Cybersecurity Tool Bloat—Yeah it’s a Thing

Cybersecurity Tool Bloat—Yeah it’s a Thing

Listen to any cybersecurity tool vendor and they’ll try to convince you of two things. You need their type of product for protection and theirs is the best of breed. And most of them can be very persuasive. The result? Lots of unused (and often unneeded) security...
Threat Modeling is not the Same as Threat Mapping

Threat Modeling is not the Same as Threat Mapping

There’s a belief in the security community that if you’re doing threat mapping, you don’t need to do threat modeling. The idea is that threat mapping is just as good as, or at least takes the place of, threat modeling. It’s true they are both a formalized way to...
Don’t Let Failing Banks Distract You from Cyber Threats

Don’t Let Failing Banks Distract You from Cyber Threats

Human beings and organizations suffer from a cognitive condition known as recency bias. Recency bias “is a cognitive bias that favors recent events over historic ones. It is the tendency to place too much emphasis on experiences that are freshest in your memory—even...
Does the New National Cybersecurity Strategy Make Threat Modeling Essential?

Does the New National Cybersecurity Strategy Make Threat Modeling Essential?

Are you aware of the National Cybersecurity Strategy announced by the Biden-Harris administration on March 2, 2023? Well, if you develop software, you better be. The goal of the strategy is for the U.S. Government to take the lead in creating a safe and secure digital...
Seven Common Misconceptions About Threat Modeling

Seven Common Misconceptions About Threat Modeling

There is general consensus in the DevSecOps community that threat modeling is a good thing. The sooner in the application development cycle you find a threat the less it costs to fix, and there’s hardly any better way to “shift left” than with threat modeling. So, why...

ThreatModeler

ThreatModeler revolutionizes threat modeling during the design phase by automatically analyzing potential attack surfaces. Harness our patented functionalities to make critical architectural decisions and fortify your security posture.

Learn more >

CloudModeler

Threat modeling remains essential even after deploying workloads, given the constantly evolving landscape of cloud development and digital transformation. CloudModeler not only connects to your live cloud environment but also accurately represents the current state, enabling precise modeling of your future state

Learn more >

IaC-Assist

DevOps Engineers can reclaim a full (security-driven) sprint with IAC-Assist, which streamlines the implementation of vital security policies by automatically generating threat models through its intuitive designer.

Learn more >