Security threats can be hard to discover during the architecting and design phase, and current manual threat modelling processes are not good enough. Many threat model frameworks fail due to lack of know-how, models that don't get updated when the design changes, complex modelling steps and poor taxonomies.
The Tutamen Threat Model Automator provides an automated structured approach to this activity, with simple data entry using Microsoft Office formats. The resulting threat metadata is mapped directly to the underlying design and uses well-known threat libraries for sourcing the threats.
Threat modelling becomes a cost-effective activity with a drop in manual error, while providing a number of detailed reports which can be used by different project areas (architecture, development, test, etc.)
Know your threats, secure your system.
There is no new software to learn. Tutamen allows you to enter your data using common Office tools such as Visio and Excel.
Data is not re-entered or lost in transcoding.
Use the project's design diagrams instead of creating separate and unlinked data flow diagrams.
Integrate with existing workflows and tools, allowing collaboration between various stakeholders.
You can now implement a consistent, repeatable and measurable threat modeling process. Tutamen will identify the threats, allowing you to classify and prioritize your mitigation efforts.
Tutamen uses the OWASP Top 10, STRIDE, Common Weakness Enumeration (CWE), Common Attack Patterns (CAPEC) and others as security reference frameworks.
Choose a plan with custom mitigation libraries specific to your organization and you can enable integration of your core Non-functional requirements.
The Tutamen Threat Model Automator integrates seamlessly with architectural tools and your team's natural workflow, rapidly providing secure, reliable, and conformant designs.
The automation speeds up the initial analysis by a factor of 50 over traditional manual threat model processes.
Comprehensive Report Generation
Tutamen provides helpful reports by default. It also has the ability to generate multiple reports for different stakeholder groups in your company.
Take corrective action immediately - before development starts - to deliver more secure and reliable software systems.
Use the Community Plan for as long as you wish. Select the Standard and Pro plans for more threat library and reporting options. If you wish a highly customized solution, please contact us for our Enterprise plan options.