Itās dangerous out there. Cybersecurity threats are rampant and a system that doesnāt have adequate protection is a system that is welcoming attack. This is as true of a banking app as of a cloud PBX system.
Thankfully, there are numerous weapons available to assist in the fight against system dangers. One of the most potent in the cybersecurity armory is threat modeling. One of the reasons itās so effective is that it is an approach based on methodical prevention rather than reactive rectification. An ounce of preventionā¦.
What is threat modeling?
Threat modeling is the process by which cybersecurity professionals can identify a systemās vulnerabilities and the possible threats that might target them. Threats are ever-growing, with current major examples including phishing and ransomware.
Image sourced from financesonline.com
Further, threat modeling involves an assessment of the seriousness of each threat, and an appraisal of how each threat can be countered.Ā
Several different approaches can be brought to bear on the situation. In this way, itās hoped that all types of threat and all danger scenarios can be covered. Each of the approaches has commonality. Weāll look at this first.Ā
The important factor to bear in mind with all threat modeling is that it is a structured process. The IT professional doing the threat modeling adopts a systematic approach that has several key components.Ā
Generally speaking, these components are:
1.Address the issue of what weāre working on. What activity takes place here? Is it general office work or something more specific, like VoIP calls?
2.What threats exist that might target this part of the business? This takes a clear understanding of the systemās stress points, as well as the latest threats that have been developed.
3.What remedial steps should be taken? A good level of knowledge about the system and the threat landscape will enable effective approaches to combat possible threats.Ā
4.There should be an element of self-appraisal. Did the IT team do a good job of protecting against the threat?
Threats are constantly developing so itās incumbent on security professionals to stay in learning mode to stay on top of the game. This is why commercial security operations and the data analytics government and authorities conduct are always evolving.Ā
There are three possible broad approaches to take from here. Whichever is chosen, there will be an element of decomposition of the system. This means a deconstruction of the organization in order to see how the component parts fit together.Ā
The approach favored by an IT professional will probably be a combination of two or more of these:Ā
ā¢Asset-centric: This will generate an understanding of the assets of the system. I.e., the parts that an attacker will want to acquire. This could be industry-sensitive information, financial record data, security protocols, and more.
ā¢Attacker-centric: This will generate an understanding of who an attacker might be and where an attacker might gain access. I.e, the entry points. There will also be an appreciation of the trust levels granted to specific external bodies.Ā
ā¢Software-centric: This will generate an understanding of the system so that its architecture and data flow are better understood.Ā
Letās look now at some specific methods that a cybersecurity professional can use to eradicate threats:Ā
1.CVSS
This stands for the Common Vulnerability Scoring System. It works by listing all the main characteristics of a system and assigning a score from one to 10 (10 being the worst) regarding its vulnerability to attack. This is carried out using three sets of metrics:
Image sourced from balbix.com
This is a great technique for businesses wanting to triage the threats facing them, as it gives a clear indication of what should be dealt with first.Ā
2.PASTA
This stands for Process for Attack Simulation and Threat Analysis. Itās a seven-step procedure, with the aim being to focus on technical security and match it to business objectives. The steps taken are as follows:
- Objective definition
- Technical scope definition
- System decomposition
- Analysis of threat
- Analysis of vulnerability
- Attack simulation
- Assessment of risk
Advantages of the PASTA approach include its thoroughness and the way it prompts cross-departmental collaboration. The seven steps, after all, necessitate this kind of team approach or only partial information will result. Disadvantages include the fact that itās lengthy, which means itās expensive.Ā
3.STRIDE
This oneās been around since Microsoft came up with it in the 1990s. Its acronym refers to the different threats it deals with:
- Ā
- Spoofing: An attacker gains access by assuming another identity.
- Tampering: Data and data privacy are altered with a malicious objective.
- Repudiation: The ability that an attacker has to deny their culpability.
- Information disclosure: The extent to which data can be revealed to unauthorized bodies.
- Denial of service: The attacker manages to exhaust services so that they are unavailable to legitimate users.
- Elevation of privilege: The attacker succeeds in securing higher privilege for themselves.Ā
A cybersecurity professional using STRIDE will try to create scenarios that test a system as if it were under attack in each of these ways. The result is an extremely thorough picture of system vulnerabilities. The downside is that it is time-consuming and can be a little OTT. Itās great to be thorough. But sometimes itās unnecessary to cover all bases.Ā
4. Attack tree
Image sourced from totem.tech
This is a diagram that lays out an attack concept. In other words, possible routes of incursion into the system are diagrammatically represented. This is an attacker-centric approach, wherein the attacker is defined in terms of skillset and goals. It works like this:
- Ā
- There is a root node to begin with. This represents the attackerās goal.
- Leaf nodes are added. These represent possible ways of reaching that goal.
- Each node is assessed for vulnerability levels and impact potential.Ā
- Based on the node assessments, defenses are installed where needed.Ā
A nice advantage of attack trees is that you can use a series of common attack sequences on them, as well as try out whole new threat vectors. Itās also an easy-to-use technique with good visual comprehensibility.Ā
Disadvantages include the fact that an unskilled user can overlook vulnerabilities. This is because there are no concrete attack tree rules on threat assessment. This area takes a skilled cybersecurity professional to properly assess possible problems.Ā
5. VAST
This approach stands for Visual, Agile, and Simple Threat modeling. Itās best for large organizations that require threat modeling to be in place across varied teams and subsystems. It consists of two models:
- Application threat. This uses an architectural perspective, at design level, to appraise an application to see what threats exist in the user-application interactions, as well as the interactions with outside systems.Ā
- Operational threat: This is a DevOps approach that looks at system infrastructure.Ā
The two models can be inserted into most systems, which means VAST is hugely versatile. Other advantages include the fact that itās scalable and automation-friendly. It also doesnāt require specialized security expertise. Disadvantages include its freshness. Itās still fairly new so thereās not the volume of documentation common with other approaches.Ā
Ā
