The threat model is one of the most basic tools IT professionals use to analyze security incidents and scenarios. It is the first stop along the security path where potential hazards can be identified and quantified.

Threat models involve judgments about which threats are important to a particular situation. An automated tool that simply lists any potential problem without assigning a probability to it is useless to the overall process. It’s like having to read through a log file in its entirety to find one anomalous event that indicates a breach.