ThreatModeler
announced the release of ThreatModeler 6.0, a platform update bringing several
new capabilities to bolster and streamline the threat modeling process for
security and DevOps teams. ThreatModeler 6.0 represents a complete redesign of
the platform's interface, workflows, model building, and reporting based on
feedback collected from users over time. The primary goals of this update are
to reduce the number of clicks required and add more powerful features to
accomplish a variety of tasks on a single platform.
With ThreatModeler 6.0's
intuitive user interface, customers have more information, tools, and
collaboration options in one place to streamline the development of threat
models. The update brings a drag-and-drop diagramming screen to make building
and managing models attainable without relying on coding. This provides a
common language to enable developers and security teams to better communicate
and shift security left of the CDLC more effectively.
The update also brings
significant enhancements to collaboration and approvals workflows. Users will
now have the ability to tag collaborators and assign tasks that are tracked
from beginning to end, with in-platform notifications to keep all teams on pace
to completion. Similarly, users can establish multi-level approval chains that
advance threat models to the correct managers and revert to the model builders
when additional attention is needed. This brings the entirety of the building,
managing and approving of threat models into a single platform so users can
work seamlessly across teams to meet their goals.
Audit, development, and
compliance reporting is another key function that received a significant
overhaul in ThreatModeler 6.0. Users can now specify the time period, activity,
and components of each report to enable a clear view of threats across the
security environment. Auditing and compliance is a particular pain point for
security and development personnel, and ThreatModeler's new custom reporting
tool brings enhanced flexibility for teams to compile both simplistic and
complex information for review and remediation.
"ThreatModeler 6.0 sets
the bar higher than ever before for what threat modeling can do to streamline
secure-by-design for applications, cloud migration, and infrastructure as
code," said Archie Agarwal, Founder and CEO of ThreatModeler. "This
is a game-changer for collaboration between security and development teams, and
the speed, effectiveness, and security enabled by this update will lead to
immediate, unparalleled results for our customers."
ThreatModeler 6.0 builds on the
patented IaC-Assist solution that allows users to identify, review, and
mitigate security flaws while writing the code in real-time with the simple
click of a button and without leaving their coding environment. This approach
is the first of its kind and enables users to implement the technology as a
processor-executed method of generating a threat model from a code file. The
system can analyze the code file, identify properties associated with the
resources included in the code file, and generate a threat model based on the
resources determined as a security threat.
With the combination of the
technical capabilities of IaC-Assist and collaborative enhancements of version
6.0, ThreatModeler is further advancing secure-by-design principles to provide
actionable insights through continuous monitoring so DevOps teams can detect
and remediate security flaws before they become code vulnerabilities. By
enabling developers to understand the full scope of their code, ThreatModeler's
capabilities simultaneously minimize risk and ensure sufficient compliance and
governance protocols post-deployment.