What is threat modeling and why should you be careful?
What is as threat modeling?
While there is not an exact industry-wide definition, threat modeling can be summarized as a practice to proactively analyze the cybersecurity posture of a system or system of systems. Threat modeling can be conducted both in the design / development phases and for system environments
It is often called Designing for Security. In short, threat modeling answers questions such as “Where am I most vulnerable to attack?”, “What are the main risks?” And “What should I do to reduce these risks?”.
More specifically, threat modeling identifies cybersecurity threats and
vulnerabilities and provides information on security status, as well as controls or defenses to be put in place given the nature of the system, valuable assets to be protected, profiles of potential attackers, potential attack vectors and potential attack paths to large assets value.
Threat modeling can consist of the following stepss:
1. Create a representation of the environment to analyze
2. Identify high value assets, threat actors and articulate risk tolerance
3. Analyze the system environment from the point of view from potential attackers:
- How can attackers reach and compromise my valuable assets? That is to say. What are the possible attack paths for how attackers can reach and compromise my high-value assets?
- Which of these paths are the easiest and most difficult for attackers?
- What's my cyber posture - How difficult is it for attackers to reach and compromise my high-value assets?
If the security is too low / the risks are too high,
4. Ididentify potential measures to improve safety to acceptable / target levels
5. Identify potential measures to be implemented - the
means most effective for your organization to achieve
acceptable / target risk levels
Why is the threat model - Business Values
Threat modeling is a very effective way to make informed decisions when managing and improving your cybersecurity posture . It can be argued that
threat modeling, when done right, can be the most effective way to
manage and improve your cyber risk posture, as it can help you Help
identify and quantify risks proactively and holistically and focus your security
measures where they create the best value.
Identify and manage vulnerabilities and risks before their implementation and exploitation
Before implementation: Threat modeling allows organizations to "move to the left " and identify and tigate security risks already in the planning / design phases / development, which are multiple - often 10x, 100x, or even more - times more profitable than solving them in the production phase.
Before we can be exploited: As rational and effective cyber defenders, we need both proactive and reactive cyber capabilities. Proactively strengthening security before attacks occur has obvious benefits.
However, this also comes at a cost. Effective threat modeling enables the user to make decisions abouton the risks on the measures to be implemented proactively.
Prioritize security resources where they create the best value
L One of the main challenges in cybersecurity management is figuring out how to prioritize and allocate limited resources to manage risk with the best effect per dollar spent. The threat modeling process, presented in the first section of this text, is a process to determine exactly that. When done effectively, it takes into consideration all the key parts that guide rational decision making.
There are several additional benefits to threat modeling. The first is that all the analyzes Additionally, analyzers can test scenarios before implementations.
are performed on a model representation of your environment,
which creates significant advantages because the analyzes are non-intrusive.
Another set of values is that threat models create common ground for communication in your organization and increase cybersecurity awareness . To keep this text concise, here we mainly highlight the values above. We also want to point out that there are several other excellent
values of Threat Modeling, and we encourage you to explore them.
Who does the threat modeling and when?
The question "Who should be a threat model?" the Manifesto on the threat modeling says "You. Everyone. Everythingperson concerned about the confidentiality, safety and security of their system. While we agree with this principle in the long run, we want to qualify the view and stress the need for automation.
Threat modeling in development:
This is the "base case" for threat modeling. Threat modeling is typically conducted from the design phase and beyond the development process. It is rational and common to do this more thoroughly for high criticality systems and less rigorously for low criticality systems. Threat modeling work is typically done by a combination of development / DevOps and security organization teams.
More mature organizations typically have more work done by Dev / DevOps teams and less organizationsmature have more support from the security organization.
Threat modeling of live environments:
Many organizations also do threat modeling on their living environments.
Especially for high criticality systems. As with development threat modeling
, organizations have organized the work in different ways.
Here, the work is usually done by a combination of operations / DevOps teams
and a security organization.
Of course, it is beneficial for threat models to fit together and evolve over time, from development to operating and DevOps cycles.
Also posted on https: //medium.com/faun/threat-modeling-step-by-step-dcbdcd206c6d