Skip to main content

Top 10 Threat Modeling Tools

Threat modeling is an organized approach for identifying and categorizing possible risks such as vulnerabilities or a lack of protection mechanisms, as well as prioritizing security mitigations. The goal of threat modeling is to provide defenders and the security team with an analysis of what security measures are necessary based on the present information systems and threat environment, the most likely attacks, their technique, purpose, and target system.

Threat modeling can assist businesses in reducing the possible cost and requirement for rework of code during development or post-production support. Threat modeling assists threat intelligence analysts in identifying, categorizing, and prioritizing threats in order to guarantee successful recording and reporting, which is the overarching goal of a threat intelligence program. A good threat intelligence report assists the security defense and security operations teams in protecting IT assets from attacks and vulnerabilities.

You should ask the following questions to have a more effective model when constructing the threat model procedure.

  • What are examples of high-value assets?
  • What may an attacker's profile look like?
  • Which are the most susceptible aspects of the program that hackers can exploit?
  • What are the most serious dangers to the application?
  • Is it possible that one or more attack vectors will go unnoticed?

There is a wide selection of commercial as well as open source threat modeling software to choose from. The following is a list of the top threat modeling tools that you should keep on hand for threat modeling:(The given list is in random order)

  • IriusRisk
  • Threagile
  • Tutamen
  • Cairis
  • Kenna.VM
  • OWAPS Threat Dragon
  • SecuriCAD by Foreseeti
  • ThreatModeler
  • Microsoft Threat Modeling Tool
  • SD Elements by Security Compass

1. IriusRisk

With its groundbreaking threat modeling and SDL risk management platform, IriusRisk makes DevSecOps a reality. IriusRisk is a strong tool for ensuring that security is built into the design process and carried through to production. It serves as a central coordination point for teams to threat model and manage risk throughout the SDL, with real-time updates. IriusRisk is the glue that connects Security, Operations, and Development. It's built for integration, simplicity, scale, and speed. IriusRisk is a trusted partner of some of the world's major financial institutions, and we take pride in our ability to adapt quickly, be nimble, adaptable, responsive, and stay ahead of the curve. IriusRisk is a worldwide company that is eager to work with you. For further information or to schedule a demonstration, please contact us.

IriusRisk Community Edition is a free version of IriusRisk that helps you to model software cyber threats rapidly using a template-based methodology and then manage those risks across the SDLC, including:

  • Accept, Mitigate, or Expose as a risk response
  • To extract the security criteria in one step, use a security standard like OWASP ASVS.
  • Upload security controls to Jira as requirements automatically.
  • Synchronize the current condition of the requirements' implementation with Jira and immediately modify the risk rating.

IriusRisk employs pre-defined components and a built-in threat and countermeasure library to enable teams to construct these models fast without relying on security professionals. Countermeasures may be easily deployed into ALM systems like Jira, TFS, and Rally, putting them front and center in developers' workflows. IriusRisk is compliant with the most important industry standards, including PCI DSS, EU GDPR, OWASP, and NIST 800-53. Most DevSecOps pipeline technologies are fully integrated via native integration or API.

IriusRisk Threat Modeling platform

Figure 1. IriusRisk Threat Modeling platform

2. Threagile

Threagile is an open-source threat modeling toolkit (for more information, check

Threagile Threat Modeling platform

Figure 2. Threagile Threat Modeling platform

It enables you to represent architecture and its assets as a YAML file straight within the IDE. All basic risk rules (as well as specific custom rules if present) are tested against the architectural model when the Threagile toolkit is run.

When the Threagile toolkit is run, a collection of risk rules run security checks against the architectural model and provide a report with potential risks and mitigation recommendations. In addition, nice-looking data-flow diagrams and other output formats are generated automatically (Excel and JSON). Risk tracking may also take place within the Threagile YAML model file, so the current state of risk mitigation can be provided. Threagile may be started as a REST-Server or from the command line (a Docker container is also available).

At the Black Hat Arsenal 2020 and DEF CON 2020 AppSec Village conferences, Threagile was unveiled.

3. Tutamen

The Tutamen Threat Model Automator was created to enable security at the architectural level, where the cost of addressing defects is the lowest. With a single input of variables, you may reduce human error and inconsistencies. Make a living threat model that adapts to changes in the design.

It is a Software-As-A-Service offering that is totally cloud-based. This firmly incorporates security patterns into the code and lowers the time developers spend implementing these security patterns appropriately. In software development settings that use Agile/Continuous Integration processes, the product functions effortlessly.

There is no need to learn any new program. Tutamen allows you to enter data using familiar Office applications like Visio and Excel.

The data is not re-entered or lost throughout the transcoding process.

Instead of producing separate and unconnected data flow diagrams, use the project's design diagrams.

Integrate with current procedures and technologies to enable cross-stakeholder cooperation.

Tutamen employs security reference frameworks such as the OWASP Top 10, STRIDE, Common Weakness Enumeration (CWE), Common Attack Patterns (CAPEC), and others.

Tutamen comes with a set of useful reports by default. It may also produce several reports for different stakeholder groups inside your organization.

To produce more safe and dependable software systems, take remedial action right once before development begins.

You are free to use the Community Plan for as long as you like. More threat library and reporting options are available with the Standard and Pro subscriptions. Please inquire about our Enterprise plan alternatives if you want a highly tailored solution.

4. Cairis

CAIRIS (Computer-Aided Integration of Requirements and Information Security) is an acronym that stands for Computer-Aided Integration of Requirements and Information Security. It's a free and open source threat modeling platform for eliciting, describing, and evaluating safe and useful systems. It was designed from the ground up to include all of the aspects required for usability, requirements, and risk analysis.

CAIRIS is freely accessible under the Apache Software License.

Computer-Aided Integration of Requirements and Information Security (CAIRIS)

Figure 3. Computer-Aided Integration of Requirements and Information Security (CAIRIS)

Some tools are designed to help you specify your needs. Others concentrate on threat modeling. Others, on the other hand, are concerned with the management of UX data. CAIRIS is the only instrument that can accomplish everything. CAIRIS is also the first security design tool that incorporates the concept of environments, allowing it to model usage contexts.

5. Kenna.VM

Kenna Security's risk-based vulnerability management solutions combine real-time threat intelligence, data science, and predictive algorithms to efficiently manage and prioritize risk across your whole enterprise from start to finish.

Kenna.VM uses real-world threats and exploits intelligence as well as powerful data science to evaluate which vulnerabilities are the most dangerous and which may be deprioritized.

Kenna.VM vulnerability scanner

Figure 4. Kenna.VM vulnerability scanner

Kenna, unlike typical vulnerability scanners and management systems, uses both external and internal data from business assets as well as "in the wild" threat information. With this real-time, reality-based context, Kenna may prioritize vulnerabilities based on their impact on the company, ensuring that work is targeted to optimally and demonstrably enhance security posture.

Kenna.VM tracks, measures, and predicts real-world threat and exploit activity by using 18+ threat and exploit intelligence sources and 12.7+ billion managed vulnerabilities. This contextual data is coupled with your current security data from scanners, bug bounty programs, CMDB tools, static application testing tools, and other sources to provide you with the most complete and accurate picture of risk in your company.

Kenna Security's Solution Features are as follows:

  • Ground Truth Telemetry: Kenna examines billions of data points to figure out what's going on. Real-time monitoring of attacker activities. It knows who the attackers are, what they're doing, how they're doing it, and the tools they're using to take advantage of it in the wild vulnerabilities
  • Engine for calculating risk: Using Ground Truth Telemetry in conjunction with your internal security The Kenna Risk Scoring Engine uses algorithms to compute risk scores, the risk ratings of each vulnerability, and asset category. The number of occurrences of each factor is included in the risk score, vulnerability in your surroundings, the severity of the threat, and what you can do about it as well as the assets that are at risk as a result of each vulnerability. Your business will be able to see your present risk posture in real-time and, more crucially, the measures you can take to change it. The most significant impact on risk reduction
  • Predictive Modeling: Predictive Modeling is a technique for predicting what will happen in the future. Kenna enables security and IT teams to finally adopt predictive vulnerability management by evaluating the risk of a vulnerability as soon as it is discovered and long before an exploit can be built by leveraging machine learning, predictive modeling, and other data science approaches. With a validated 94 percent accuracy record, our predictive modeling predicts the weaponization of emerging vulnerabilities and then prioritizes repair depending on the risk of exploitation. This offers your company the foresight it needs to patch high-risk vulnerabilities before an attacker may exploit them.
  • Engine for Remediation Intelligence: Kenna selects remediation activities based on what will have the greatest impact on your risk score. A ticketing system is used to track the vulnerabilities that represent the highest risk to the company and whose solution will have the largest impact on risk score reduction. Because vulnerabilities are prioritized based on their risk score rather than the number of assets that may be impacted, these suggestions improve efficacy across the board.

6. OWASP Threat Dragon

The OWASP Threat Dragon is an open source threat modeling tool that is used to produce threat model diagrams as part of the safe development lifecycle.

It may be used to record potential risks and decide how to mitigate them, as well as to provide a visual representation of the threat model components and danger surfaces.

Threat Dragon supports STRIDE, LINDDUN, and CIA, as well as providing modeling diagrams and implementing a rule engine to auto-generate threats and mitigations.

What the Threat Dragon project hopes to achieve: Developing a data flow diagram indicating dangers, mitigations, and countermeasures for ease of use and accessibility

The application is available on two platforms:

OWASP Threat Dragon

Figure 5. OWASP Threat Dragon

A desktop program: The model files are kept on the local drive and are based on Electron. Installers for Windows and Mac OS X are available, as are rpm and Debian packages for Linux.

A web application consists of: Files for the web application model are saved on GitHub, with further storage mechanisms to follow; easiness of use and accessibility, creating a data flow diagram, implying dangers, putting mitigations and countermeasures in place.

Threat Dragon desktop versions and web application versions may be downloaded from the OWASP GitHub repository.

7. SecuriCAD by Foreseeti

SecuriCAD helps businesses to handle cybersecurity in a proactive and business-oriented manner. It's a threat-modeling and risk-management tool that helps energy firms analyze and manage their cyber security threats. It's based on computer-aided design (CAD) approaches borrowed from other engineering disciplines.

SecuriCAD runs automated attack simulations on models of present and future IT infrastructures, detects and quantifies risks across the board, including technical, structural, and software vulnerabilities, human factors, processes, and more, and then offers decision assistance based on the results.

SecuriCAD by Foreseeti

Figure 6. SecuriCAD by Foreseeti

The attack simulations quantify the behaviors of possible attackers, including the likelihood of success, time to success, and most likely assault vectors. Because all simulations are run on a model of the IT infrastructure, there is no influence on the system under test's availability.

securiCAD is completely automated and can be incorporated into CI/CD processes to provide near-real-time modeling and simulations.

securiCAD is a cutting-edge technology for proactive cybersecurity management that includes the following features:

  • A comprehensive examination of IT infrastructures is required to assure current and future cybersecurity
  • An automated method that produces objective, dependable, and quantifiable outcomes
  • A reporting system that helps you make better business decisions.
  • Even when data is inadequate, the ability to give actionable outcomes

8. ThreatModeler

ThreatModeler is an automated threat modeling solution for the business software development life cycle that protects and scales it.

To make proactive security decisions and reduce total risk, it identifies, forecasts, and classifies risks across the whole attack surface.

ThreatModeler allows you to safely build applications/infrastructure and supports known regulatory standards like NIST, GDPR, and PCI, allowing DevOps to verify compliance.


Figure 7. ThreatModeler

ThreatModeler's patented Threat Chaining functionality allows users to build on existing threat models. Changes and updates to a chained threat model will be reflected in all models in which it is nested.

ThreatModeler also has the following features in addition to the ones mentioned above:

  • Auto Threat Mitigation: Ensure that all essential security procedures are appropriately deployed. Automatically mitigate detected risks based on the results of your threat model.
  • CI/CD Pipeline: Integrate your existing technology investments, such as JIRA and Jenkins, into a unified CI/CD toolchain. With our bi-directional API, you can liberate your data and do more.
  • Reporting: Stay ahead of the curve by recognizing risks and how to defend your architecture. Investigate your data assets to uncover hazards that will guide your mitigation efforts (Security Controls). Gain insightful insights and share them with DevOps.

9. Microsoft Threat Modeling Tool

Microsoft Threat Modeling Tool is an open source software that aids in the detection of threats during the design phase of software projects.

Through a common vocabulary for displaying system components, data flow, and security limits, the Microsoft Threat Modeling Tool makes threat modeling easy for all developers. It also aids threat modelers in determining which threat classes to examine based on the structure of their program. We built the tool with non-security specialists in mind, making threat modeling easy for everyone by offering clear instructions on how to create and analyze threat models.

Any developer or software architect may use the Microsoft Threat Modeling Tool to:

  • Communicate about their system's security architecture.
  • Using a tried-and-true technique, examine their designs for potential security holes.
  • Suggestion and management of security problem mitigations.

Microsoft Threat Modeling Tool

Figure 8. Microsoft Threat Modeling Tool

Microsoft Threat Modeling Tool system requirements are as follows:

  • Operating Systems that are supported; .NET version 4.7.1 or later is required for Microsoft Windows 10 Anniversary Update or later.
  • Additional Conditions; To receive updates to the tool and templates, you'll need an Internet connection.

The Microsoft Threat Modeling Tool is now available for Windows as a free click-to-download application. Customers will receive the most recent improvements and bug fixes each time they open the tool thanks to this delivery mechanism.

Here are a few examples of tools capabilities and innovations:

  • Guidance and feedback when sketching a model are provided through automation.
  • STRIDE per Element: Threats and Mitigation Analysis Guided.
  • Security activities and testing in the verification phase are reported.
  • Unique Methodology: Assists users in visualizing and comprehending threats.
  • Many techniques are oriented on assets or attackers, and are designed for developers and focused on software. Its focus is on software. It expands on tasks that are common to all software engineers and architects, such as generating diagrams for their software architecture.
  • Design Analysis is the focus: Threat modeling is a word that can apply to either requirements or a design analysis method. It can also refer to a complicated mix of the two. Microsoft's SDL threat modeling method is a targeted design analysis tool.

10. SD Elements by Security Compass

SD Elements by Security Compass serves as a central coordination point for teams to threat model and manage risk throughout the SDL, with real-time updates. IriusRisk is the glue that connects Security, Operations, and Development. It was designed for integration, simplicity, scale, and speed.

Balanced Development Automation (BDA) helps businesses to develop safe digital goods while maintaining a competitive advantage in terms of speed to market.

BDA automates important aspects of proactive manual security and compliance operations that are frequently overlooked due to their slowness, manually, inconsistency, siloed nature, and high cost.

  • Threat Modeling

  • Risk Assessment

  • Secure Development and Deployment are examples of proactive approaches.

Which Threat Model Should Be Used?

The threat modeling frameworks presented here are just a small part of the total number of threat modeling frameworks accessible. PASTA, DREAD, and other frameworks are examples of STRIDE. Additional tools, such as the CVSS list, are available for specific vulnerabilities.

There is no "one-size-fits-all" threat modeling approach. For various settings and teams, different models are ideal. Understanding the various possibilities, as well as their pros and drawbacks, may aid in making an informed selection and increase the success of threat modeling efforts.

What Features Should Threat Modeling Tools Have?

The threat modeling tool sector is still in its infancy, with so many new entrants. The next section will guide you through the elements to think about when selecting a threat modeling tool.

  • The input of system data is simple: The ideal threat modeling software allows you to draw a system diagram or upload one (data flow diagrams being the most common). The visual component of your application aids in the creation of a comprehensive image and ensures that crucial assets, linkages, and limits are not overlooked. To make this input intuitive, several technologies include forms and questions. You can make your decision depending on your preferences and the format of the data you already have.
  • Threat Intelligence: Threat intelligence is information gathered from a variety of publicly accessible threat libraries, such as MITRE's CAPEC, as well as maybe some proprietary data gathered by toolmakers. It's simply a database of different possible risks to your system based on threats to comparable apps on the market. When this data is combined with your system's data, it becomes much easier to assess your weaknesses and anticipate attacks.
  • Threat Dashboard: A threat dashboard is an easy-to-understand visual representation of threat intelligence data that facilitates proactive remediation. The more advanced the threat dashboard, the simpler it is to make judgments on how to address vulnerabilities. You can see the degree of each vulnerability and asset-level risk with a good threat dashboard. A bird's-eye view of the system's current condition may be obtained by drilling down to see the threat severity of a specific module or even a user flow within a certain application.
  • Dashboard for Mitigation: A good threat model allows you to do more than just identify a system's vulnerabilities; it also allows you to take action. Making code changes, adding new security measures, moving it to a backlog, or simply ignoring it are all options (when it is very low severity or the expense of security control is more than the cost of actual attack). This is the most important step in the threat modeling procedure. A threat dashboard is complemented by a mitigation dashboard. Every remedial action taken using a mitigation dashboard must be reflected in the threat dashboard.
  • Rule Engine: A rule engine is a system that aggregates all of your organization's laws and policies. It can operate with bespoke rules or link to current regulations such as PCI and GDPR. This section of the tool verifies that your company complies with regulatory obligations.
  • Scalability: The threat modeling method becomes more difficult as your application becomes more complicated. If your product is large, your threat modeling tool should be capable of reducing redundant activities. When creating new modules, the ability to reuse components and use threat model templates (custom or templates included with the tools) is a big benefit.
  • Ability to Integrate with your workflow: Your threat modeling software can't be a stand-alone monolith. It must be incorporated into your system in order for both to operate together. The threat modeling process is made more efficient thanks to connectors in the tool that links with your application's CI/CD workflow. When your threat modeling tool interfaces with Jenkins, for example, DevSecOps becomes easier and more fluid. Connecting the mitigation dashboard to an issue tracker like JIRA is another valuable feature. Any vulnerability that has to be addressed may therefore be tracked in real-time.
  • Reporting: The ideal outcome of a threat modeling effort is a detailed documentation of the threat model that can be shared with all stakeholders. At any moment in time, threat modeling tools should be able to create reports on their activities. The current threat state of your application, changes in the model as a result of technological changes or even compliance regulations, and your current mitigation strategy - these reports are critical for strengthening the present threat model. Reports are critical to the creation of a good threat model.