I worked with ThreatModeler Platform for more than 1.2 years during the security design reviews and the risk assessment activities for the applications and the cloud projects.

My main use case for using ThreatModeler Platform in one of those scenarios was identifying the security risk earlier during the application design or the infrastructure change projects before they reach production. I mainly used it for threat modeling for new applications and reviewing the architecture security risk, mapping threats into controls, and supporting secure SDLC processes and DevOps security reviews, as well as cloud architecture risk assessment and compliance documentation. I was involved in a web application handling scenario where the user logs in and APIs and database integrations were involved. Before deployment, we used ThreatModeler Platform to review the architecture, which highlighted risks such as weak authentication flows, insecure APIs, exposures, and insufficient segmentations between the application and the database layer. Because those issues were identified earlier, the development team made necessary changes before production releases. That saved future rework and reduced risk. On a day-to-day basis, it is mainly used for reviewing new architecture diagrams, generating threat models, identifying STRIDE style risks, assigning mitigation actions, and maintaining documentation for audits.

ThreatModeler Platform's ability to measure and mitigate risks across different attack surfaces has helped my organization, especially in identifying risks in web apps and cloud apps. For example, suppose a company is launching a customer login portal with a login page, password reset option, payment page, and backend database. ThreatModeler Platform helps identify risks such as no MFA on the login page, a weak password reset flow, possible SQL injections in search fields, sensitive data not being encrypted, and an admin panel exposed to the internet. I mainly used this tool for red teaming exercises, including web application testing and VAPT testing. During this process, we utilized ThreatModeler Platform to identify risks, and we were also involved in testing almost all of India's government applications, where we tested them with a variety of tools available in the market. We have also started using artificial intelligence tools to test web applications and cloud host applications. In real-time, I use it in preventing ransomware entry, unauthorized access, and data leakage by fixing permissions and access controls early on.

ThreatModeler Platform has helped my security team keep pace with DevOps sprints by acting as a bridge between the security team, developers, and cloud development team. Instead of security checking everything at the end, all teams can identify risks earlier and fix them during the project itself. For instance, if developers are building a login portal, ThreatModeler Platform highlights missed elements such as MFA, which makes the password reset flow insecure and could expose sensitive data stored without encryption. The benefits to the developer include fixing issues during the coding stage and reducing rework later, leading to improved secure coding awareness. Instead of security reaching the app before releases, developers and the DevOps team can address issues earlier.

The best features that ThreatModeler Platform offers include a best security design approach that helps catch issues before deployment. It is also useful for teams that do not want a spreadsheet-based manual review as it has structured threat modeling. It is helpful for audits and governance as well, with the best mapping compliances. Furthermore, it creates good collaboration between the security team and the DevOps team, fostering a shared understanding of risks in documentation.

The most valuable feature I find myself relying on the most is its early risk identification features. This is the most valuable feature based on my experience because fixing design issues before production is always cheaper than fixing them after incidents. Earlier risk identification remains the most valuable feature based on my experience.

ThreatModeler Platform has positively impacted my organization by promoting better secure design practices, improving AppSec maturity, enhancing documentation for audits and compliance, and strengthening collaboration between deployment teams.

ThreatModeler Platform can be improved by enhancing the user interface, improving integration depth, and addressing the adoption needs of smaller teams. There is also a need for training on threat modeling concepts, as the learning curve needs to be improved.

ThreatModeler Platform should integrate AI connectors to enhance usability. It would be even better if they connect with AI.

I have not noticed any negative changes regarding ThreatModeler Platform, but I think integration with AI technology would be very helpful.

I have been working in my current field for more than three years.

ThreatModeler Platform is stable.

I have not observed any changes in application coverage percentages since implementing ThreatModeler Platform as it was stable overall.

ThreatModeler Platform has good scalability capability for multiple deployment teams.

Customer support for ThreatModeler Platform is good overall.

Before using ThreatModeler Platform, we were using spreadsheets and had ad hoc architecture discussions.

I have seen a return on investment with ThreatModeler Platform. It has led to faster security approvals, earlier risk detection, lower remediation costs, and better governance and compliance benefits.

Before choosing ThreatModeler Platform, we evaluated other options, such as the Microsoft Threat Modeling Tool, which is based on a manual spreadsheet and securing design consulting reviews.

Customizing threat framework components in ThreatModeler Platform to match my company needs using the intuitive UI is overall easy.

ThreatModeler Platform has reduced the hours needed to complete threat modeling projects or secure an app in my organization by 30 to 40%.

My advice to others looking to use ThreatModeler Platform is to use threat modeling earlier in the projects, not just before going live. The earlier it is used, the more value they will get from it. If it is used before the project starts or during the projects, there is much more that can be learned, and projects can be delivered on time and properly.

My final thoughts on ThreatModeler Platform are that it is indeed a very strong platform for organizations that are serious about embedding security into the design stages. It helps move security left, instead of only reacting later. We were also building a phishing awareness training platform, and during this stage, we found ThreatModeler Platform incredibly useful. I give this platform an overall rating of eight out of ten.

ThreatModeler Platform is designed to automate the identification and mitigation of security risks across multiple applications and cloud infrastructure. Our main use case for this platform is to automatically identify threats in our applications and cloud infrastructure.

We use Microsoft Azure as our cloud infrastructure provider. We have integrated ThreatModeler AI models into our cloud infrastructure, and these AI models help us detect threats automatically and send us notifications whenever there is any threat or risk that could affect us.

ThreatModeler Platform helps us automate threat modeling, making it very easy to automate any type of threat that could come to us with its AI models. The platform provides a visual representation of threats, which is very helpful for our organization to see and react to particular threats. It is also a very seamless platform to integrate anywhere in our organization or setup.

The features of ThreatModeler Platform include automated threat modeling, visual representation of threats, seamless CI/CD integration, and customizable threat libraries. The customizable threat libraries are very useful for our organization. This feature is similar to adding a filter to your setup or infrastructure, allowing you to customize the threats based on your understanding of any particular threat. You can then apply those threats to your application, and ThreatModeler automatically automates those threats and shows you the visual representation, helping you save your data and applications from any type of threats.

The seamless CI/CD integration feature is particularly valuable since we use Microsoft Azure as our cloud infrastructure. ThreatModeler automates the threats, shows the visual representation, and integrates very seamlessly into our cloud infrastructure because of the CI/CD pipeline it provides.

ThreatModeler Platform has impacted our organization positively. It saves us more time and money while also protecting the data of our employees, organization, and projects. Roughly around 80 to 85 percent of our organization's important time has been saved because of ThreatModeler's automated threat modeling, visual representation, and customizable threat libraries. Because of these features, we are now more consistent with our work, and it is saving our organization money as well.

Some users have noticed a learning curve to fully utilize the platform's advanced features, and there is a desire for more intuitive customization options for specific reporting needs. These areas can be improved based on feedback from our organization.

I have been using ThreatModeler Platform for four months.

ThreatModeler Platform is very stable for different types of threats and is also reliable when automating threat modeling and providing visual representations.

ThreatModeler Platform is very scalable to our organization. We use Microsoft Azure as our cloud provider, and we have noticed that ThreatModeler scales well with our organizational needs. It provides a good amount of AI models and is very useful.

ThreatModeler Platform safeguards our data, time, and money by automating threats and providing visual evidence, making it a significant time saver for our organization.

We have not encountered any significant issues with customer support. When we engaged with their support team for normal discussions, they have been very helpful.

Before using ThreatModeler Platform, we were not using any platform, and manual threat encounters took us days. After using ThreatModeler Platform, we can now address threats in about three or four hours due to its automation and visual representation.

We were manually saving our data before adopting ThreatModeler Platform, and we directly switched to it.

Using ThreatModeler Platform is saving employee time and organizational data, which leads to a significant return on investment. About 80 to 85 percent of our employees' time and 90 to 95 percent of our data is now secured.

Our experience with the pricing, setup cost, and licensing was very seamless and smooth.

We did not evaluate any other options before choosing ThreatModeler Platform. We were recommended to use it by a colleague, and we decided to switch without looking at other solutions.

ThreatModeler Platform has helped our security team keep pace with the DevOps sprints. In our cloud infrastructure, our cloud team has a separate security team. When there is any threat, ThreatModeler Platform automatically alerts us and shows the visual representation, reducing our security team's workload significantly.

We are using the latest version of ThreatModeler Platform, which helps us very much. The AI models and LLM it provides are very helpful and integrate smoothly into our organization's work.

The flexibility of ThreatModeler Platform to automate unique processes has positively influenced our training and education costs. We have noticed changes such as a reduction in work time and important data preservation.

If you are looking for a platform that effectively and automatically identifies threats early while saving you time and providing good visual tools, I recommend switching to ThreatModeler Platform. I have additional thoughts regarding improvements that ThreatModeler Platform can make based on user feedback about a learning curve for advanced features and a desire for more intuitive customization options. I would rate this product an 8 out of 10.

We have applications in multiple clouds, and we use it to review our apps to ensure that they are going to be designed in a secure manner.

It helped us in multiple ways. It's easy to present to leadership where they can get the big picture, and they can ask their questions based on what they see in the drawings. Also, it's a good tool in that it drills down and gets down to the actual requirements. Sometimes we can get buried in the risks, but the risks all translate into requirements. The requirements are the meat and potatoes for our developers. To remediate what's needed, the sooner we get them involved and the sooner we are involved in the process, the sooner the results are designed into the solution. We are also able to reuse the work we put in. When we do something once and there is a revision to the same application, we can start with the previous version. It saves a huge amount of time.

It's a time saver. As we've gotten along, we've determined what we've already remediated. We're not going through a huge list that we used to go through in the beginning. We're going through things that only need to be gone through, and it helps maintain the sprints.

ThreatModeler Platform has enabled our company to meet tight delivery dates for the product teams. I've had several instances where things were brought to my attention late in the game. The tool has been excellent in getting in there and getting it done quickly and with less effort. It's a great time saver, so we can get in and get done, and get out. Sometimes we can do it at astounding speed if we have to. It's better to have enough time to get the job done, but when you're under a crunch, you still can get the job done.

We've customized quite a few components to suit our needs. When we have met the requirements, we put standards around a component. We then deploy it and mark it such that the component is remediated by control or by some standards. In that circumstance, the security requirements don't flow through. They're marked as already met, so it saves us a great deal of time. It's very customizable.

I found that not all of our security architects are fluent in each and every cloud. We're supporting all the major clouds and some SaaS environments. We're finding ways to use the tool and expanding it beyond just the typical clouds that we have today. It has allowed an AWS expert to work on a Google Cloud platform and apply their knowledge quickly and faster, and learn those platforms without necessarily having to be certified in every platform.

ThreatModeler has reduced the hours needed to complete threat modeling projects or secure an app in our organization. It takes about a third of the time doing it through ThreatModeler than it would otherwise. It would greatly vary depending on the actual individual person and how developed our standards are. The company I worked at prior did not have ThreatModeler, and I knew what it took to get the same functionality or similar functionality. It took much longer, and it would be much less uniform across.

Initially, we had ten people working on threat models. Today, within our organization, we probably have four. Fewer folks are working on ThreatModeler, and other security architects are being dedicated to specific environments and specific domains. It has allowed us to be more specialized because we need fewer people to do threat modeling.

ThreatModeler Platform is a big timesaver, helping to provide consistent output. Without it, interpretations would vary. Everything would be developed from scratch, and consistency would be lacking. By having this as our tool, we've developed a more consistent output. It didn't start out that way because everybody has their own ideas, but it is a great tool for making things consistent and making them faster. It allows for drawing solutions to get most of what is needed for threat models, aiding the design team in remediating security requirements.

It measures and mitigates risks across attack surfaces, presents big pictures to leadership, and translates risks into requirements for developers, resulting in security design solutions that save time. Through customization, they can adapt the platform components to match specific needs, significantly streamlining processes.

We meet with our customer rep on a regular basis and go over new features we request. The team has been quite responsive in fulfilling most of the things we've requested in the revisions as we go along. They implemented changes related to colors. That was one of the things we asked for.

One feature that I would like to see is related to comments. Comments need to be layered so that they are always on top. When you click on the comment feature, a dialogue box pops up, and you start entering a comment and put it into a VPC or a group of some sort. When you click on that group, the comment shouldn’t disappear behind the group. That's a problem that I would like to see fixed. The comment should always stay on top. It should be at the top layer above everything else because I can't see a reason why the comments should be under the things that you're commenting on. ThreatModeler Platform needs an enhancement so that comments always remain on top layers in diagrams, preventing them from disappearing when interacting with other components.

I have been using ThreatModeler Platform for about three years.

ThreatModeler Platform's AI-driven component suggestions assist with scalability, especially when undertaking new tasks. However, since this feature was implemented after a few years of using the solution, it is sometimes less impactful as we are already accustomed to our existing methods. We move it out of the way just because we're already set in our ways, and we already know what we want to put next. If we didn't know that, it would be a good time saver.

We get a very quick initial response. Traditionally, they have been quite fast in resolving issues. We've had a few issues that took a little longer to resolve, and they were resolved in a few days. As a whole, we've had multiple issues because we use the tool all the time and run into problems. They're quick to fix them. Sometimes, we could get a better explanation of what was done to fix it, but all in all, we're happy with the results in the sense that things get resolved quickly. We have somebody who takes our requests and resolves them quickly. Of all the time, all the years that we've had it, we've only had a couple of issues that took a little while longer to resolve.

Prior to ThreatModeler Platform, threat models were done manually, but this approach was less efficient.

I joined after it was selected, so I wasn't a part of the selection process, but I have evaluated it a couple of times since then and compared it to current products. It seems to be head and shoulders above the rest as far as multi-cloud support. A big thing about it is that we've now integrated it into our work environment such that we can go into and run a report on the security requirements and export them into Jira, and then they can be assigned to a particular team to go through each one of those requirements. They can go through the open ones and fix them. It can automatically, or nearly automatically, be tied into our work environment. It's pretty slick. It's a big time saver. We've integrated it into our platforms. We're doing more and more integration as we go along. A lot of these things didn't exist earlier, at least not to the extent they do now. They've been a result of us working with the ThreatModeling team and them being responsive to our needs.

We initially attempted to port diagrams from draw.io or Visio to ThreatModeler Platform, expecting integration with threat tools. It might have improved now, but at the time, the results were unsatisfactory, leading to manual interpretation and entry processes.

We now get drawings in multiple formats. I'd love to say that we are standardized in the way we should be, but we have multiple teams, and we get multiple formats. We take that drawing and interpret that, and enter it into the tool manually. However, when we are grabbing things, clicking, and dragging them over and making boxes and just sliding things over, as long as the component selection is fairly robust, it's fine. It's a very fast process.

ThreatModeler Platform has reduced training and education costs by enabling security architects to extend their knowledge across various cloud platforms without needing specific certification, leveraging AWS expertise in other environments efficiently.

It's like everything. If you look at the pricing, it sounds like a lot. If you look at the time it saves you and the fact that it repeatedly saves you that time, it pays for itself. That's what you want out of your tools. If they pay for themselves, you can easily justify them, even if they are expensive. Security architects are very expensive, and we're already doing more with less. Our team is smaller than it was a few years ago, and we have had fewer people doing threat modeling because we're getting more done with the tool.

We aren't using the governance part yet. I need to look at that more and incorporate that. We aren't using it yet, but it's a good feature. I'd like to find a way to use it. Right now, we're doing governance outside of the tool using other platforms. Maybe we can do it more inside the tool.

I would rate ThreatModeler Platform an eight out of ten.