Introduction
While the topic of Threat Modelling has been explored extensively, I want to share my unique journey and insights into this critical aspect of Cybersecurity. My initial exposure to Threat Modelling occurred while preparing for the CISSP exam a couple of years ago. Subsequently, I had the opportunity to apply this knowledge in the real world when I assumed the role of Senior Cybersecurity Advisor at the National Bank of Canada.
In this blog post, I aim to demystify Threat Modelling, offering a straightforward definition, emphasizing its vital role in the field of Cybersecurity, and introducing various methodologies commonly employed in the industry. Without further ado, let's dive in.
Understanding Threat Modelling
In simple terms, Threat Modelling is a systematic and structured approach to identify, evaluate, and mitigate potential security threats and vulnerabilities within software, systems, or processes. This practice equips Cybersecurity professionals to anticipate threats, envision how they could exploit vulnerabilities, and assess the potential impact.
The Value of Threat Modelling
Threat Modelling adds significant value by allowing organizations to proactively protect their critical assets. This approach enables early threat detection during system development, minimizing potential risks. By addressing security concerns during the planning and design phases, organizations can avoid the exorbitant costs associated with fixing security issues in production or responding to data breaches. This ultimately leads to long-term cost savings.
Threat Modelling empowers organizations to make informed decisions regarding security investments, resource allocation, and risk tolerance.
Approaching Threat Modelling
Understanding Business Context: Begin by comprehending the business need. For instance, if you're implementing an e-commerce platform, the business need is online sales. Understanding this context helps identify potential threats.
Decomposing the Environment: This phase involves gaining a granular understanding of the product's logic, defining components (e.g., EC2 instances, S3 buckets), outlining trust boundaries (on-premises, cloud), and understanding data flow between components. Identifying existing security controls (encryption, security groups, firewalls) is crucial.
Determining Threat Scenarios: With a clearer understanding of the environment, identify potential threat scenarios. Utilize well-known frameworks like STRIDE, MITRE ATT&CK, PASTA, DREAD, or Attack Tree. Each framework offers a unique perspective on threat identification. For example, STRIDE focuses on Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, and Elevation of Privilege, while MITRE ATT&CK categorizes cyber adversaries' tactics, techniques, and procedures (TTPs).
Testing Security Controls: Once threats are identified, evaluate the effectiveness of your security controls. Determine mitigation strategies if needed and perform a comprehensive risk analysis to assess the impact and probability of threats on your system.
Involving Key Stakeholders
Threat Modelling cannot be accomplished in isolation. Engage the following key teams in your Threat Modelling exercise:
Solution Architect Team: Responsible for designing the system and its components, they provide vital insights into implemented security controls and system functionality.
Development Team: They play a crucial role in building secure systems and ensuring security is integrated throughout the development lifecycle.
IT and Operations Team: These teams manage the organization's infrastructure, including networks and servers, making their knowledge of network infrastructure, system configurations, and application integration indispensable for effective threat modelling.
Business or Process Owners: Their input regarding critical assets, business processes, and risk tolerance is invaluable. Their involvement ensures alignment with the organization's strategic goals.
Key Takeaways
While conducting Threat Modelling, it's essential to aim for realistic scenarios rather than perfection. Cyber threats evolve continuously, necessitating updates to your Threat Modelling approach. When dealing with unfamiliar technologies, don't hesitate to seek advice from specialists within your organization or conduct research. Information is readily available; we need only to find and comprehend it.
In conclusion, Threat Modelling stands as a critical pillar of Cybersecurity, enabling organizations to bolster their security posture. While this post serves as an introductory guide, it offers valuable insights for those curious to delve deeper into the topic.
Recommended readings and workshops:
Threat Modeling for Builders Workshop (https://explore.skillbuilder.aws/learn/course/external/view/elearning/13274/threat-modeling-the-right-way-for-builders-workshop)
Threat Modeling: Designing for Security (Book by Adam Shostack )
IriusRisk Community Edition: A platform used to create Threat Models. IriusRisk Provides a free edition (https://community.iriusrisk.com/ui#!login)
OWASP Threat Modelling (https://owasp.org/www-community/Threat_Modeling)
Tryhackme Room Threat Modelling (https://tryhackme.com/room/threatmodelling)
Threat Modelling Manifesto (https://www.threatmodelingmanifesto.org/)
Microsoft Threat Modelling Tool threats (https://learn.microsoft.com/en-us/azure/security/develop/threat-modeling-tool-threats)
MITRE ATT&CK (https://attack.mitre.org/resources/training/ )
Comments