Top 10 threat modeling tools, plus features to look for

How to select a threat modeling tool

Before laying out a foundation for threat modeling, involve top managers from both the business side and technology side. Business managers should identify assets considered most important. IT staffers should talk about the technology needed to support those assets, highlighting the most critical risks, threats and vulnerabilities.

Key criteria underpinning the evaluation and selection process should include identifying the following:

• The business requirements, goals and operational objectives to protect from security threats.
• The desired results and outputs from the threat modeling tools, for example, reports, analyses, assessments, visual diagrams and recommendations.
• Situations where risks, threats and vulnerabilities are present and need protection from malicious attacks.
• How to address and define appropriate countermeasures to mitigate identified threats and vulnerabilities.
• How to test and validate the performance of the selected application.
• How to integrate the selected system into other threat initiatives within the organization.
• Licensing, pricing and maintenance options to make fair and accurate comparisons.
• Actions to take now that increase protection from future threats.

One tactic is to use a model, such as the software development lifecycle (SDLC), to help select a threat modeling tool. In many cases, the tool deployed protects a specific application or system. SDLC components -- planning, requirements, design, development, testing, deployment and maintenance -- can serve as an important framework. Ideally, the software should support each SDLC process.

Features to look for in threat modeling tools

Today's threat modeling tools offer a wide variety of features. Consider the following important features and benefits each tool should offer.

Ease of data input

Depending on the system analyzed, consider how data is entered into the tool. Attributes should include system design, architecture, input/output characteristics and security features, as well as compliance factors if the system is subject to one or more regulations. The ability to upload visuals, such as data flow diagrams (DFDs), is a plus. Data input could also be in the form of questionnaires.

Available threat intelligence in the system

Verify if sources of threat intelligence, such as Mitre Corp.'s ATT&CK and Common Attack Pattern Enumerations and Classifications repositories of threat actor data and techniques, can be embedded in the tool.

Comprehensive operational threat dashboard

Look for a dashboard that displays a highly detailed and interactive view of the system's activities and tracks all the threat information available.

Mitigation and countermeasures dashboard

Ensure the tool can display mitigation and countermeasure recommendations, for example, security modifications, code changes or other actions. This capability should interact dynamically with the threat dashboard.

System engine embedded with various rules

If adherence to various standards and regulations is required, determine if the system can map security actions with the appropriate compliance requirements.

Scalability

The ability to expand or contract capabilities is an important consideration. The tool should be able to deliver additional processing power for complex analyses.

Linkages and integration with existing production environments

Connections between threat modeling tools and associated production elements enable organizations to tap real-time modeling capabilities using active performance data. Linkages to operational support tools, such as Jenkins and Jira, ensure threat model outputs are based on real data.

Reporting

The presentation of actionable information -- whether on a dashboard or printed report -- is essential. Senior management and other interested recipients, such as business unit leaders, should be able to easily read the results and understand how threats are addressed.

Maintenance and support

Choose a tool that's easy to manage and maintain and that supports embedded system performance and status readouts that keep administrators informed. In the event of a malfunction, administrators should be able to receive information on the condition and launch remedies.

Top threat modeling tools to evaluate

Here are 10 tools organizations can consider when selecting a threat modeling tool.

CAIRIS

CAIRIS, short for Computer Aided Integration of Requirements and Information Security, is a comprehensive open source threat modeling tool that launched in 2012.

• System: Web-based tool that operates in a variety of environments, including Ubuntu, Mac, Windows and Linux. It also works as a Docker container.
• Features: Creates attacker personas that detail potential threat actors. Its 12 system views represent both risk and architectural perspectives. It identifies attack patterns and provides insights on attack mitigations.
• Performance: Highly efficient, albeit there are reports of slow system information input.
• Support: Online documentation, demos and tutorials.
• Pricing: Free.

Cisco Vulnerability Management

Formerly Kenna.VM, Cisco Vulnerability Management reports on an application's risk status using a variety of metrics.

• System: SaaS tool that is available in two plans: Advantage and Premier.
• Features: Examines data to generate real-time threat intelligence and recommended actions from a risk perspective.
• Performance: Uses a proprietary algorithm in its calculations, gathers data from more than 19 threat intelligence feeds, has rigorous data entry requirements and provides a variety of reports.
• Support: Basic and expanded support available.
• Pricing: Subscription based on usage.

IriusRisk

IriusRisk performs risk analyses and creates threat models of a software application during the design phase.

• System: SaaS and on-premises deployments available.
• Features: Uses a questionnaire to collect data and generates a threat list using a rules engine that links with tools such as Jira and Azure DevOps Services. Files from Microsoft Threat Modeling Tool can be imported into IriusRisk.
• Performance: Easy to use.
• Support: Via email and a trouble ticket system.
• Pricing: Free Community and license-based Enterprise subscriptions available.

Microsoft Threat Modeling Tool

Microsoft Threat Modeling Tool is open source software built on the STRIDE (spoofing, tampering, repudiation, information disclosure, denial of service, elevation of privilege) methodology.

• System: Windows-based desktop or laptop application.
• Features: Creates threat models using DFDs; supports systems running under Windows and Microsoft Azure cloud services; generates a variety of reports.
• Performance: Provides a cost-effective starting point for launching a threat modeling initiative.
• Support: Via Microsoft, various user forums and documentation available.
• Pricing: Free.

OWASP Threat Dragon

The open source, cross-platform Threat Dragon threat modeling tool was developed in 2016 by OWASP.

• System: Web-based.
• Features: Creates DFDs that feed into a rules engine that delivers threat lists, recommendations and other reports. It supports STRIDE and LINDDUN (linking, identifying, nonrepudiation, detecting, data disclosure, unawareness, noncompliance) models.
• Performance: Easy to use with a variety of features.
• Support: Documentation, plus an active user community for troubleshooting
• Pricing: Free.

SD Elements

SD Elements from SecurityCompass offers a smooth translation of policy into procedure through a variety of threat modeling features and resources that automates the identification of threats and countermeasures.

• System: SaaS or on-premises deployments available.
• Features: Uses surveys to gather data and identify vulnerabilities and mitigations. Extensive reporting and testing capabilities.
• Performance: Efficient, once the learning curve is completed.
• Support: Via SecurityCompass, support that spans all phases of a project, from installation to training and management.
• Pricing: Based on usage. Three versions are available: Express, Professional and Enterprise.

Splunk Enterprise Security and Splunk Security Essentials

Splunk Enterprise Security uses a broad range of tools and resources, including AI and machine learning, to provide a risk-based assessment of an organization's technology architecture. It gathers performance data from across an organization, analyzes it from multiple perspectives, and identifies and visualizes potential threats and vulnerabilities. Splunk Security Essentials is the vendor's free tool that offers limited dashboards, reports and features.

• System: Splunk Enterprise Security available in SaaS or on-premises options. Splunk Security Essentials is available as an app download in Splunkbase.
• Features: Splunk Security Essentials offers continuous monitoring, risk-based alerting, malware detection and root cause analysis. Splunk Security Essentials is mapped to the Kill Chain and Mitre ATT&CK frameworks.
• Performance: Easy-to-use interface and dashboards.
• Support: Learning and support services available, including Splunk University, videos and on-site training.
• Pricing: Splunk Enterprise Security requires a license and has workload-, entity- and ingest-based pricing. Splunk Security Essentials is free.

Threagile

Threagile is an open source, code-based threat modeling toolkit that functions in Agile environments.

• System: Integrated development environment-based tool that models a threat environment by assessing assets in an Agile fashion, using a YAML file for input.
• Features: Produces threat models as DFDs and detailed reports.
• Performance: Efficient, enables easy threat modeling.
• Support: Documentation, plus an active user community for troubleshooting.
• Pricing: Free.

ThreatModeler

ThreatModeler is an automated threat modeling tool for DevOps. It has three editions: Community, Appsec and Cloud.

• System: Web-based, designed primarily for large organizations with complex technology infrastructures.
• Features: Based on the VAST (visual, agile and simple threat) model. Offers an intelligent threat engine, report engine and integrated workflow approval. Supports many other systems and natively links with Jira and Jenkins.
• Performance: Easy navigation through various functions.
• Support: Various support options available via ThreatModeler.
• Pricing: Community edition is free. Appsec and Cloud editions are license-based.

Tutamen Threat Model Automator

Tutamen Threat Model Automator from Tutamantic supports security development at the architectural and design stages. The company is currently developing the tool.

• System: Cloud-based.
• Features: Accepts inputs from established applications, including Visio and Excel, and delivers a variety of reports. Flexible.
• Performance: In beta release.
• Support: Via Tutamantic technical support.
• Pricing: No charge for those in beta program.