AWS re:Invent came and went, but not without its fair share of product launches, software updates, and service releases. This year the cloud technology conference attracted more than 65,000 attendees. ThreatModeler, which attends a regular schedule of conferences and events throughout the year, was impressed by the noteworthy job AWS did of transforming the Venetian and nearby locations into an AWS-branded campus.
ThreatModeler Delivered a Strong Presence at AWS re:Invent
ThreatModeler is excited by the turnout and the activity around the booth, which was centrally located in the Venetian Expo Hall. Visitors were excited about ThreatModeler’s key features including AWS Accelerator and Assist. As we close out 2019, we just might look at 2020 as the year threat modeling becomes a crucial part of the cybersecurity fold.
There was a lot of conversation at the ThreatModeler booth, with architects (cloud and security), engineers, developers, et al., sharing a similar story: “I know we should be threat modeling, but we don’t know how to get started.” Or, “We just started threat modeling, but don’t know where to go from here.”
ThreatModeler hosted a sponsored booth at the 8th annual re:Invent. Our team of threat modeling experts shared information, addressed questions and helped visitors to better understand how the platform can help to address their cybersecurity needs.
A lot of visitors were eager to better understand ThreatModeler’s integration with AWS, which enables users to streamline their cloud application development. In addition to our shared Accelerator and Assist features, ThreatModeler was thrilled to educate security aficionados about its latest integrations, AWS Config and AWS Security Hub.
New Integrations: AWS Security Hub and AWS Config
ThreatModeler integrates with AWS Security Hub to look for compliance standards based on the CIS AWS Foundations. AWS Security Hub provides detailed information to guide users through Center for Information Security (CIS) compliance requirements. With the integration, ThreatModeler is able to leverage the compliance standards provided by CIS AWS Foundations to secure AWS resources against threats.
Through its integration, the system maps CIS Security Requirements (SRs) to the corresponding ThreatModeler CIS SR, where they are color coded according to severity levels described on the Security Hub Finding.
According to the CIS website, “With our global community of cybersecurity experts, we’ve developed CIS Benchmarks: 140+ configuration guidelines for various technology groups to safeguard systems against today’s evolving cyber threats.” The integration places ThreatModeler in a position to help organization to achieve both internal and external regulatory compliance.
How ThreatModeler Works with AWS Config
AWS Config allows users to “assess, audit and evaluate” AWS resource configurations to determine how secure their AWS config is. AWS Config has rules, which are mapped to specific ThreatModeler SRs, which help to ensure security posture and its compliance. ThreatModeler has also identified and included non-CIS requirements and allows users to incorporate them into the process flow diagram.
Archie Agarwal, CEO of ThreatModeler is enthusiastic about the response the company drew at AWS re:Invent. “Participation in technology-related conferences is just one way that we differentiate ourselves from the competition. As more enterprises express interest in implementing threat modeling, we look forward to helping business leaders and security consumers to achieve “shift left” security in their DevSecOps processes.”
ThreatModeler’s Platform “Flattens” Your IT Environment for Visual Analysis
Threat modeling helps enterprises to view their attack surface and map out the different threats and attack vectors that hackers can use to compromise their IT systems. Threat modeling typically uses process flow diagrams to lay out the various components, user behaviors and communication flows. Threat modeling helps CISOs, security program managers, architects and other key personnel to identify threats, prioritize them and determine adequate mitigation strategies.
ThreatModeler enables security teams to build threat models out-of-the-box with libraries containing updated content from reliable sources including: OWASP, CAPEC, the NVD, AWS and Azure. ThreatModeler also offers APIs to automate the platform further. To learn how ThreatModeler can help your organization to achieve data with security and integrity, schedule a live demo. You can also contact us to speak with a threat modeling expert.