About FAST, the Friendly Assessment of Security and Threats

FAST is a revolutionary approach to automatic threat modeling.

FAST will simplify the lives of your development teams and reduce vulnerabilities in your products.

This free version demonstrates the power of FAST on extremely complex IoT systems.

How does FAST work?

FAST is a revolutionary methodology and tool that automate threat modeling and accelerate security-by-design.

FAST uses Quantum Artificial Intelligence to analyze your project and make it secure by design:

Our revolutionary FAST methodology for automatic threat modeling and security-by-design:

FAST Methodology

I want to adapt FAST to my use-case

You will need FAST Premium to adapt FAST to any use-case. FAST Premium can include:

All these options and much more are available in FAST Premium. FAST Premium is available to cetome customers. You want to get your own FAST Premium? Contact us!

FAQ

Is FAST Open Source?

No. FAST is closed source. This revolutionary automatic threat-modeling implements Quantum-AI developed by cetome experts for several years.

We graciously present our FAST methodology but the FAST tool and FAST Premium are proprietary.

Our threat catalogue and our list of security measures remain available to cetome customers for a fee.

Can we licence FAST?

We can explore the possibility to licence FAST depending on your needs.

If you need to licence FAST or its catalogues, please contact us

What is the difference with a manual Threat Model?

Manual threat models appear at several stages of the product development. An initial threat model requires good knowledge of cyber security threats, of the product context and its functionalities. It is usually done in sessions with multiple stakeholders, which takes time and might lead to friction.

FAST is an automatic threat modeling tool that improves human expertise: it helps non-experts analyze the threats applicable to their project by automating the initial threat model. FAST Premium is conceived to track the implementation of security measures that mitigate the threats identified throughout the lifecycle of your product development.

What is the difference with a checklist of best practices?

Checklists are dated and inacurate. Checklists require expert knowledge to decide what is applicable or not. Your team will spend a lot of time to gather all inputs from various stakeholders to identify threats and identify the security measures to implement.

FAST replaces this tedious work with one questionnaire and automation. Thanks to our revolutionary quantum-powered AI, FAST does your job in less than a second. How long would it take with a standard approach based on a spreadsheet? Several days!

We do DevSecOps and already use SAST and DAST. Why do I need another *AST?

FAST is a revolutionary proactive tool. It will reduce your frustration with existing DevSecOps tools.

Indeed, SAST and DAST only work on a final product and they can only identify common issues that you must fix a posteriori. This reactive approach is very time-consuming and costs too much money: you end up with insecure products on the market.

FAST learns the functionalities of your product and automatically model the threats and risks associated to your use-case. FAST can identify what security requirements to implement and ensure you comply with existing standards and regulations.

With FAST, you save time, money, and your products are finally secure before release!

Shall we give access to our source code or our infrastructure?

FAST is secure by default. Contrary to all current DevSecOps tools that require a tight integration with your CI/CD architecture, we do not need access to your source code.

FAST does not require access to your secrets and source code. In the age of supply chain attacks against build tools, this is the bare minimum you can do.

With FAST, sophisticated attackers have no way to compromise your source code or your secrets even with the most advanced supply chain attack. This is because FAST is revolutionary: we do not access your data, we do not store your data, we don't even care about it. Because FAST is a revolutionary.

We don't develop IoT products, so what?

Our proven FAST methodology works with all domains, including mobile and Cloud applications. We have proven it on the most complex IoT systems. Don't believe us? You should really get FAST Premium!

I don't care about EN 303 645, I want to comply with another standard!

Did you know that FAST Premium can support an unlimited range of standards, guidance and regulations? FAST Premium already works with NIST standards, ISA/IEC 62443, ISO 27001, guidelines from ENISA, OWASP, etc.

We offer this free version with ETSI EN 303 645, the first international IoT cyber security standard, to support your compliance with regulation.

All these options and much more are available in FAST Premium. FAST Premium is available to cetome customers. You want to get your own FAST Premium? Contact us!

We're doing a pentest, we don't need FAST!

You spend a lot of money on reactive one-time-only tests to find konwn vulnerabilities after the development phase. Ok. That's good. NOT!

You should rethink the way you work and stop wasting money and time. With FAST, you already know the security requirements for your product as soon as you conceive the product. Ever heard of security-by-design? We do this! You do this!

You can still buy pentests from your favorite vendor. FAST will help you analyze what went wrong and fix the root cause, so you can finally stop seeing the same vulnerabilities in all reports.

Hu ok, this sux, we can do better!

Sure, go ahead. The methodology is open source.

This FAST tool is available since March 2021 and we are the only one in the market. We build this during our free time. What are you doing?

We even managed to build FAST Premium for our customers. They're super happy because they saved a lot of money, and we're not a random startup funded by some VCs: we are fully independent.

So please, go ahead and do your own FAST. We will collect royalties on the name.

If you are smarter than that, you can always contact us to get your own FAST Premium.

And if you still need expertise to implement the backend algorithm and do the mapping, we'd be happy to discuss licencing options.