Anyone developing complex, safety-critical products* today knows the problem: there isn't one single tool that covers everything—and even so-called “platforms” fail precisely where real processes and organizational structures begin.
The reality is: companies rightly rely on Best-of-Breed (BoB) strategies. Requirements are managed in tool A, architectures emerge in tool B, and TARA (Threat Analysis and Risk Assessment) is conducted in tool C. Each tool fits best for its purpose. But what about context loss, fragmentation or data silos?
Switching between tools often breaks the flow. Information has to be re-entered, relationships between data get lost and decisions become harder to trace. Each tool has its own logic and interface. This results in inconsistent user experience (UX) with
- different workflows and terminology
- inconsistent shortcuts and behaviors
- constant context switching
Data gets scattered across systems and there is no single source of truth which often results in synchronization issues or version confusion. In my opinion what's missing isn't a new platform, but an integrative, connectable methodology—across tools and disciplines.
You can achieve a smooth Cybersecurity Lifecycle flow by smart, non-invasive and lightweight integration using itemis ANALYZE and itemis SECURE.
The first step: connect Threat Analysis and Risk Assessment (TARA) with vulnerability management (public databases). You have a TARA with threat scenarios and attack trees consisting of attack steps. These may relate to certain new vulnerabilities that are published on cve.org, opencve.io or any other publicly available database (which is trustworthy of course).
With itemis ANALYZE new CVEs (Common Vulnerabilities and Exposures) from external sources can be matched against existing assets and threat scenarios in real-time. The assessment is contextualized, not sweeping, and is auditable and traceable. You can also extend that tracing further to your development artifact and do a first impact analysis.
The result: the TARA evolves from a one-time artifact into a living security argumentation. Security engineering becomes repeatable, scalable, and integrated - instead of "Excel plus gut feeling."
What we don't offer is a platform with artificial tool lock-in. Instead: open integration along real processes tailored to your needs.
*) By 2027 at the latest every digital product within the EU market has to declare conformity to the Cyber Resilience Act which also includes a Cybersecurity Risk Assessment which is basically a Threat Analysis and Risk Assessment (TARA).
Comments