Photo by Patrick Hendry on Unsplash

Threat modelling is a systematic process of identifying and analyzing potential threats and vulnerabilities in a system or application to determine the most effective way to protect it from attacks. In the context of cyber security, threat modelling involves identifying potential attack vectors and determining the likelihood and impact of each threat on the security of the system.

The process of threat modelling typically involves the following steps:

Identifying assets: Identify the assets that need to be protected, such as sensitive data, user accounts, and critical systems.

Creating a threat model: Create a model that represents the system, application, or process you are protecting.

Identifying threats: Identify potential threats to the system, such as malware, phishing attacks, or social engineering.

Analyzing threats: Analyze each threat in terms of its likelihood and impact on the system’s security.

Identifying vulnerabilities: Identify vulnerabilities in the system that could be exploited by an attacker.

Assessing risks: Assess the risks associated with each vulnerability and prioritize them based on their potential impact.

Mitigating risks: Develop a plan to mitigate the identified risks, including implementing security controls and testing the effectiveness of these controls.

In a nutshell, it’s an essential part of a comprehensive approach to cybersecurity and can help organisations proactively identify and address potential threats before they can be exploited by attackers.

The Benefits

There are several benefits to performing threat modelling in the context of cybersecurity, including:

Identifying potential vulnerabilities: Threat modelling can help identify vulnerabilities in a system that might not have been apparent otherwise. This allows security teams to prioritize their efforts and focus on the areas of the system that are most at risk.

Proactive approach to security: Threat modelling is a proactive approach to security that helps organizations anticipate potential attacks before they occur. By identifying threats and vulnerabilities early, organizations can take steps to prevent attacks and reduce the impact of any successful attacks.

Cost-effective: Threat modelling can be a cost-effective approach to cybersecurity, as it helps identify the most critical risks and allows organizations to focus their resources on addressing those risks.

Better decision-making: Threat modelling can help organizations make better decisions about their security posture by providing a structured approach to identifying and prioritizing risks. This allows organizations to make informed decisions about where to allocate resources and what security controls to implement.

Improved communication: Threat modelling can improve communication among different teams involved in the security of a system or application. By providing a common framework and language for discussing security risks, threat modelling can help ensure that everyone is on the same page and working towards the same goals.

We don’t need it…

The negatives of not performing threat modelling in the context of cybersecurity include:

Increased vulnerability to attacks: Without threat modelling, an organization may be unaware of potential vulnerabilities in their system, making it easier for attackers to exploit those vulnerabilities and launch successful attacks.

Reactive rather than proactive approach: Without a proactive approach to security, an organization may only become aware of vulnerabilities after an attack has occurred, leading to a reactive rather than proactive response.

Costly remediation efforts: Responding to attacks after they occur can be costly, both in terms of financial resources and reputation damage. Without a proactive approach to security, an organization may need to spend significant resources to remediate the damage caused by a successful attack.

Compliance violations: Many regulatory requirements and industry standards, such as PCI DSS and HIPAA, require organizations to perform threat modelling and risk assessments. Failing to do so can result in compliance violations and potential legal consequences.

Communication breakdowns: Without a common language and framework for discussing security risks, communication breakdowns may occur between different teams involved in the security of a system or application. This can lead to misunderstandings and a lack of coordinated effort to address security risks.

As you can see. By not performing threat modelling can be severe, including increased vulnerability to attacks, higher costs, compliance violations, and communication breakdowns. These risks make threat modelling an essential component of any comprehensive cybersecurity program.

What frameworks should I look into?

There are several common frameworks for threat modelling in the context of cybersecurity. These frameworks provide a structured approach to identifying and prioritizing security risks in a system or application. Some of the most common frameworks include:

STRIDE: STRIDE is a framework developed by Microsoft that provides a mnemonic for identifying different types of threats: Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, and Elevation of Privilege.

PASTA: PASTA (Process for Attack Simulation and Threat Analysis) is a risk-centric approach to threat modelling that involves several phases, including defining the system, identifying attack surfaces, enumerating threats, and developing mitigation strategies.

Trike: Trike (Threats, Risk, and Vulnerability Assessment) is a framework that provides a systematic approach to identifying and analyzing potential security risks in a system or application.

VAST: VAST (Visual, Agile, and Simple Threat modelling) is a lightweight, agile approach to threat modelling that emphasizes visualization and collaboration.

DREAD: DREAD (Damage, Reproducibility, Exploitability, Affected Users, and Discoverability) is a framework that provides a way to rate the severity of potential threats based on several factors.

CVSS: CVSS (Common Vulnerability Scoring System) is a standard framework for assessing the severity of vulnerabilities in a system or application based on several factors, including the impact of the vulnerability and its exploitability.

Each of these frameworks provides a structured approach to threat modelling, and organizations can choose the framework that best suits their needs and resources.

Where should I start?

The best framework for new starters will depend on the organization’s specific needs and the complexity of the systems or applications they are working with. That being said, some frameworks may be more accessible to new starters than others.

For example, the STRIDE framework, developed by Microsoft, is a widely-used and relatively easy-to-understand framework for identifying different types of threats. It provides a mnemonic for six different categories of threats (Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, and Elevation of Privilege) that can help new starters to quickly identify potential threats.

Another option for new starters is the VAST framework, which emphasizes visualization and collaboration, and is designed to be a lightweight and agile approach to threat modelling. This framework may be easier to understand and apply than some of the more complex frameworks.

Ultimately, the best approach for new starters is to start with a framework that is easy to understand and apply and to gradually build up knowledge and expertise over time. Organizations may also consider providing training and resources to support new starters in their threat modelling efforts.

Will there be challenges?

Yes, of course!

There are several common challenges that organizations may face when starting the threat modelling process. Some of the most common challenges include:

Lack of expertise: One of the most significant challenges in starting the threat modelling process is the lack of expertise and knowledge of the organization’s security team. This can make it difficult to identify and prioritize potential threats and vulnerabilities in the system.

Complexity of the system: Another challenge is the complexity of the system or application being modelled. Complex systems may have many potential attack surfaces and vectors, making it challenging to identify and prioritize threats.

Lack of resources: Threat modelling can be a time-consuming process that requires significant resources, including time, expertise, and tools. Organizations may struggle to allocate sufficient resources to the threat modelling process, making it challenging to perform a thorough analysis.

Resistance to change: Some organizations may resist the threat modelling process, particularly if they are used to taking a reactive approach to security. This resistance can make it challenging to gain buy-in from key stakeholders and implement necessary changes to improve the security posture of the system.

Communication breakdowns: Communication breakdowns between different teams involved in the security of the system can also be a challenge. Without effective communication, it can be challenging to identify and prioritize threats and vulnerabilities and to implement effective security controls.

To overcome these challenges, organizations may need to invest in training and education for their security teams, allocate sufficient resources to the threat modelling process, and ensure effective communication and collaboration between different teams involved in the security of the system.

Resources:

There are many excellent resources available to learn more about threat modelling and how to implement it in your organization. Here are a few that you may find helpful:

Microsoft’s Threat modelling Tool: Microsoft offers a free, open-source tool for threat modelling, along with comprehensive documentation and tutorials. The tool is a great way to get started with threat modelling, even if you are not a cybersecurity expert.

The Open Web Application Security Project (OWASP): OWASP provides a wealth of resources on threat modelling, including best practices, guidance, and sample models. Their resources are designed to be accessible to both experts and novices in cybersecurity.

SANS Institute: SANS offers a wide range of cybersecurity courses, including several on threat modelling. Their courses are taught by cybersecurity experts and can provide a comprehensive understanding of the threat modelling process.

The Center for Internet Security (CIS): CIS provides guidance and resources on a wide range of cybersecurity topics, including threat modelling. Their resources are designed to be accessible to both technical and non-technical audiences.

NIST Cybersecurity Framework: The National Institute of Standards and Technology (NIST) offers a framework for improving cybersecurity in organizations, including a section on threat modelling. Their guidance is based on industry best practices and can provide a comprehensive understanding of the threat modelling process.

These resources can help you get started with threat modelling and provide guidance on best practices for implementing it in your organization.

What to play with:

There are several free tools available for creating threat models and diagrams. Here are a few that you may find useful:

Microsoft Threat modelling Tool: This free tool from Microsoft allows you to create threat models and analyze potential security risks in your system or application. The tool includes built-in templates and provides guidance on best practices for threat modelling.

Draw.io: Draw.io is a free web-based diagramming tool that can be used to create a variety of diagrams, including threat models. It offers a wide range of shapes and templates and allows you to export your diagrams to a variety of formats.

Lucidchart: Lucidchart is another web-based diagramming tool that offers a free version for basic use. It includes a wide range of templates and shapes and allows you to collaborate with others in real time.

Creately: Creately is a web-based diagramming tool that offers a free version for basic use. It includes a wide range of templates and shapes and allows you to collaborate with others in real time.

yEd Graph Editor: yEd is a free desktop application that can be used to create a variety of diagrams, including threat models. It offers a range of layout algorithms and can import and export data from a variety of sources.

These tools can help you create professional-looking threat models and diagrams, even if you don’t have experience in cybersecurity or diagramming.

What to read?

There are many excellent books available that cover the topic of threat modelling and can help you gain a more comprehensive understanding of the threat modelling process. Here are a few books that you may find helpful:

“Threat modelling: Designing for Security” by Adam Shostack: This book provides a comprehensive overview of the threat modelling process, including key concepts, methodologies, and tools for threat modelling. The book covers a range of topics, from basic threat modelling concepts to more advanced techniques.

“Building Secure Software: How to Avoid Security Problems the Right Way” by John Viega and Gary McGraw: This book provides guidance on how to build secure software, including a comprehensive chapter on threat modelling. The chapter covers the basics of threat modelling and provides practical guidance on how to apply threat modelling in your organization.

“Threat modelling: Uncover Security Design Flaws Using the STRIDE Approach” by Frank Swiderski and Window Snyder: This book focuses on the STRIDE framework for threat modelling and provides practical guidance on how to use the framework to identify and prioritize potential threats.

“The Art of Software Security Assessment: Identifying and Preventing Software Vulnerabilities” by Mark Dowd, John McDonald, and Justin Schuh: This book provides a comprehensive overview of software security assessment, including a detailed chapter on threat modelling. The chapter covers the basics of threat modelling and provides practical guidance on how to use threat modelling to identify and prioritize potential threats.

These books can provide a deeper understanding of the threat modelling process and can help you develop practical skills for applying threat modelling in your organization.

Certification?

There are several certifications available for professionals who specialize in threat modelling. These certifications can help demonstrate expertise and knowledge in threat modelling, and can be useful for career advancement and job opportunities. Some of the most popular certifications include:

Certified Threat Intelligence Analyst (CTIA): The CTIA certification is offered by EC-Council and covers a range of topics related to threat intelligence, including threat modelling. The certification is designed for security professionals who want to demonstrate expertise in identifying and mitigating potential threats.

Certified Threat Intelligence Professional (CTIP): The CTIP certification is offered by the Cyber Intelligence Tradecraft Alliance and is designed for professionals who specialize in threat intelligence, including threat modelling. The certification covers a wide range of topics related to threat intelligence and requires passing an exam to obtain certification.

Certified Application Security Engineer (CASE): The CASE certification is offered by the EC-Council and covers a range of topics related to application security, including threat modelling. The certification is designed for security professionals who want to demonstrate expertise in identifying and mitigating security risks in applications.

Certified Ethical Hacker (CEH): The CEH certification is offered by the EC-Council and covers a range of topics related to ethical hacking, including threat modelling. The certification is designed for security professionals who want to demonstrate expertise in identifying and mitigating potential threats in a system or application.

These certifications can provide a recognized credential that can help professionals demonstrate their expertise in threat modelling and related areas of cybersecurity.

In conclusion, threat modelling is an essential component of a comprehensive approach to cybersecurity. By proactively identifying and prioritizing potential threats and vulnerabilities in a system or application, organizations can take steps to prevent attacks and reduce the impact of any successful attacks. While there may be challenges in starting the threat modelling process, organizations that invest in training and education, allocate sufficient resources and ensure effective communication and collaboration can reap the benefits of a more secure system. By understanding the benefits of threat modelling and overcoming the challenges, organizations can take a proactive approach to security and protect themselves from the ever-evolving threat landscape of cyber attacks.