Three key tips to plan and perform your model correctly
One of the best ways to protect your company against the myriad of cybersecurity threats out there is a comprehensive, long-term strategy. A key tool to accomplish this is a threat model, which functions as a how-to manual when things go wrong. It identifies risks and vulnerabilities and builds security into the design of networks or applications to thwart potential threats.
At its core, threat modeling allows your team to see the whole forest instead of focusing on each individual tree (threat). It also provides a unique opportunity to ensure that everyone across the organization has a shared understanding of how your product or service is built and the vulnerabilities inherent within it – a valuable exercise whether or not a threat looms large.
Below are three tips on how to best execute an effective threat model.
Find the right one
A key point to remember when starting this process is to distinguish threat modeling from threat intelligence. Intelligence in this context refers to a reactive stance designed to ward off attacks from specific targets as they occur, as opposed to the more proactive, strategic posture of modeling which looks at a system’s long-term weaknesses and opportunities. For our purposes here, we will focus on modeling.
Of the many modeling methodologies used today, three bubbles up to the surface: Trike, PASTA, and STRIDE.
- Trike is an open source tool used to build threat modeling into the software development process itself, which allows developers to proactively work around potential threats, rather than rely on patches or other fixes later.
- PASTA (Process for Attack Simulation and Threat Analysis) provides a seven-stage, risk-based threat modeling approach that is grounded in real-world evidence. Its methodology is “attacker-centric,” meaning defenders can protect their system by looking at it from the perspective of those who wish to take it down.
- STRIDE (Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, Elevation of Privilege) allows modelers to walk through each of these attack options: “Could someone spoof this? How would someone tamper with this? …” It is Microsoft’s preferred method of modeling and is therefore fairly well-known due to the company’s mammoth influence in the software industry.
No threat model is one-size-fits-all. Evaluate the benefits of each, experiment, and select the tools that work best with your company’s needs. You don’t need to fix every issue as it comes up at the moment. Tuck it away in the bug list and let the evaluation process continue. Rest assured, there will come a time to tackle bugs, challenge assumptions, and put the model to the test.
Step outside of IT
The best threat model in the world will be useless if it only serves to please your IT team. Threats come in all forms and from all departments, from legal to marketing to customer service. The crack team in IT needs to have a major role in the process, it’s true. But in order to do their jobs properly, they need a comprehensive understanding of the company’s business objectives and what each need from a security policy.
Conversations with outside departments can open up enlightening discussions about vulnerabilities and threats that may have not yet been considered. In addition, they may also reveal the possible dangers of internal attackers. Threat actors tend to fall into one of four buckets: insider trusted (privileged users); insider untrusted (contractors, regular users); external trusted (suppliers, service providers); or external untrusted (cybercriminals, competitors). Motivations can vary from revenge for perceived wrongs or competitive advantage to political or criminal objectives.
Never stop modeling
Once a company completes its threat model, it may be tempting to declare “Mission Accomplished!” and break out the cigars. On the contrary, a threat model should be a living document, subject to constant updates and reevaluation. The landscape of potential cyber attacks is constantly in flux – and your model should be no different. Revisit the metrics and conclusions regularly so that your assessment reflects the world of today, not last year.
When in doubt about how to keep your head above these shifting sands, follow the data. When an attacker interacts with your system, it leaves a trail of valuable data from which to refine and reshape your threat model. Establish a permanent working committee that meets consistently to analyze and polish.
Trust your instincts
Threat modeling is a complex, technical process. But at the end of the day, the best strategy comes from a common sense approach based on long experience and keen insight into trends. No one knows your company as you do. Do your research, get lots of buy-ins, but make the moves that allow you – and your entire team – to sleep well at night.
Absolute Logic’s clients across four states and 40 industries are guided safely through the threat landscape. Our wide array of services includes system security suites, risk assessment, education, and training and disaster recovery. If you’d like us to put our expertise to work for you, we’d be happy to help. Call us at 844-315-9882 or use our contact form for a free consultation.