What is cyber Threat-Modeling?
Cyber threat-modeling is the process of evaluating your organization’s threats, risks, and vulnerabilities. It identifies the likelihood of threats that could compromise your organization and assesses your ability to respond to and prevent those risks.
Like incident response protocols, threat-modeling helps you proactively defend and prepare against situations that would put you in a compromised position -such as phishing and ransomware attacks. However, it goes a step further by expanding the scope of what you need to prepare for. For instance, if you’re bringing on a major partner or implementing a new application into your workflow, cyber threat-modeling helps pinpoint any associated risks.
In general, cyber threat-modeling provides the following advantages:
- Reduce your organization’s attack surface. Threat-modeling can do this by adding tools and security functions to protect vulnerable components. It can also break down a piece of software and look at it from multiple perspectives to refine, fix, and streamline it.
- Prioritize budgeting, mitigation efforts, and threats. Sometimes, organizations are compromised because budgeting, mitigation efforts, and threats simply weren’t prioritized. By adopting threat-modeling, you can encourage your organization to evaluate purchase decisions and determine cost-effective ways to fix, replace, or upgrade existing software.
- Identify and eradicate single points of failure. Threat-modeling can help identify spots in your system that cyber attackers can take advantage of. It can also validate whether the current controls are enough to provide the level of security needed to keep you protected.
Since cyber threat-modeling involves many factors, it should be conducted internally as well as by an external cybersecurity provider who can give an expert outside perspective. Only then can an accurate representation of your company’s security posture be assembled.
Why you need a cyber Threat-Modelling
Today, organizations must remain continually conscious of their security posture. This is particularly due to the rise in cyber threats, which affect all industries and every type of business. With the risk of threats on the rise, you need to prioritize cybersecurity prevention for your business.
Traditionally, companies establish incident response plans to recover and restore a network or system after a cybersecurity breach. Although these protocols can be vital for getting your business back on track, incident responses take a lot of time and resources, which can be deadly for companies struggling to survive in a fast-paced, and unforgiving economy. Wouldn’t better security be to prevent an incident in the first place? Of course it is hard to convince a C-suite to invest in something intangible like “not-an-incident.”
Fortunately, there is an alternative to the incident response life cycle: cybersecurity threat-modeling. This is a term that doesn’t get thrown around too often — however, it’s slowly becoming more mainstream as an increasing number of companies adopt cyber threat-modeling over the sole reliance on an incident response plan.
Cyber Threat-Modeling best practices & next steps
Each threat-modeling process and methodology has different steps depending on what your cybersecurity provider thinks is best for you.
However, all cyber threat-modeling processes share basic best practices. After identifying, choosing, and implementing controls to mitigate risks, you need to put in motion these actions by:
- Ensuring the software you’re using is secure
- Confirming the threat modeling process is consistent across all projects and departments
- Determining and implementing specific actions and protocols that security and development teams should implement to make the most out of the software
Once secure coding practices have been established, you need to test or validate the best practices for cyber threat-modeling. These “validation activities” need to be mapped to each part of your system according to your security policy.
When performing threat modeling, you can choose a variety of methodologies depending on what types of threats you’re trying to model. Some examples include:
This was created by Microsoft engineers and is the most effective for evaluating individual systems. STRIDE is an acronym for the threats it covers:
- Spoofing: A program or user pretending to be something else
- Tampering: Attacks modifying code or components
- Repudiation: Threat events not being monitored or logged
- Information disclosure: Data being exposed or leaked
- Denial of service (DoS): Components or services being overburdened with traffic to make them inaccessible to users
- Privilege Escalation: Attackers giving themselves additional privileges to gain control over your system
2. Process for attack simulation and Threat-Analysis (PASTA)
Like STRIDE, this is a methodology focused on the attacker. It matches business objectives with technical requirements and has seven steps to guide teams to spot, count, and prioritize threats dynamically:
- Define business objectives
- Define the scope of components and assets
- Decompose the applications and identify application controls
- Threat analysis based on threat intelligence
- Detect vulnerabilities
- Attack modeling and enumeration
- Risk analysis and establishing countermeasures
3. Common Vulnerability Scoring System (CVSS)
This is a threat scoring system used to deal with vulnerabilities you are already aware of. It can help you and your team assess threats, spot impacts, and identify known countermeasures. You can also use it to evaluate and apply threat intelligence developed by others.
4. Hybrid Threat-Modeling Method (hTMM)
Developed by Security Equipment Inc., this methodology combines two other methodologies:
- Security Quality Requirements Engineering (SQUARE), which is designed to categorize, elicit, and prioritize security requirements
- Persona non Grata (PnG), which focuses on discovering ways a system can be misused to meet an attacker’s goals
hTMM can be used by applying Security Cards, getting rid of unlikely PnGs, summarizing results, and evaluating risks using SQUARE.
5. Security cards
Based on creative thinking, this methodology uses 42 cards to help teams answer questions about unique or rare attacks. This is a good way for teams to boost their knowledge about threats and threat modeling practices.
6. Attack trees
These are charts that show the paths that attacks can have in a system. Attack goals are the root, while possible paths are branches. Multiple trees are made for a single system, with one tree per attacker goal. This methodology is usually used with other methodologies, such as STRIDE, CVSS, and PASTA.
Finding the best cyber Threat-Modeling
Deciding which cyber threat-modeling methodology to use can be difficult, particularly when you have so many other day-to-day tasks to deal with. Fortunately, CDG offers a customized, client-to-client modeling approach to find the best solution for your business.
Cyber Threat-Modeling done right
If you’re looking for more guidance on how to move your cybersecurity program forward, CDG can help. We are shifting the cybersecurity consulting paradigm to address the needs of mid-market, cloud-native or cloud-reliant companies who are experiencing rapid growth.
Founded in 2016 by global security expert Lou Rabon, our nimble team draws on decades of experience and diverse technical expertise to deliver a full spectrum of information security advisory and implementation services on a fixed-cost basis. Our right-sized, results-driven approach will help you meet your immediate needs, but also ready you to navigate what’s ahead. Get in touch, and see what results are possible for your organization.