What Is Threat Modeling?
Data breaches cost companies USD 8.64 million on average (Johnson, 2021), but many companies report they don’t have adequate protection against these vulnerabilities because there aren’t enough IT security professionals to help. The shortage of cybersecurity professionals leaves these organizations vulnerable to costly data breaches.
Threat modeling is a technique cybersecurity professionals use to identify security vulnerabilities in a company’s IT infrastructure and develop techniques to protect its resources. This guide explores cyber threat modeling and explains which threat modeling skills and tools companies need most.
How Cybersecurity Professionals Use Threat Modeling
Cyberattacks are getting more sophisticated and causing more damage to companies’ systems by the day. Security professionals use a structured process to identify the threats that plague organizations.
A threat intelligence professional’s goal is to identify potential cyberthreats and determine their impact. Once the threat intelligence analyst has this information, they can strategize how to prevent each type of attack. Security teams use a process called threat modeling to identify the areas of the organization’s systems and networks that are most vulnerable to attack.
The Cyber Threat Modeling Process
Cybersecurity professionals have several objectives they must meet to evaluate whether they’ve successfully mitigated a risk.
Determining scope helps narrow the focus to a specific area. Attempting to tackle too broad an area may cause analysts to miss vulnerabilities. Often, analysts focus on one or two areas of the system at a time.
Decompose the System
The threat analysis itself starts with decomposing the system. Security analysts must understand every event or action that takes place in the system. Their research highlights the following information.
External dependencies represent systems outside the target system. For example, an external dependency could be:
- A system within the organization, such as a customer relationship management or human resources information system
- A system at a third-party vendor or business partner that provides information to the target system, such as updated information from a supplier’s inventory database
Entry and Exit Points
Entry points represent the specific locations where an attacker could enter the system. An example entry point is input fields on a web form. Exit points define where data leaves the system. Entry and exit points define what is known as the “trust boundary.”
When an attacker targets a system, they have a goal in mind—often, this is access to a particular organizational asset. For example, a malicious hacker may want a list of a company’s customers and each customer’s personal information.
Trust level represents specific access rights for the system. Threat intelligence analysts cross-reference these access rights against the entry points and exit points. This enables them to see what privileges an attacker needs to interact with to access the asset.
Threat intelligence professionals create data flow diagrams to obtain a high-level picture of the path of information as it flows through the system. These diagrams show analysts what happens to the data at each step.
At this stage, the analyst chooses a threat model. A threat model represents the process analysts use to pinpoint weak spots in the system. Two of the most common threat models are:
- STRIDE. The STRIDE model—an acronym for six threat categories (Spoofing identity, Tampering with data, Repudiation of threat, Information disclosure, Denial of service, and Elevation of privilege)—applies a general set of rules to evaluate a system and identify common vulnerabilities (Geib et al., 2022).
- Attack trees. Attack trees represent a graphical way of attacking a system in tree form. The root is the goal, and leaves are possible methods of achieving that goal. Each branch represents a separate attack.
List and Prioritize Threats
In this stage, the analyst creates a list of threats based on the risks the threat modeling identifies. Each risk represents what the company must fix to secure the system.
Cybersecurity professionals share the list created in the previous step with the appropriate parties in the organization to mitigate risks. Common fixes include:
- Operating system updates
- Code changes
- Hardware updates for the network
After addressing risks, the analyst verifies that the solutions work. They perform another evaluation of the system to confirm the results.
Threat Modeling Tools
Manual threat modeling is generally too time consuming for threat intelligence analysts. Instead, they rely on cyber threat modeling tools to speed up the process. These tools make the process more efficient and create accurate documentation of the outcome. Analysts have a variety of options for tools to help with this process.
Cairns is a web-based tool that enables users to create attacker personas. The persona includes information such as attack goals, resources the hacker may use, and possible attack paths. The tool automatically spots attack patterns and recommends mitigation strategies.
IriusRisk is a questionnaire-based system that asks analysts a set of questions to collect data about the system. IriusRisk uses the information from the questionnaire to create a list of potential threats, including suggested mitigation strategies for each threat. IriusRisk integrates with issue trackers such as Jira as well as Continuous Integration/Continuous Delivery tools to run as a part of a DevOps pipeline.
Threagile is an integrated developer environment (IDE) tool. It focuses on threat modeling at the coding level. Developers input infrastructure information and risk rules into the tool. Threagile generates models that identify potential weak points. That way, developers can address these weak points before releasing code.
Start Your Threat Modeling Career
From 2020 to 2021, deployment of security technologies rose from 15% to 84% in response to the rise in security threats (Gartner, 2021). This increased investment signals the strong demand for trained threat intelligence professionals equipped to address cyberthreats.
Investing in cybersecurity training is important for success in this field. EC-Council’s Certified Threat Intelligence Analyst (C|TIA) certification is an excellent step in your cybersecurity career journey. The C|TIA program equips learners with skills in threat intelligence data collection, complete threat analysis process methodologies, understandings of various cyberthreats and attack types, and more. Sign up today!
Gartner. (2021, September 13). Gartner survey reveals talent shortages as biggest barrier to emerging technologies adoption [Press release]. https://www.gartner.com/en/newsroom/press-releases/2021-09-13-gartner-survey-reveals-talent-shortages-as-biggest-barrier-to-emerging-technologies-adoption
Geib, J., Berry, D., Baldwin, M., & Kess, B. (2022, January 2). Microsoft Threat Modeling Tool threats. Microsoft Azure Secure Development Documentation. https://docs.microsoft.com/en-us/azure/security/develop/threat-modeling-tool-threats
Johnson, J. (2021, November 15). Average organizational cost to a business in the United States after a data breach from 2006 to 2020. Statista. https://www.statista.com/statistics/273575/average-organizational-cost-incurred-by-a-data-breach/