I want you to comprehend one more fact that:
There are vulnerabilities in all software, all hardware, hence in all networks. Perhaps they are never going to be 100% secure. What can you do as a cybersecurity professional is that you can try to keep your systems as secure as reasonably possible. It means that you are always going to encounter some limits, and no security hardening is ever perfect. That's why information security is a constantly evolving, everyday process.
Regardless of what limitations you may face, you would want to focus on security from the very beginning of DESIGNING of your applications, your systems, or your networks. This mindset warrants that you undertake elaborated 'Threat Modelling' in your considerations.
-
What is Threat Modelling?
Threat Modelling is a process that results in a structured representation of all the information that has potential to affect the security of an application. You look at your applications, systems and network and their respective environments through the lenses of security.
It is a process for capturing, organizing, and analyzing all of such information. Threat modeling enables you to make informed decisions about security risks of all these. Not only it produces some important threat models, but also produces a prioritized list of security improvements to the concept, requirement, design, or implementation.
The primary purpose behind threat modelling is to carry out activities for:
-
Improving security by identifying objectives of your system(s)
-
Improving the understanding about the vulnerabilities you would encounter therein
-
Defining effective counter-measures to mitigate the effects/threats to the system.
While you identify the threats, you are likely to stumble on potentially undesirable events that may be malicious (e.g. D/Dos attack, SQL injections, etc) or incidental events (e.g., failure of a storage device).
The ideal threat modelling would help you in generating the right information at a very granular level.
Though you would be developing high-level threat models to begin with, especially in the concept or design phase, you would be refining your threat models throughout the lifecycle of your system. You would be adding more details to your threat models, as new attack-vectors would be identified and exposed to you. You would examine, diagnose and address all those threats, on a continuous basis.
-
4-Underlying Questions To Maintain Your Focus
There are number of well-defined methodologies of Threat Modelling. However, there are 4-critical questions which would guide you in your understanding:
-
What are we working on?
-
What can go wrong?
-
What are we going to do about it?
-
Did we do a good job?
While you are doing this, you are also need to know that there is no one 'right' way of doing this.
You never want to attempt to evaluate all the possible combinations of threat-agents, attack-vectors, vulnerabilities and their respective impact. NO, YOU DON'T WANT THAT...Because it is a sheer waste of your time and effort. Always remember that you want to evaluate threats which have a high-likelihood of occurring in your environment or in your industry and possibly would have high-impact to your organisation too.
So, for example, starting with all possible vulnerabilities in your environment is usually POINTLESS, as most of them are not attackable by the threat agents, OR are protected by a safeguard, OR do not lead to a consequence of concern.
People keep finding ever new threats in the wild, but you should only be bothered about kind of threats which other companies in your industry are also facing. Therefore, it’s generally best for you to start with the factors that can make a lot of difference to your organisation. Does it make sense?
There is no point in doing all this and having no record. That's why, when you produce a threat model, you should document the following:
-
How data flows through a system to identify where the system might be attacked?
-
As many potential threats to the system as possible
-
Security controls that may be put in place to reduce the likelihood or impact of a potential threat.
-
Threat Modeling Methods
There are many methods of Threat Modelling. I would like to give you a brief introduction of some here.
1. STRIDE
(Spoofing, Tampering, Repudiation, Information disclosure, Denial of service, Elevation of privilege)
It is an early threat model developed by Microsoft employees in the late 1990s. It is still used as a process model for cybersecurity teams. The model answers the question: “What can go wrong in this system we're working on?" It can be used as both a method to remember threat types and as a way to pair threats with targets. In fact, 'Microsoft Threat Modelling Tool' is still available to general public for use.
2. PASTA
(Process for Attack Simulation and Threat Analysis)
It is a seven-step modeling process used to define objectives, requirements, and procedures for security operations. These seven steps are:
1. Define objectives
2. Define scope
3. Application decompensation
4. Threat analysis
5. Vulnerability detection
6. Attack enumeration
7. Risk analysis
This method helps you build flexible threat identification, enumeration, and scoring processes. PASTA provides you an attacker-centric analysis structure to help you build an 'asset-centric' response strategy.
3. VAST
(Visual, Agile and Simple Threat modeling)
It is a malleable and scalable modeling process for security planning throughout the software development lifecycle. It’s based on three pillars: automation, integration and collaboration. This model focuses on actionable outputs and the unique needs of developers, security personnel and executives.
VAST can be used for both operational and application threat modeling and uses workflow diagrams to illustrate threats, assets, vulnerabilities, and remediation tools in a understandable way. It’s also designed to mirror the existing operational processes of agile software development teams.
There is no silver bullet for security operations planning, and different modeling methods may suit you better than others. It’s important for you to understand your existing development, IT management and security operations processes, before settling on a modeling format.
-
The principles of Threat Modelling apply equally, whether you are designing and building systems such as network infrastructures or server clusters, or you are designing or developing desktop, mobile, or web applications.
Threat modeling is like SWOT analysis. It helps you build a well-rounded, continuously evolving threat defense scheme. If you plan and implement your cybersecurity threat models properly, then you would largely be assured that most parts & pieces of your network and applications remains protected, now and as new threats emerge.
Kindly write your comment on the posts or topics, because when you do that you help me greatly in designing new quality article/post on cybersecurity.
You can also share with all if the information shared here helps you in some manner.
This Article Was Written & published by Meena R, Senior Manager - IT, at Luminis Consulting Services Pvt. Ltd, India.
Over the past 16 years, Meena has built a following of IT professionals, particularly in Cybersecurity, Cisco Technologies, and Networking...
She is so obsessed with Cybersecurity domain that she is going out of her way and sharing hugely valuable posts and writings about Cybersecurity on website, and social media platforms.
30,000+ professionals are following her on Facebook and mesmerized by the quality of content of her posts on Facebook.
If you haven't yet been touched by her enthusiastic work of sharing quality info about Cybersecurity, then you can follow her on Facebook:
Click Here to follow her: Cybersecurity PRISM
Life is small and make the most of it!