Threat Modelling is the process of assessing a target application or organisation and then building a model that represents the perceived threats it may be facing. This model can prove invaluable for understanding, tracking and improving security postures.
A Threat Model provides a detailed view of components, trust boundaries and data flows to first understand and document your threat landscape. We then design realistic threat vectors and scenarios while gauging the susceptibility and impact of attacks. After designing threats, we work closely with relevant stakeholders to discuss and understand the threats in full to finally prepare tactical and strategic threat management roadmaps and recommendations.
elttam is proud to be first in its class, providing threat modelling services to businesses in Australia and abroad. By leveraging years of threat modelling experience, elttam provides a measured and pragmatic approach to assessing your threat landscape and providing realistic recommendations to address security challenges efficiently and at the core of the business.
At elttam, your threat model is delivered by a reputable team of security professionals who specialise in threat modelling. We guide you through the entire threat landscape and make sure the details and guidance are both practical and cost-effective.
Meet with stakeholders, perform a security health-check, review architecture documentation and previous security assessment reports, commence the threat model skeleton.
Use all available information to map out the threat landscape for the target, defining logical components, trust boundaries and data flows.
Design and analyse potential threats after completing the Investigation phase, including details such as relevant threat actors to observed security control maturity.
Establish a regular communication channel for discussing threats identified in the model and developing threat management activities.
Present the Threat Model and discuss all threats and threat management recommendations. Provide necessary handover and training for maintaining the threat model. Job done!
Our team have prepared many threat models of different types and scales.
A threat model for a startup to understand their likely threats and receive recommendations to minimise risks and raise awareness so security is built-in from the ground up.
A threat model to detail external, internal and 3rd party threats, assess and prioritise threats based on likeliness and impact, then providing a detailed roadmap and recommendations for managing threats.
A threat model covering the holistic enterprise threat landscape with detailed scenarios, providing threat management consulting, and performing in-house training to raise security awareness.
A structured methodology built on proven best-practices (CAPEC, OWASP, OSSTMM)
A team with an established reputation and over a decade of experience
Tailored security services to fit any project or business
Published research helping global software companies and the community abroad
Made in Australia!