Cybersecurity threats are abundant and ever-changing. That’s why threat modeling, diagramming various threats and impacts, is a critical and necessary practice to prepare for whatever threats come your way.
Threat modeling, like SWOT analysis, helps companies build a well-rounded, continuously evolving threat defense scheme. When planned and implemented properly, cybersecurity threat models will ensure that each nook and cranny of your networks and applications remains protected now and as new threats emerge.
Understanding threat modeling
This is a diagram of a theoretical VAST threat model illustrating the connection between threats, vulnerabilities, potential targets (assets) and response capabilities.
What is a threat?
A threat refers to any method that unapproved parties can use to gain access to sensitive information, networks and applications. Some of these threats may take the form of computer viruses, botnets, application attacks and phishing scams, among others.
These are a few common threats companies should plan for by using threat modeling techniques:
Malware — Malware, short for malicious software, is a category of cybersecurity threats that includes threats such as computer viruses, spyware and adware. It’s one of the most common threats to target both businesses and individuals.
Companies can use threat modeling to ensure that their firewalls are adequately prepared, that zero-day vulnerabilities are minimized and that new exploits or malware signatures are documented. Proper planning, along with antivirus and other security software, will ensure networks are not compromised by malware.
DDoS attacks — DDoS (distributed denial of service) attacks are a method of bombarding websites and web applications with enormous traffic requests that overload the servers they are hosted on. These attacks are powered by thousands of bots and are indistinguishable from legitimate users attempting to access the site.
Phishing — Phishing is a method of obtaining user information through fraudulent communications targeted directly at people. It’s often accomplished through emails disguised as coming from a legitimate source, but delivers the target’s information back to the hacker’s actual source.
Phishing can enable hackers to gain access to sensitive information or privileged applications. Businesses can prevent this type of cybercrime through the use of email security software for filtering and identification, along with security awareness training to ensure employees can identify fraudulent communications.
What is threat modeling?
Threat modeling is a way to plan and optimize network security operations. Security teams lay out their goals, identify vulnerabilities and outline defense plans to prevent and remediate cybersecurity threats.
These are a few components of threat modeling that can be used to improve security operations and effectiveness:
Secure design — Secure design is necessary during application development to ensure the identification and prevention of vulnerabilities. Code analysis and security testing during all stages of development can help to ensure bugs, flaws and other vulnerabilities are minimized.
Companies can analyze their code for known flaws during development or dynamically as an application runs, and perform penetration tests after development. The resulting data is used to plan for future attack mitigation and to implement updates related to new threats.
Threat intelligence — It is important to keep an up-to-date database of threats and vulnerabilities to ensure applications, endpoints and networks are prepared to defend against emerging threats. These databases may consist of public information, reside in proprietary threat intelligence software, or be built in-house.
Asset identification — It’s important to keep IT and software assets properly documented at all times. Without proper tracking and documentation, these assets may possess known flaws that are not be identified. New assets, even potentially dangerous third-party assets, may be accessing networks without security teams’ knowledge.
Mitigation capabilities — Mitigation capabilities refer to a security team’s ability to detect and resolve attacks as they emerge. This may mean the identification of malicious traffic and removal of malware, or it could simply refer to contacting your managed security services provider. Either way, mitigation is essential to effective planning so that teams are aware of their ability to combat threats with their existing resources.
Risk assessment — After application code is determined to be safe and endpoints are properly implemented, companies can assess the overall risk of their various IT components. Components may be scored and ranked or simply identified as “at risk.” Either way, they will be identified and secured in order of importance.
Mapping and modeling — These methods are combined to build visual workflows and security operations plans with the goal of resolving existing issues and planning for future threats. This type of threat modeling is based on a multi-angle approach and requires threats be planned for from every potential angle.
Threat models that are missing one component of proper planning measures may leave assets susceptible to attacks. Proper implementation will lead to faster threat mitigation in real-world scenarios and simplify the operational processes associated with detection, mitigation and analysis.
Threat modeling methods
The previously mentioned threats can be prevented using a number of different threat modeling tactics. The following section describes a few of the most common ways businesses plan and operationalize their threat models:
STRIDE — STRIDE (Spoofing, Tampering, Repudiation, Information disclosure, Denial of service, Elevation of privilege) is an early threat model developed by Microsoft employees in the late 1990s. It is still used as a process model for cybersecurity teams.
The model answers the question: “What can go wrong in this system we're working on?" It can be used as both a method to remember threat types and as a way to pair threats with targets.
PASTA — PASTA (Process for Attack Simulation and Threat Analysis) is a seven-step modeling process used to define objectives, requirements, and procedures for security operations. The seven steps are:
The method helps security professionals build flexible threat identification, enumeration, and scoring processes. PASTA provides an attacker-centric analysis structure to help users build an asset-centric response strategy.
VAST — VAST (Visual, Agile and Simple Threat modeling) is a malleable and scalable modeling process for security planning throughout the software development lifecycle. It’s based on three pillars: automation, integration and collaboration. The model focuses on actionable outputs and the unique needs of developers, security personnel and executives.
VAST can be used for both operational and application threat modeling and uses workflow diagrams to illustrate threats, assets, vulnerabilities, and remediation tools in a understandable way. It’s also designed to mirror the existing operational processes of agile software development teams.
There is no silver bullet for security operations planning, and different modeling methods may suit some businesses better than others. It’s important to understand your existing development, IT management and security operations processes before settling on a modeling format.
These models can also be used in tandem to illustrate or complement security software.
As an analyst at G2, Aaron’s research is focused on cloud, application, and network security technologies. As the cybersecurity market continues to explode, Aaron maintains the growing market on G2.com, adding 90+ categories of security technology (and emerging technologies that are added regularly). His exposure to both security vendors and data from security buyers provides a unique perspective that fuels G2’s research reports and content, including pieces focused on trends, market analysis, and acquisitions. In his free time, Aaron enjoys film photography, graphic design, and lizards.