As enterprises struggle to keep up with various forms of cyber attacks, many are discovering the benefits of threat modeling. This process is a structured way to identify threats and vulnerabilities to enterprise security and rank the risk and potential damage of each so that mitigation efforts can be prioritized.
While this is a broad definition, the key to threat modeling that differentiates the technique from more general security efforts is that it is highly structured and systematic. Its steps are pursued in an effort to understand the environment, its vulnerabilities, and possible threats.
Even so, there are many threat modeling strategies and techniques that each grew out of the first tools developed in the 1990s. Some models emphasize certain areas, and some are specific to certain disciplines, such as application-level security. No matter which type of model an enterprise uses to address cyber attacks, the following four questions will be answered:
- What is the business process we are addressing?
- How could things go wrong?
- What is the plan to address it?
- Was the plan successful?
Each threat modeling process should include four steps that seek to fulfill the answers to those questions:
- Decomposition of the infrastructure or application
- Threat determination
- Mitigation steps
- Ranking of the risk of threats
To decompose an application or infrastructure element entails gaining a clear understanding of the infrastructure or application and how it interacts with other elements. This will include use cases to determine how the application is being utilized and identifying all points of entry for a potential attack. It should also identify assets and what trust levels are necessary for various levels of access.
Data Flow Diagrams: Many enterprises achieve the early stages of threat modeling by developing a data flow diagram. These were first used during the 1970s to help understand how data moves and where that data is altered or stored. It also brings in the concept of a trust boundary, a point in which the data needs to be validated before it can be used.
Process Flow Diagrams: An alternative to the data flow diagram is the process flow diagram which is a more streamlined approach. It’s similar to a data flow diagram, but it focuses on the ways that users move through a system, and it seeks to understand how attackers think about the system access. This often incorporates building an attack tree to determine potential threats against the application or infrastructure. This technique helps threat modelers identify sets of circumstances in which cyber attacks are most likely to occur.
There are many frameworks for threat modeling, but the most popular is called STRIDE, which stands for the six main types of threat:
- Spoofing, in which a person or computer is impersonated and violates authenticity
- Tampering
- Repudiation, which removes the link of an action performed
- Information Disclosure
- Denial of Service, preventing availability
- Elevation of Privilege
This is just one example of the many threat modeling methodologies, but what may be considered most important against cyber attacks is the prioritization of threat modeling during the planning and development of any system. Integrating security and threat modeling at the beginning of a project saves time and resources later.For assistance in choosing the best threat modeling approach against cyber attacks, contact us at Access Tech. We can help ease some of the challenges associated with protecting your data and systems against intruders.