July 12, 2016

What is ThreatGet

Threat analysis is an integral part of system development and still relies on subjective expert judgment. ThreatGet allows to automate this analysis by formalizing threat information. Its analysis results are reusable and all mitigations and design decisions are traceable through the development process. ThreatGet helps saving cost and due to the updatable threat catalogue the analysis stays up-to-date automatically.

Security is one of the big challenges in Internet of Things (IoT) and Cyber Physical Systems. AIT’s threat modelling tool automatically identifies threats and supports ongoing risk management. The tool extends the well-established Enterprise Architect modeling platform and is designed to support use cases in domains like automotive, railways, energy and critical infrastructure. It contains domainspecific security-relevant elements for system modeling and comes with an AIT-maintained, up-to-date threat catalogue. Company specific model elements and threats can also be added. All model elements contain predefined security parameters to consider existing security concepts. The tool will automatically assess the system model to find potential security issues in the design and will also suggest mitigations. Identified threats are traceable from analysis to qualification. The tool generates standard-compliant risk and management reports.

KEY FEATURES

  •  Automated System Model Security Assessment
  •  Automated Suggestion of Mitigations
  •  Traceability from Threat-to-Design Decision
  •  Risk Management Reports
  •  Extendable Model Library featuring
    • initial domain specific elements and threats
    • user-definable model elements
    • user-definable security properties
    • user-definable threats
  • Threat Intelligence Subscription with
    • updates to the model library
    • maintained threat catalogue