Advantages of Modular Threat Modeling

Architectural patterns are those blocks of functions or components that tend to repeat over and again in systems and software. ThreatModeler leverages these to great advantage in reusing these patterns in threat modeling. Be it either components or templates of groups of components, these make for ideal modular blocks with which to build up the architectural diagram swiftly, upon which the underlying threat model is formulated.

The advantages of this method are obvious. Rather than focusing on tiny individual pieces of systems and hooking them together for analysis – as is done in the manual style of threat modeling – significant time savings may be gained in utilizing lego style blocks of repeatable architectural patterns to build models fast. This of course also lends itself to automation of the underlying threat model.

Another significant advantage in building these modular blocks for threat modeling is baselines of security and compliance may be set down by experts for others to use in their models.

ThreatModeler takes this all to the next level however, with patented threat model chaining technology. Put simply, this creates a modular reusable component from an entire threat model which can then be imported into other threat models.


No component, function, feature or process lives in isolation, rather they are all linked with one another – or embedded within each other – and the same maxim applies to threat models over large architectures. Modular threat model chaining affords the macro view and the understanding of the interaction between all moving parts and how they impact one another.

The advantages of this view are manifold:

  • Threat model chaining is ideal when personnel have differing areas of architectural and security expertise. Each person or team builds and maintains their own models and then models are linked together for the holistic view.
  • Facilitates security analysis both downstream and upstream which reduces false positives and duplication of effort as mitigations implemented in attached models may be viewed and incorporated.
    • Ability to view downstream impact – If a child threat model has a vulnerability identified, the modeler may swiftly identify which parent threat models are linking to the child threat model and take remediation action if necessary. This affords swift comprehension of which applications or systems are impacted upstream without undertaking extensive penetration testing.
    • Conversely a linked threat model may expose a threat to be mitigated by it’s parent threat model. For example, a wifi router may have the user mitigate the threat of weak passwords by selecting a strong password. Similarly, a web service could pass on a threat to be mitigated by the application that’s calling it.
    • Capability to apply compensating controls to all the child threat models in one hit – if you have a control in the parent threat model, it can mitigate the threats in child threat models.
    • Reusing pre existing threat models by providing functionality availing the modeler of importing all threats of the child model into the parent model if appropriate to do so.
    • View all details of linked models in a one-click hop.
  • Threat model chaining works perfectly in the microservices world. When an architecture has 100s of microservices it may be prudent to break this up into manageable chunks and link them rather than attempt to do so in one threat model, which may become unwieldy and unmanageable.
  • The same principle as above applies to very large monolithic architectures in which every team builds and maintains their own threat models for a smaller section of a large complex application.

ThreatModeler understands threat models rarely sit in isolation. Rather, they are often linked to each other in some way and so ThreatModeler comes complete with modular threat model chaining (Patented). As seen above, hierarchical modular threat modeling brings with it powerful advantages fit for the modern operational fast-paced IT environments of today.

ThreatModeler also understands reusability is the key to scaling threat modeling and that includes reusing entire threat models through chaining.

Watch the video below to see threat model chaining in action:

Contact us today for an in depth demo with one of our engineers.