ThreatModeler Launches Comprehensive Threat-Modeling-as-a-Service Solution with Fully Managed Operations

Provides enterprises a fully-managed enterprise threat modeling solution while reducing costs by as much as 73 percent


JERSEY CITY, N.J., June 05, 2018 (GLOBE NEWSWIRE) -- ThreatModeler Software today announced Threat-Modeling-as-a-Service. TMaaS is a highly-available managed solution that will transform organization cyber security and risk management through automated, collaborative threat modeling. ThreatModeler Software is focused on delivering and enabling true digital transformation as a service across all aspects of the enterprise digital environment including:

  • Applications,
  • On-premises and cloud-based deployment environments,
  • Mobile and stationary computing endpoints,
  • IoT and embedded devices,
  • Industrial control and other cyber-physical systems, and
  • Legacy applications and environments.

With this offering, ThreatModeler Software will provide enterprises collaborative access to completed threat models. Secure access to completed threat models will be will be provided through ThreatModeler Software’s public AWS cloud instance or on organization’s private cloud instance. Through this offering organizations will be able to immediately automate and scale their threat modeling practice and access outputs on a self-serve basis.

“We’re very excited about Threat-Modeling-as-a-Service,” said Mark Meyer, CRO of ThreatModeler Software. “We’ve heard from many Fortune 1000 companies that they want the benefits of an automated, collaborative threat modeling platform. However, maturing from their current practice to full-scope, fully-integrated threat modeling often proves challenging. With this offering, ThreatModeler will do all of the heavy lifting from building and deploying treat models to providing best of breed expertise for our customers.  Customers will then be able to leverage all the benefits of our automated platform with none of the challenges of in-house implementation, ultimately allowing them to grow into our Enterprise Software Platform.”

According to NIST research, application threat modeling leading to the identification of specific threats and their mitigating security controls during the application design stage can save organizations as much as 30X over the cost of remediating application vulnerabilities later in the production cycle. As threat modeling adoption booms, ThreatModeler™ has quickly become the leading automated, collaborative platform for enterprise implementation. However, most organizations lack the internal resources to effectively implement and manage an enterprise threat modeling practice on their own.

By delivering a fully managed Threat-Modeling-as-a-Service, ThreatModeler Software is enabling organizations to concentrate on the implementation of threat modeling outputs to improve their end-to-end cyber security. With Threat-Modeling-as-a-Service, ThreatModeler Software will help organizations drive effective and consistent cyber security policy and risk management throughout their entire digital environment. By consuming Threat-Model-as-a-Service outputs, stakeholders throughout the organization benefit:

  • Architects – Automatically identify security issues and the relevant mitigating controls during from the application or project design whiteboarding stage;
  • Agile development and DevOps teams – Built-in bi-directional integration for many industry-standard products such as JIRA, Jenkins, and Qualys, means fast-paced development and DevOps teams can consume threat model outputs directly through their existing toolsets. Self-serve access to the threat model outputs means specific security requirements are available as needed each time an application cycles through the CI/CD pipeline. Bi-directional integration and automation ensures threat models stay current throughout the application SDLC;
  • Operators and administrators – Gain real-time situational visibility into the relevant threats and changing IT environment. Understand how the IT system’s threat profile changes as new applications are deployed. Reduce false-positive noise with built-in network scanner integration;
  • QA personnel and security teams – Understand the security and quality assurance issues while applications are still in the design stage. ThreatModeler™ outputs include specific test cases by which security teams can ensure the mitigating controls are properly implemented. QA teams can use threat model outputs to proactively design functionality tests and understand where business requirements will most likely fail;
  • CISOs and other senior executives – Get the organization’s cyber security “big picture.” Quantify the effectiveness of planned or implemented compensating controls and defense-in-depth configurations. Fully understand the organization’s attacker population and which threats are relevant from the extended cyber ecosystem. Gain objective data to feed into the ERM practice. Drive effective cyber security policy across the full digital environment.

ThreatModeler™ – the industry’s most advanced, automated threat modeling platform – was specifically identified by Gartner in their Hype Cycle for Application Security, 2017, for automating “security requirements definition, risk assessment, and threat modeling,” with SDLC integration, which “can dynamically highlight potential security ramifications of functional requirements.” ThreatModeler™ was awarded 1st place Winner of the Cybersecurity Excellence Award, 2017 and 2018, in the category of threat modeling product, and was award 1st place in the Cyber Defense Network InfoSec awards as the most innovative threat modeling product.

Threat-Modeling-as-a-Service will be available on ThreatModeler Software’s Public Cloud beginning in June of 2018. Support for private clouds is planned for release in 3Q2018. For more information about this solution, please contact ThreatModeler Software, Inc. at media@threatmodeler.com.

About ThreatModeler

Security Starts with ThreatModeler™ - the industry's #1 Automated Threat Modeling Platform. 

ThreatModeler™ is an innovative enterprise threat modeling platform that helps organizations fully integrate security into their SDLC and realize sustainable ROI on their security resources. The centralized threat framework automatically and seamlessly integrates security within existing agile and DevOps workflows. By identifying and mitigating potential security threats early in the SDLC – before implementing SAST and DAST, ThreatModeler™ simplifies efforts associated with developing secure applications. ThreatModeler™ then empowers enterprise IT organizations to map their unique security requirements and policies directly into their enterprise cyber ecosystem – providing real-time situational awareness about their current threat portfolio and risk conditions.

For more information, contact:

Brian Beyst
Senior Director of Marketing
ThreatModeler Software, Inc
101 Hudson St
Jersey City, NJ 07302
Phone: +1-507-251-0851
bbeyst@threatmodeler.com