ThreatModeler announced its integration with Avocado Systems, a network discovery tool that identifies application communications between internal and external users. DevSecOps can leverage Avocado’s dynamic insights on how multi-tier communications work to automatically build a threat model for the application being interrogated.

Avocado is an agentless, plugin-based system with an orchestrator. Once pushed into your application’s environment (onto the server, container, or cloud where the application is deployed) Avocado’s ultra-lightweight plugins monitor communications between components, operating in runtime on the server.

Contrary to other tools that monitor the perimeter of an application for threats, Avocado sits right in the application environment to conduct real-time scanning. Simply click on the application, and you gain insights on all the connections that it has made so far with different clients, applications, and databases. DevSecOps can leverage Avocado or any network discovery tool to pull the findings into ThreatModeler, including APIs being pulled in the server IP, the application name, the database name and server, the different tables that are contained, if there is a payload and, if so, what payload information is pulled to automatically build a threat model.

All this information is seamlessly exported to ThreatModeler via API with information that is relevant to the application, including which services it relies on and the payload of the particular communication in question. Teams can seamlessly build a complete threat model in ThreatModeler using this information.

“Unveiling this partnership is very exciting both for us and for our active clients,” says Chris Formant, CEO of Avocado Systems. “With this new combination of automated discovery, mapping, and threat modeling technologies, we turn a hugely tedious process into something so automated that it can be done continuously. This is a major leap in the threat modeling technology space and represents a huge time saver for new and existing ThreatModeler customers alike.”

ThreatModeler’s Threat Intelligence Framework compiles more than 2300 requirements from leading threat libraries CAPEC MITRE, CSA Treacherous 12, OWASP (Mobile, IoT, AppSec), NVD, WASC and more – all built into the system; also, security best practices from AWS, Azure and GCP. For regulatory and compliance, ThreatModeler has NIST 800-53 rev4, CIS CSC v7, EMEA EU GDPR, CSA CCM v3.2 and PCI DSS v3.2 built into the platform. DevSecOps can also customize their own security requirements.

With more organizations than ever migrating to the cloud, DevSecOps faced the challenge of manually inputting integrated legacy system data to build a proper threat model. ThreatModeler’s integration with Avocado automatically ingests the inputs so teams can now build accurate, consistent and complete threat models based on merged cloud and AppSec environments that evolve with the infrastructure. Teams no longer need to sit with Architects for long interviews and spend time looking for architectural information to build threat models for legacy applications.

“ThreatModeler’s integration with Avocado provides automated, comprehensive threat modeling for legacy applications,” says Archie Agarwal, ThreatModeler CEO. “ThreatModeler will automatically create actionable outputs including threats and security requirements from the forensics generated by Avocado, for prioritization and remediation.”
Avocado builds upon ThreatModeler’s leading automation that enables DevSecOps to scale across the enterprise through its:

  • Patented Onboard Architect:  Take an AWS or Azure component and the onboard Architect guides you to complete an accurate threat model.
  • Patented Accelerator: Automatically interrogate VPCs and build a threat model with threats and security requirements. Instantly rebuild the model based on architecture changes.
  • Patented Threat Model Chaining: Nest an entire threat model within another threat model for a holistic macro view of the interconnected system as components interact with each other.
  • Patented Third-Party File Imports: Generate threat models that correlate with visual diagram components of third-party software applications, including VISIO and Microsoft TMT.
  • Security Controls (Patented): Simulate all your security controls to assess the security impact of technology decisions. Our engine recommends security controls and if you begin using them (or controls defined by your organization) they will start mitigating most of your threats.
  • Templates: Instead of stitching manual, ad hoc threat models together and starting from scratch every time a change is made, threat modeling becomes a repeatable practice. ThreatModeler’s centralized intelligence repository for threats and security requirements automatically updates content in near real-time whenever a new deployment or change occurs.

Out-of-the-box, ThreatModeler has 650+ components which teams can access with support for custom component creation. Simply drag and drop components onto the diagram canvas to build out your threat model. The instant you start building out your model, ThreatModeler starts listing all the potential threats for mitigation. The platform also enables teams to designate protocols and communication flows (such as defining additional properties), to add deeper context to the model.
Click here to schedule a live demo with a threat modeling expert: