There’s an old saying — an ounce of prevention is worth a pound of cure.
Nowhere does this hold truer than in cybersecurity. Passive, reactive cyber defenses have long struggled to keep up with the evolving cybercrime market. In recent years, however, they’ve begun to skirt the edge of obsolescence.
Virtual crime now pulls in greater funds than some countries, with criminal profits projected to reach $10.5 trillion by 2025. Criminal enterprises, meanwhile, are becoming progressively more sophisticated. Coupled with the fact a new attack happens every 39 seconds, the need for more preventative, proactive tactics should be quite clear — it’s past time businesses progress from cybersecurity to cyber resilience.
Threat modeling represents a crucial pillar of this transition.
What is Threat Modeling?
Threat modeling is precisely what it sounds like. It’s an advanced, structured approach to cyber threats that sees an organization map out potential threat scenarios. A threat modeling approach battle tests your business’s systems and static frameworks, allowing you to identify weaknesses and shortcomings before a threat actor can exploit them.
Threat modeling traditionally has its roots in the software development lifecycle, identifying design decisions or development practices which could result in long-term risk. In a modern context, however, its role goes well beyond that. As part of a complete risk management strategy, threat modeling evaluates each individual system, identifying and prioritizing each individual threat before it can cause harm to the organization.
If it’s starting to sound like threat modeling shares a lot in common with a business impact assessment, that’s no accident. The latter actually leverages threat models as part of its analysis process. It’s only natural that there would be a great deal of overlap between the two.
What is the Purpose of Threat Modeling?
As noted by Carnegie Mellon University, at a high level, every threat modeling methodology consists of the following:
- A representation of the system.
- The goals, motivations, methods, and tactics of potential threat actors.
- A comprehensive catalog of potential threats, risks, and vulnerabilities.
Threat modeling frameworks also help you contextualize identified risks by defining how each might be exploited. They can provide you with the opportunity to pre-emptively document mitigation tactics in the event that a system is targeted by an attack. Finally, they can be used to direct IT investment and inform the deployment of new cybersecurity controls.
Given all the similarities, how exactly does one choose a framework?
- Consider your security and compliance requirements.
- Evaluate your business’s risk profile.
- Think about how your systems and applications are designed, including architecture, programming language, access controls, etc.
- Determine the specific business objectives of each department within your organization.
- Think about the industry and sector in which your business operates.
In short, your choice of framework depends largely on your unique business, security, and regulatory needs and requirements. With that said, although there isn’t generally a one-size-fits all threat model, there are five methodologies which are leveraged more frequently than others. There’s a good chance that one of these five will prove to be a fit for your organization — and there’s also no reason you can’t apply multiple models simultaneously.
What Are the Popular Threat Modeling Techniques?
Created by Microsoft in 1999, Spoofing Tampering Repudiation Information message Disclosure Denial of Service and Elevation of Privilege (STRIDE) is focused primarily on development and design. As the most mature threat modeling framework on the market, STRIDE has evolved considerably over the years to keep pace with the emergence of new types of threats.
PASTA, or Process for Attack Simulation and Threat Analysis, establishes a seven-step process through which a business can evaluate a system from an attacker’s perspective. It blends this approach with a comprehensive risk assessment and business impact analysis. In so doing, it allows one to both gain a better understanding of threat actors whilst also ensuring alignment between threat models and business objectives.
Originally created as a framework for carrying out security audits, the open-source Trike has since carved out a well-defined niche as a threat modeling tool for businesses that seek to consolidate threat modeling with risk management and risk assessments. In addition to defining and mapping existing systems and threat surfaces, Trike requires that a business establish its risk appetite prior to application.
VAST (Visual, Agile, Simple Threat modeling) was initially conceived in an effort to address the shortcomings of other threat modeling techniques. Built on the idea that different segments of an organization have different security concerns, VAST can model threats from both an application and an operational perspective. It is also specifically designed to support agile development, scalability, and automation.
Another old hat framework, Operationally Critical Threat, Asset, and Vulnerability Evaluation (OCTAVE) was developed with a cybersecurity perspective in mind. It is focused primarily on organizational and operational risks, and seeks to reduce unnecessary documentation, better-define assets, and more effectively wrap threat models into a business’s overall security strategy. It’s an excellent option for an organization that seeks to promote better risk-awareness, although it doesn’t scale particularly well.
Built from real-world observation, MITRE ATT&CK is as much a knowledge base as a threat model. In addition to threat modeling, ATT&CK also provides frameworks for penetration testing, cybersecurity, and defense development. From a threat modeling perspective, ATT&CK is, as one might expect from the name, focused primarily on a cyberattack’s lifecycle.
This lifecycle model consists of fourteen core stages, defining different mitigation efforts for each one:
- Reconnaissance: The threat actor is collecting information about your systems, lightly probing for weaknesses.
- Resource development: The threat actor is gathering what they need to exploit a discovered weakness or vulnerability.
- Initial access: The threat actor makes an initial effort to gain a foothold within your ecosystem.
- Execution: With access secured, the threat actor begins running malicious code on the compromised system.
- Persistence: As the threat actor continues tampering with your system and network, they begin evaluating how they might evade efforts to detect and stop them.
- Privilege escalation: The threat actor has gained access to elevated permissions within the compromised system, allowing them to potentially cause significantly more damage.
- Defense evasion: The threat actor further strengthens their foothold by disabling or undermining security systems.
- Credential access: The threat actor steals account credentials and uses them to increase their access within the system.
- Discovery: The threat actor looks beyond the initial system they targeted and begins looking for access points within the wider network.
- Lateral movement: The threat actor moves between compromised systems and accounts.
- Command and Control: The threat actor further strengthens their hold over compromised systems, directing core processes as they see fit.
- Collection: The threat actor begins preparing for data theft/exfiltration.
- Exfiltration: If the attacker’s goal is data theft, this is the stage where they finally act to fulfill that goal.
- Impact: The targeted organization is left to clean up the damage caused by the threat actor, which by this point is no longer under the radar.
Why is Threat Modeling Beneficial?
You cannot patch a vulnerability you cannot see, and you cannot defend against an attack you don’t know is coming. At a high-level, these are the issues that threat modeling addresses. It equips your security team with a standardized means of both shoring up existing architecture and evaluating new additions to your technological ecosystem.
Visibility aside, systematically reviewing your processes, systems, and software is invaluable for a number of reasons.
- It helps you identify and eliminate preventable errors, including software bugs, unpatched vulnerabilities, and misconfiguration.
- It reduces risk exposure by minimizing and mitigating vulnerabilities in your attack surface.
- It promotes a deeper understanding of software and hardware systems, particularly from a risk perspective.
- It ensures more effective threat prioritization, informing everything from purchase decisions to mitigation efforts.
- It helps validate and test existing security controls and systems.
- Provided you leverage the right tools, it empowers your organization to adapt faster to a constantly-changing threat landscape, keeping pace where traditional risk management frameworks might fall behind.
- It identifies and eliminates bottlenecks, single points of failure, and ineffective controls/policies.
- It arms you with an intimate understanding of the cyber kill chain, particularly the specific defensive actions you can take at each stage of that cycle.
- It provides you with a standardized means of quantifying and assessing the effectiveness of your existing cybersecurity strategy.
- It provides operational visibility which might otherwise escape your notice.
- It improves both quality assurance and general development/design.
- It enhances collaboration, driving home that cyber resilience and cybersecurity is everyone’s responsibility.
The Right Tool for the Right Framework
Threat modeling is a cornerstone of effective cyber resilience, and no longer optional in today’s security landscape. And though it may sound like an overwhelming undertaking at first glance, it doesn’t need to be.
With a platform like Centraleyes, you can not only arm yourself with the necessary threat intelligence for more accurate modeling, but streamline the entire threat modeling process from beginning to end.
Book a meeting today and discover how Centraleyes is taking GRC programs to the next level with advanced threat modeling.