Six Threat Modeling Methodologies To Prioritize And Mitigate Threats

Six Threat Modeling Methodologies To Prioritize And Mitigate Threats

Last Updated: 24th July, 2022

Threat Modeling Methodologies: Threat modeling enables you to perform a proactive threat assessment. Security teams use threat modeling insights to evaluate risks and prioritize mitigation. You can design your own threat modeling process or you can use ready-made threat modeling software.

A typical threat modeling process includes five components — threat assessment, threat intelligence, asset identification, mitigation capabilities, risk assessment, and threat mapping. Each of these processes provides unique insights and visibility into your security perimeter.

There are six main methodologies you can use while threat modeling — STRIDE, PASTA, CVSS, Attack Trees, Security Cards, and hTMM. Each of these methodologies provides a different way to assess the threats facing your IT assets.


How To Show Last Updated Date In WordPress Posts

Table Of Contents

What Is Threat Modeling?

Threat modeling is a proactive strategy for evaluating risks. It involves identifying potential threats, and developing tests or procedures to detect and respond to those threats. This involves understanding how threats may impact systems, classifying threats and applying the appropriate countermeasures.


Social Media Cybersecurity 2020: The Rise Of Social Media Threats

What Is The Importance Of Threat Modeling?

Threat modeling can help security teams prioritize threats, ensuring that resources and attention are distributed effectively. This prioritization can be applied during planning, design, and implementation of security to ensure that solutions are as effective as possible.

When done routinely, threat modeling can also help security teams ensure that protections are in line with the evolving threats. If not, unknown threats may remain undefended leaving systems and data vulnerable.


Data Footprint Erasure Securely Of Your Organization

Threat modeling is equally significant when adopting modern software or creating software. It assists teams understand how the tools and applications may be vulnerable in comparison to what protections are offered.

When adopting the tools, threat modeling helps teams understand where security is lacking. This allows you to make an informed decision about whether a component is worth adopting.

Threat modeling can also help development teams prioritize fixes to existing software, according to the severity and impact of anticipated threats.


Defying Dante’s SOC And SIEMs Mythical Treachery Inferno

Five Threat Modeling Process Components

When performing threat modeling, several processes (specifically Five Threat Modeling Process Components) and aspects should be included. Failing to include one of these components can lead to incomplete models and can prevent threats from being properly addressed.

Threat Modeling: Threat Intelligence

This area includes information about types of threats, affected systems, detection mechanisms, tools and processes used to exploit vulnerabilities and motivations of attackers.

Threat intelligence information is often collected by security researchers and made accessible through public databases, proprietary solutions, or secure communications outlets. It is used to enrich the understanding of possible threats and to inform responses.


Zelle Banking App: New Door Opens, So As Cyber Crime Walks In

Threat Modeling: Asset Identification

Teams need a real-time inventory of components and data in use, where those assets are located and what security measures are in use. This inventory helps security team’s track assets with known vulnerabilities.

A real-time inventory enables security teams to gain visibility into asset changes. For example, getting alerts when assets are added with or without authorized permission, which can potentially signal a threat.

Threat Modeling: Mitigation Capabilities

Mitigation capabilities broadly refer to technology to protect, detect and respond to a certain type of threat, but can also refer to an organization’s security expertise and abilities, and their processes. Assessing your existing capabilities will serve you determine whether you need to include secondary resources to mitigate a threat.

For example, if you have enterprise-grade antivirus, you enjoy an initial level of protection against traditional malware threats. You can subsequently determine if you should invest more significantly, for example, to correlate your existing AV signals with other detection capabilities.


Apache Struts Summoned For Issuing Misleading Security Advisories

Threat Modeling: Risk Assessment

Risk assessments correlate threat intelligence with asset inventories. These tools are necessary for teams to acknowledge the current status of their systems and to develop a plan for addressing vulnerabilities.

Risk assessments with threat assessment can equally involve active testing of systems and solutions. For example, penetration testing to verify security measures are effective.

Threat Modeling: Threat Mapping

Threat mapping is a process that follows the potential path of threats through your systems. It is used to model how attackers might move from resource to resource and helps teams anticipate where defenses can be more effectively layered or applied.


Project Soli, Remastered: How Radar-Detected Gestures Might Differ Pixel 4

Six Threat Modeling Methodologies

When performing threat modeling, there are multiple methodologies you can use. The right model for your needs depends on what types of threats you are trying to model and for what purpose.

STRIDE Threat Modeling

STRIDE is a threat model, created by Microsoft engineers, which is meant to guide the discovery of threats in a system. It is employed along with a model of the target system. This makes it most effective for evaluating individual systems.

STRIDE is an acronym for the types of threats it covers, which are:

  • Spoofing — A user or program pretends to be another.
  • Tampering — Attackers modify components or code.
  • Repudiation — Threat events are not logged or monitored.
  • Information disclosure — Data is leaked or expose.
  • Denial of service (DoS) — Services or components are overloaded with traffic to prevent legitimate use.
  • Privilege escalation — Attackers grant themselves additional privileges to gain greater control over a system.

What Is Sircam Virus And How Its Legacy Began?

Process For Attack Simulation And Threat Analysis (PASTA)

PASTA is an attacker-centric methodology with seven steps. It is designed to correlate business objectives with technical requirements. PASTA’s steps guide teams to dynamically identify, count, and prioritize threats.

The steps of a PASTA threat model are:

  1. Define business objectives
  2. Define the technical scope of assets and components
  3. Application decomposition and identify application controls
  4. Threat analysis based on threat intelligence
  5. Vulnerability detection
  6. Attack enumeration and modeling
  7. Risk analysis and development of countermeasures

Advanced Encryption Standard (AES): Preserving Classified Data Safe

Common Vulnerability Scoring System (CVSS)

CVSS is a standardized threat scoring system employed for known vulnerabilities. It was developed by the National Institute of Standards and Technology (NIST) and maintained by the Forum of Incident Response and Security Teams (FIRST).

This system is designed to help secure teams’ access threats, identify impacts, and identify existing countermeasures. It also helps security professionals assess and apply threat intelligence developed by others in a reliable way.

CVSS accounts for the inherent properties of a threat and the impacts of the risk factor due to the time since the vulnerability was first discovered. It additionally includes measures that allow security teams to specifically modify risk scores based on individual system configurations.


Morris Worm: The First Computer Worm Evolved From Simple Experiment

Threat Modeling: Attack Trees

Attack trees are charts that display the paths that attacks can take in a system. These charts display attack goals as a root with possible paths as branches. When creating trees for threat modeling, multiple trees are created for a single system, one for each attacker goal.

This is one of the oldest and most widely used threat modeling techniques. While once used alone, it is now frequently combined with other methodologies, including PASTA, CVSS and STRIDE.

Threat Modeling: Security Cards

Security Cards are a methodology based on brainstorming and creative thinking rather than structured threat modeling approaches. It is designed to help security teams account for less common or novel attacks. This methodology is in addition an efficient way for security teams to increase knowledge about threats and threat modeling practices.


Advanced Insiders: Defending Data Breaches And Ransomware Attacks

The methodology uses a set of 42 cards, which help analysts answer questions about future attacks, such as who might attack, what their motivation could be, which systems they might attack, and how they would implement an attack. Analysts can deal the cards in a type of tabletop game, to simulate possible attacks and consider how the organization might respond.

Hybrid Threat Modeling Method (hTMM)

hTMM is a methodology developed by Security Equipment Inc. (SEI) that combines two other methodologies:

  • Security Quality Requirements Engineering (SQUARE) — A methodology designed to elicit, categorize and prioritize security requirements.
  • Persona non Grata (PnG) — A methodology that focuses on uncovering ways a system can be abused to accomplish an attacker’s goal.

hTMM is designed to enable threat modeling, which accounts for all possible threats, produces zero false positives, provides consistent results and is cost effectively.

It works by applying Security Cards, eliminating unlikely PnGs, summarizing results, and formally assessing risk using SQUARE.

, , , , , , , , , , , , ,
Previous Post
How To Fix WordPress Push Notification And Redirection Malware
Next Post
Quantum For Critical Infrastructure: Facts And Truths

Related Posts

Leave a Reply

Your email address will not be published. Required fields are marked *

Fill out this field
Fill out this field
Please enter a valid email address.
You need to agree with the terms to proceed