ThreatModeler Announces Automated Threat Modeling for Legacy Applications
JERSEY CITY, N.J., Sept. 08, 2020 (GLOBE NEWSWIRE) -- Today, ThreatModeler announced its integration with Avocado Systems, a network discovery tool that identifies application communications between internal and external users. DevSecOps can leverage Avocado’s dynamic insights on how multi-tier communications work to automatically build a threat model for the application being interrogated.
Avocado is an agentless, plugin-based system with an orchestrator. Once pushed into your application’s environment (onto the server, container, or cloud where the application is deployed) Avocado’s ultra-lightweight plugins monitor communications between components, operating in runtime on the server.
Contrary to other tools that monitor the perimeter of an application for threats, Avocado sits right in the application environment to conduct real-time scanning. Simply click on the application, and you gain insights on all the connections that it has made so far with different clients, applications, and databases. DevSecOps can leverage Avocado or any network discovery tool to pull the findings into ThreatModeler, including APIs being pulled in the server IP, the application name, the database name and server, the different tables that are contained, if there is a payload and, if so, what payload information is pulled to automatically build a threat model.
All this information is seamlessly exported to ThreatModeler via API with information that is relevant to the application, including which services it relies on and the payload of the particular communication in question. Teams can seamlessly build a complete threat model in ThreatModeler using this information.
“Unveiling this partnership is very exciting both for us and for our active clients,” says Chris Formant, CEO of Avocado Systems. “With this new combination of automated discovery, mapping, and threat modeling technologies, we turn a hugely tedious process into something so automated that it can be done continuously. This is a major leap in the threat modeling technology space and represents a huge time saver for new and existing ThreatModeler customers alike.”
ThreatModeler’s Threat Intelligence Framework compiles more than 2300 requirements from leading threat libraries CAPEC MITRE, CSA Treacherous 12, OWASP (Mobile, IoT, AppSec), NVD, WASC and more – all built into the system; also, security best practices from AWS, Azure and GCP.For regulatory and compliance, ThreatModeler has NIST 800-53 rev4, CIS CSC v7, EMEA EU GDPR, CSA CCM v3.2 and PCI DSS v3.2 built into the platform. DevSecOps can also customize their own security requirements.
With more organizations than ever migrating to the cloud, DevSecOps faced the challenge of manually inputting integrated legacy system data to build a proper threat model. ThreatModeler’s integration with Avocado automatically ingests the inputs so teams can now build accurate, consistent and complete threat models based on merged cloud and AppSec environments that evolve with the infrastructure. Teams no longer need to sit with Architects for long interviews and spend time looking for architectural information to build threat models for legacy applications.
“ThreatModeler's integration with Avocado provides automated, comprehensive threat modeling for legacy applications,” says Archie Agarwal, ThreatModeler CEO. “ThreatModeler will automatically create actionable outputs including threats and security requirements from the forensics generated by Avocado, for prioritization and remediation.”
Out-of-the-box, ThreatModeler has 650+ components which teams can access with support for custom component creation. Simply drag and drop components onto the diagram canvas to build out your threat model. The instant you start building out your model, ThreatModeler starts listing all the potential threats for mitigation. The platform also enables teams to designate protocols and communication flows (such as defining additional properties), to add deeper context to the model.
About ThreatModeler Software, Inc.
On Premise Strategies: CBRS and Private LTE