones evolve. A high level of effort and time is required to maintain a threat framework, involving continuous cycles of reviewing all of the threat data sources and adding any new data to the framework as threats are published. There is also the challenge of consistency across multiple threat modeling practitioners, each maintaining their own threat library which leads to fragmentation of information. It is not resource efficient and is not scalable.
ThreatModeler provides a comprehensive threat framework from industry vetted sources such as MITRE CAPEC, WASC-TC, OWASP, NVD as well as from ThreatModeler’s research team. As soon as new threats are identified and published, the library routinely accesses these sources and self-updates itself with the latest information. This level of automation lowers the cost of maintenance as well as providing flexibility in serving relevant content in context of the threats applicable to a specific threat model. On top of all these advantages, ThreatModeler’s threat framework is completely customizable to add further flexibility in being tailored to an organization’s needs.
Still have questions about the Centralized Threat Framework?