Early in a technology’s evolution, the adoption can be rapid—maybe even exponential—and yet sill fly under the radar because the market is so small. And that’s where threat modeling is today.
Threat modeling is not yet a category with a sizeable TAM (total addressable market), but it is a rapidly growing subcategory of application security testing (AST). Why is it growing so rapidly? Because it helps solve a really big problem and because the cost of failure is sky high.
The Cost of a Breach is Going up
It should not be surprising that the cost of a data breach is going up. The Ponemon Institute conducts research in this area and publishes a yearly report called the Cost of a Data Breach. According to the 2021 report, “The average total cost of a data breach increased by nearly 10% year over year, the largest single year cost increase in the last seven years.” And “Lost business represented the largest share of breach costs, at an average total cost of $1.59 million.”
With numbers like these, all cybersecurity solutions are open to consideration, which includes threat modeling. So, it’s not just threat modeling products which are experiencing growth, most products in this space are.
In the past however, threat modeling may have been considered too esoteric and difficult to use to share in the growth. But two things have conspired to change that. First, much of threat modeling has been automated, making it much easier to use by developers. Second is the never-ending push to shift security left in the software development lifecycle (SDLC).
The Desire to Shift Left
Everyone agrees that it is much better (and cheaper) to discover an application flaw before you deploy the application. That’s true even if there is no data breach. It’s just easier to find and fix problems in development.
By the same logic, it is better to discover a problem early in development, rather than later. It saves both time and money. And that’s where the sudden interest in threat modeling comes from. Threat modeling is one of the few cybersecurity solutions available today that definitively shifts security to the left.
Expertise is in Short Supply
Another thing driving the demand for automated threat modeling tools is the expertise to create threat models is in short supply. The real breakthrough in threat modeling solutions has been the ability to capture and replicate that expertise.
From templates, to knowledge bases, to real-time threat research and regulatory compliance frameworks, threat modeling no longer requires the implementers of code be cybersecurity experts. Asking developers to also be threat experts hasn’t worked. Automated threat modeling has stepped in to bridge that gap.
Ready for the Cloud
One other thing driving threat modeling solution demand is that the most advanced threat modeling tools are cloud-ready. Not only do they integrate seamlessly into the CI/CD pipeline, they also integrate seamlessly with major cloud service providers (CSP) infrastructure. Here it can automate cloud architecture and security control validation, thereby reducing threat drift.
If you’re ready to join the race to integrate automated threat modeling into your workflows, we invite you to check out ThreatModeler. You can contact us here or schedule a demo here.