JERSEY CITY, N.J., April 10, 2018 (GLOBE NEWSWIRE) -- The cyber supply chain is increasingly being used by attackers to gain access to critical infrastructures, healthcare providers, and lucrative confidential data at Fortune 1000 companies. The National Cyber Security Center in the UK and the National Institute of Standards and Technology in the US both cite the cyber supply chain as a significant source of cyber risk for organizations.
“An organization may have excellent security internally,” says David Nester, Chief Security Officer of ThreatModeler Software, “but they have relatively little control over the security of their supply chain vendors.”
According to Nester, a stealthy attacker who infiltrates a supplier’s IT system can mask their approach to their target’s IT system as legitimate communication. “It is very difficult for event scanners and defensive tools to detect an attacker’s signal when coming from a trusted vendor’s connection,” continued Nester. “From the perspective of the scanner, the attacker looks like legitimate traffic.”
“Understanding the upstream threats and downstream impacts are crucial to forming an end-to-end security policy,” says Archie Agarwal, Founder and Chief Technical Architect of ThreatModeler™. “That is why it is important to build your threat models with process flow diagrams (PFD) rather than data flow diagrams (DFD). DFDs only show how an application causes information to move through an IT system. PFDs show how a user – or an attacker – can and will move through a system from entry point to the targeted assets.”
ThreatModeler’s PFDs allow visualization, for example, of how an attacker could infiltrate a cloud computing instance with ransomware starting from a phishing attack at a satellite ground communications center. “Automated malware can spread from one connected system to another in a very short time,” continued Agarwal. “That’s how NotPeyta and WannaCry quickly became global threats. But if you don’t know what could be coming into your system through your trusted supply chain vendors, how can you allocate the proper mitigating resources?”
“ThreatModeler was specifically designed to provide real-time situational visibility into the cybersecurity ‘big-picture,’” says Mark Meyer, CRO of ThreatModeler. “The ability to understand and reduce risks from the cyber supply chain is something Fortune 1000 companies are increasingly seeking. ThreatModeler provides a scalable, enterprise-wide solution.”
About ThreatModeler
Security Starts with ThreatModeler™ - the industry's #1 Automated Threat Modeling Platform.
ThreatModeler™ is an innovative enterprise threat modeling platform that helps organizations fully integrate security into their SDLC and realize sustainable ROI on their security resources. The centralized threat framework automatically and seamlessly integrates security within existing agile and DevOps workflows. By identifying and mitigating potential security threats early in the SDLC – prior to implementing SAST and DAST, ThreatModeler™ simplifies efforts associated with developing secure applications. ThreatModeler™ then empowers enterprise IT organizations to map their unique secure requirements and policies directly into their enterprise cyber ecosystem – providing real-time situational awareness about their current threat portfolio and risk conditions.
ThreatModeler was specifically identify by Gartner in their Hype Cycle for Application Security, 2017, for automating “security requirements definition, risk assessment, and threat modeling,” with SDLC integration, which “can dynamically highlight potential security ramifications of functional requirements.”
ThreatModeler was awarded 1st place Winner of the Cybersecurity Excellence Award, 2017 and 2018, in the category of threat modeling product.
Contact:
Brian Beyst
Senior Director of Marketing
ThreatModeler Software, Inc
101 Hudson St
Jersey City, NJ 07302
Phone: +1-507-251-0851
bbeyst@threatmodeler.com