ABN Amro adopted this threat modeling tool to bake security into its development process.
By moving threat modeling into the initial phases of software development, organizations can save time and ultimately reduce risk.
When Netherlands-based ABN Amro embarked on its journey to move from private data centers to the cloud, it realized that it needed to revamp its ad-hoc and manual threat modeling system so that it wasn’t relying on security teams to identify software risks after-the-fact.
The bank rolled out the platform – which embeds automated threat modeling into existing development workflows – to over 200 teams. This helped put individual projects into the context of big-picture risk and security.
“It’s granular: It tells the engineer that by changing this part of an application, these are the threats you need to address, and this is how to address it,” ABN Amro’s global head of security engineering said. “It’s a valuable toolkit for teams to use before, during, and after a build.”
ABN Amro estimates that using IriusRisk versus manual threat modeling saved its hundreds of engineers at least 11 months. IriusRisk just raised $29 million and said that six of the 30 globally systemically important banks are its customers.