We just raised a $30M Series A: Read our story

Which enterprise threat modeling tool do you recommend?


Hi security professionals,

What tool would you recommend for threat modeling implementation in an enterprise? Please elaborate on why this would be your choice.


ITCS user
11 Answer

author avatar
Top 5LeaderboardConsultant

To best understand Threat Modelling, an enterprise should be familiar with Cyber Threat Intelligence. 

While ideally, threat modelling can be driven right from the LEFT (DevSecOps), using a framework to identify threats for your application development (Dev) stage, the enterprise might not have such luxury to go into that level of maturity.

Having said that, it is better to have Threat Modelling capabilities at least on the Operations (Ops) stage, correlating Cyber Threat Intelligence (external information) of the adversary, with the internal cyber security events from SOC / SIEM.

One of the tools capable of mapping the Threat Model is Anomaly Threat Stream. A threat intelligence platform that could model any threat tailored to your specific organization.

With Anomaly Threat Stream, the analyst can build a Threat Model based on a specific adversary relevant to your organization's industry. For example, a bank would have a specific adversary of a state-sponsored attacker such as Lazarus or Cobalt Strike. By mapping all the IOCs, Tools-Technique-Procedures (TTP) along with MITRE ATT&CK Framework, an organization can have a specifically tailored cybersecurity defence that is much stronger and more impactful for its operations.

The Threat Model can then be shared amongst Trusted Circle of the organizations, making the best approach on collaborations and sharing. 

Find out what your peers are saying about CrowdStrike, ReversingLabs, Group-IB and others in Threat Intelligence Platforms. Updated: November 2021.
552,407 professionals have used our research since 2012.