This blog was written by an independent guest blogger.
A lot of cybersecurity terminology can sound complex and esoteric. You may hear defensive security specialists, the people who work to secure computers and their networks, talk about threat models and threat modeling a lot. So what is threat modeling? It’s actually pretty simple, and it’s a concept that can not only be applied to computer security, but also to ordinary people in our everyday lives.
Threat modeling in a nutshell
If your organization has a particular amount of resources and a limited cybersecurity budget, prioritizing the allocation of your funds and resources according to how your network is most likely to be cyber attacked is common sense. From there, you can prioritize defending against the most expensive cyber attacks over the least expensive cyber attacks. You need to conduct thorough analysis to model threats effectively.
You must understand that there are vulnerabilities in all software, hardware, and networks. Nothing will ever be 100% secure, your job as a cybersecurity professional is to keep your systems as secure as reasonably possible while understanding that there will always be limits, and no security hardening is ever perfect.
So threat modeling is a way of thinking and planning. Usually your blue team will focus on threat modeling when they’re at the design phase of a computer system or application. Security is a constant, everyday process. But designing a system to be more secure starts with effective threat modeling at the beginning.
What’s a threat model?
Threat models can take many, many different forms. The evolving cyber threat landscape and your imagination are the only limits. But here are a few examples of threat models, to give you an idea of what they can be.
Threat models in everyday life
You may not know it, but ordinary people engage in a type of threat modeling everyday.
For example, if my apartment building is on fire, my building is designed with multiple fireproof stairwells and a robust fire detection system. If I have to escape my apartment because of a fire, I know to exit my building through a stairwell that’s as far away from the fire as possible. The elevators are unsafe to use during a fire, and I know to feel doors for heat before I open them as I evacuate. If I must escape through a smoke filled area, I know I should keep as low as possible, crawl on the floor if I must.
If I want to spray paint a table, I understand that inhaling paint fumes can be harmful, and I also don’t want to get paint on my clothes or on anything else in my apartment. I will wear something that I don’t mind getting paint on. I will wear vinyl gloves to protect my hands. will go outside to do my spray painting, which will limit the risk of inhaling fumes. I will cover the ground with multiple layers of newspaper so I don’t accidentally paint it.
Threat modeling concepts methodologies
There are lots of different concepts for threat modeling in cybersecurity.
Risk analysis can determine what your pertinent cyber threats are, and how they can impact your organization.
Reduction analysis is useful when you’re threat modeling a complex system, so you don’t duplicate your efforts and resources. For example, if a software library has a particular vulnerability, threat model that library rather than the same vulnerability in every application you design which implements the same library. An application sends a variety of different messages over the same TLS connection. Threat model the certificate and TLS connection as a whole instead of threat modeling each type of message over the same TLS connection that uses the same certificate.
There are also different methodologies for conducting threat modeling. Microsoft developed a methodology called STRIDE. The acronym stands for Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, and Escalation of Privilege. Trike is an open source methodology. It focuses on modeling threats from a defensive perspective, rather than that of an attacker. PASTA is a risk-centric methodology with seven phases including defining objectives, defining scope, application decomposition, threat analysis, vulnerability analysis, attack modeling, and risk analysis. There are many other methodologies, those are some of the most common ones. Your organization may choose one or more methodologies according to what’s most effective for your needs.
If your organization understands effective threat modeling and you design your systems securely from the very beginning, you’ll be better prepared for the rapidly evolving cyber threat landscape!