Centralized Threat Framework

The first automated and collaborative solution for creating security ThreatModels

Centralized Threat Framework

Building a threat framework from scratch requires identifying the most up-to-date threat sources and obtaining the information from each one. Once established in some type of a repository, the threat data specific to a component is then applied in the threat model being built. One negative aspect of this approach is that existing threat data rapidly becomes outdated as new threats emerge and current ones evolve. A high level of effort and time is required to maintain a threat framework, involving continuous cycles of reviewing all of the threat data sources and adding any new data to the framework as threats are published. There is also the challenge of consistency across multiple threat modeling practitioners, each maintaining their own threat library which leads to fragmentation of information. It is not resource efficient and is not scalable.

ThreatModeler provides a comprehensive threat framework from industry vetted sources such as MITRE CAPEC, WASC-TC, OWASP, NVD as well as from ThreatModeler’s research team. As soon as new threats are identified and published, the library routinely accesses these sources and self-updates itself with the latest information. This level of automation lowers the cost of maintenance as well as providing flexibility in serving relevant content in context of the threats applicable to a specific threat model. On top of all these advantages, ThreatModeler’s threat framework is completely customizable to add further flexibility in being tailored to an organization’s needs.

Still have questions about the Centralized Threat Framework?

What are the benefits of a Centralized Threat Framework?

Stay Up to Date

Enterprise security and IT are kept continuously updated on new threats as they emerge

Real-time new threats are published

Real-time new threats are published, they are automatically added to the threat library and applied to each threat model

Provides rapid assessment

Provides rapid assessment of the relevance of existing and new threats against the all their applications

Reduced Manual Labor

Reduces cost and effort of maintaining a manual threat library