THREATMODELERTM

ThreatModeler is the world’s most powerful threat modeling software product. Web-based and platform-independent, it has been designed to fill a critical and growing need among today’s information security professionals: to build threat mod-els of their organizations’ data, software, hardware, or infra-structure.

SECURITY. STARTS.HERE.

Contents

INTRODUCTION

THREATMODELER

SERVICE LEVELS

KEY FEATURES

EXECUTIVE TEAM

ABOUT US

CONTACT

4

INTRODUCING THREATMODELER ThreatModeler is the world’s most powerful threat modeling software product.

Web-based and platform-independent, it has been designed to fill a critical and

growing need among today’s information security professionals: to build threat

models of their organizations’ data, software, hardware, or infrastructure. Threat-

Modeler automates the process of threat modeling, allowing organizations to

scale their threat modeling initiatives across hundreds – or even thousands – of

threat models.

ThreatModeler’s interface is easy to master, for security experts and non-experts

alike. Users need simply to provide functional infor- mation about their applica-

tions or systems. ThreatModeler’s innovative Intelligent Threat Engine (ITE) then

automatically analyzes this information and identifies a list of potential threats,

ranked by risk; a list of security requirements; and test cases. This information is

necessary to the solid foundation of any secure SDLC initiative.

As applications, systems, and infrastructure change – and as new threats

are identified – ThreatModeler automatically updates its threat models enter-

prise-wide. The product’s scalable design is intended to allow users to build,

update, and reuse threat models in a collaborative manner. This forward-looking

architecture affords organizations the leverage to scale their initiatives across

hundreds – or even thousands – of threat models.

ThreatModeler can display threat analytics in multiple ways. It provides a view of

threats in a high-level, top-down, enterprise-wide dashboard. ThreatModeler’s

output data can be analyzed all the way down to the individual threat and its

source. CISOs and their teams can use this level of detail to identify, classify,

prioritize, and mitigate the risks inherent in today’s ever-expanding threat land-

scape.

These and other features make ThreatModeler far and away the premier product

in the rapidly-maturing field of threat modeling. Representing significant techno-

logical advances beyond any other threat modeling product, ThreatModeler is

the only product of its kind available today.

5

SECURE YOUR PLAN.

6

SERVICELEVELS

STANDARD EDITIONJust getting started? The Standard Edition gives you the ability to quickly and easily kick start your security and architecture program.

DEVOPS EDITIONOur DevOps solution provides Threat Models along with robust integrations like JIRA, Qualys, Jenkins, and Fortify Software for your DevOps process including data migration of existing Threat Models from TMT and Visio.

ENTERPRISE EDITIONEnterprise Unlimited is a full, turn-key, all-you-can-eat solu-tion designed for the largest and most complex security and development programs.

7

SERVICELEVELS

KEY FEATURES

Centralized Threat Library

Threat Analytics

Intelligent Threat Engine

Abuse Cases

Role-Based Access Control

Real-Time Collaboration

Threat Tracer

Threat Tree / Threat Profiler

Web-Based, Platform Independent

Comprehensive Bi-Directional API

8

KEYFEATURESCENTRALIZED THREAT LIBRARY

ThreatModeler compiles and consolidates threat data from well- known industry sources – like CAPEC, WASC-TC, the OWASP Top 10, and others – into a comprehensive centralized threat library. These threats are categorized as to risk under the industry standard risk rating. ThreatModeler frequently updates this central-ized library, as new threats are identified and published.

AUTOMATED THREAT MODELING

The manual approach to threat modeling is la-bor-intensive and cumbersome; output is static, hard to update, and inconsistent. ThreatModel-er revolutionizes this approach, automatically building threat models from the functional infor-mation users provide about their applications and systems. ThreatModeler’s output is con-sistent, concrete, and actionable. And it confers significant cost savings, better structure, and higher-quality threat analysis, over the old man-ual approach.

INTELLIGENT THREAT ENGINE (ITE)

At the core of ThreatModeler is the unique Intel-ligent Threat Engine (ITE). This innovation rep-resents the culmination of years of information security and threat modeling experience and expertise, and is the processing power behind ThreatModeler. Once the threat model has been built, the ITE automatically predicts where po-tential threats exist to that application or system; ranks them by risk; and generates abuse cases.

THREAT ANALYTICS DASHBOARDS AND REPORTING

ThreatModeler provides reports and a Threat Analytics dashboard to display concise and up-to-date metrics at a glance.

EARLYIDENTIFICATION

REDUCECOSTSThe Threat Analytics dashboard presents a cumulative

view of threats across the enreports like Data Exposure, Threat Portfolio, and others, they can stay ahead of the information security risks to their organizations.

DEPLOYMENT MODELS

The Ownership Site License (OSL) is a perpetual-license software model: the customer owns the licensed software. The OSL is best suited for organizations, which have the time and resources to manage and administer the entire threat modeling process in-house.

The SaaS Private Cloud Offering (PCO) is an annual subscription- based model. ThreatModeler Software, Inc. builds, maintains, and updates threat models for the PCO customer. PCO is ideal where an organization may not wish to manage and hire resources to build the threat modeling process in-house.

9

EARLYIDENTIFICATION RISK MITIGATION

REDUCECOSTS

AUTOMATICALLYBUILD THREAT MODELS

ThreatModeler identifies 99% of SAST/DAST

vulnerabilities before code is written or applications

are deployed

Provides risk mitigation across the entire attack surface leveraging automation, collaboration, and integration points with existing technology.

ThreatModeler accelerates risk

identification further left in the SDLC – reducing

residual risk at 15% of the cost of traditional threat

modeling.

Intelligent Threat Engines allows non-security professionals to automatically build models leveraging a framework of over 650 threats.

RETURN ON INVESTMENT

10

OUR EXECUTIVE TEAM

Archie Agarwal, CISSP

CEO / CTO

With more than 20 years of real-world experience in threat and risk analysis, Anurag has been instrumental in successfully implementing secure software development processes at a number of Fortune 1000 companies to minimize their exposure to cyber threats and mitigate risks.

Prior to founding ThreatModeler Software, Inc., he was the Director of Education Services at WhiteHat Security.

Mark G. Meyer

Chief Revenue Officer

Mr. Meyer brings more than 30 years sales and revenue expertise to the ThreatModeler team. An innovative and creative leader, Meyer has a long and successful track record of implementing revenue strategies and driving sales optimization in private and pre-IPO companies. Meyer has contributed to the growth and success of leading cybersecurity providers, software producers, and consultancies serving the healthcare and financial sectors.

David Nester, CISSP Chief Security Officer

Mr. Nester is an accomplished Information Security leader with 20 years of experience and success in fulfilling mission- critical security objectives and goals, and directing global technology teams. Most recently, David was the Global Director for Hewlett Packard Fortify on Demand where he managed the global team of application security experts. David offers advanced capabilities in Application Security and Risk Management combined with a deep understanding of the intersection between technology, business, and operational needs.

11

12

ABOUTUS ThreatModeler was founded in 2010 to address a critical and growing demand among information security professionals: how to achieve a more proactive approach to building security into applications and sys-tems.

ThreatModeler’s flagship product, ThreatModelerTM, is the industry’s first automated, consistent, collaborative, and scalable threat modeling software. Nearly four years in intensive development, it has been built and refined in conjunction with the specific needs and requests of indus-try specialists.

ThreatModeler’s founder is Anurag Agarwal, who has more than two decades’ experience in the IT world. For fifteen of those years, he worked in the web application security field at a number of companies, among them Citigroup, Cisco, HSBC, GE Medical Systems, and many others. Well-known in the field, he is a published author of articles on secure design and coding.

Mr. Agarwal is a former Director of Education Services at WhiteHat Security, and is actively involved in the Web Application Security Consortium (WASC) and the Open Web Application Security Project (OWASP).

THREATMODELER SOFTWARE, INC.

101 Hudson Street

Jersey City, NJ 07302

www.threatmodeler.com

+1-201-632-3634

sales@threatmodeler.com

13

ABOUTUS

SECURITY STARTS HERE.

MYAPPSECURITY, INC.101 Hudson Street ● Jersey City, NJ 07302 www.threatmodeler.com +1-201-632-3634sales@threatmodeler.com