In today’s evolving digital landscape, developing a comprehensive understanding of potential threats is crucial for safeguarding sensitive information and ensuring the resilience of systems. In this article, we delve into the concept of threat model examples, shedding light on how they serve as valuable tools in identifying vulnerabilities, assessing risks, and designing effective security strategies. By exploring real-world scenarios and analysing potential attack vectors, using a threat model example can empower organisations to proactively address potential threats and fortify their defences against emerging risks. Through this exploration, we aim to highlight its significance as essential in enhancing security preparedness and fostering a proactive approach to risk mitigation.
What Is Threat Modelling?
Threat modelling is a structured approach to evaluating threats and risks and documenting how the threats can affect a business. Additionally, profiling probable attacks using an attack simulation and threat analysis will determine the value of potential mitigations to reduce the likelihood of the threats.
The threat modelling process makes it easier to profile probable attackers and identify possible avenues of attack. Additionally, security teams can better understand the identified threats and how to mitigate them. The goal is to enhance and maintain security within a system by prioritising potential security threats and effectively deploying countermeasures.
Threat Model Examples
All threat modelling analyses use the 5-step program mentioned above. However, there are actual ways to go about the analyses since there are several methods. Here are some threat modelling examples to use:
a) VAST (Visual, Agile, and Simple Threat)
VAST is a method developed by the automated threat modelling platform known as ThreatModeler. This method is designed with collaboration and automation for threat mitigation. Of course, the VAST approach is one of a kind because it is based on the idea that threat modelling is only useful if it covers the entire software development life cycle and the business as a whole.
Remember that this method provides stakeholders across the organisation with significant, quantifiable, valuable, and actionable output. Based on a customisable, extensive threat library, ThreatModeler employs the VAST method to identify threats.
For effective threat modelling, this method is built on two threat models:
- Application threat modelling (done at the design level and focuses on the system interacting with users and integrated systems.)
- Operational threat modelling (done at an infrastructure level and puts security controls in place during the mitigation process).
Since VAST works on a 2-level independent model system, it can be integrated into any working system as it’s very agile and easy to automate.
b) STRIDE (Spoofing identity, Tampering with data, Repudiation, Information disclosure, Denial of service attacks, and Elevation of privilege)
STRIDE is a great model based on the question, “What could go wrong?” This keeps security breaches at bay and ensures a company’s security efforts aren’t wasted.
This system is recommended for any business that’s centred on development and still hasn’t identified risks or has a process for attack simulation. Every part of the STRIDE acronym represents a violation of a system. For example, spoofing identity refers to a problem with authentication.
The STRIDE model is one of the most widely used threat modelling methodologies because it provides crucial insights for proactive attack detection and defence of critical system infrastructure, devices, and networks. The model ensures that software products maintain confidentiality, integrity, and availability.
The STRIDE system provides a deeper understanding of attack vectors, possible threats, and other protocols like event data logs. Additionally, the system creates scenarios of known threats to allow a threat assessment. This method is usually easy to use and provides documentation. Furthermore, it’s excellent for new threat modellers.
c) Attack Trees
Attack trees is an approach that focuses on the systems to identify threats and use them for simulations. For instance, consider each attacker as a person with goals and skill sets in this attacker-centric strategy. Therefore, based on various attacks, attack trees provide a formal and methodical method for describing the security of systems. In essence, you use a tree structure to represent attacks on a system, with the goal as the root node and various methods of achieving that goal as leaf nodes.
In an Attack tree, threat agents are identified and dealt with in this way:
- An attacker’s objective is each root node in this tree.
- For the objective, each leaf node is a way for the attacker to gain access to sensitive data.
- Every node is associated with an identified threat that is then evaluated for impact.
- Based on the threat agent and its effects, a countermeasure is introduced to the computer system.
Below is an example of an attack tree where each root node represents a way for an attacker to gain access to sensitive data.
This system is easy to use and makes it easy to identify threats. It’s also a simple threat modelling tool that creates usable attack patterns for threat libraries.
Trike is a system that’s focused on security audits. It has a unique threat assessment model that helps organisations that are compliance-focused. It also helps in the software development life cycle to identify any potential threat. Furthermore, this model involves risk analysis and management. The steps involved in a Trike assessment are:
- Creating a risk-centric methodology to identify risks attached to an area within the system.
- Create a threat actor and remedy data flow diagram.
- Assign each threat actor an action like “allowed”, “not allowed,” and “allowed with conditions.”
- Analyse threats by iterating through each component to determine whether it is a denial of service or elevation of privilege threat.
- Determine the threat exposure of each asset, action, and role by allocating risk weight to it.
Remember, Trike is a framework for security auditing from a risk-based perspective to improve the efficiency and effectiveness of existing threat modelling methodologies. Therefore, with the Trike threat models, you can describe the security structure (or characteristics) of an application or IT system (from a high level down to a low level).
e) PASTA (Process for Attack Simulation and Threat Analysis)
PASTA is a risk assessment method that’s best for businesses that want to balance product security with business strategies. It also considers threats to be a business issue. Additionally, with PASTA, simulations can be performed using identified threats and collected evidence. This has the advantage of ‘testing’ potential threats, making them more real and less theoretical.
In addition to setting business goals, PASTA also creates an organisation’s “Risk Portfolio.” Compliance requirements are layered on top of business, financial, and operational goals for this. Here are the steps:
- List known threats: This goes beyond threats at the application level; threats to human resources are also included.
- Gather threat intelligence: This is done internally using logs from all possible sources, including firewalls, servers, the database, and incident reports. This is accomplished externally by utilising the available threat libraries or contacting security service providers.
The PASTA methodology aims to align a company’s objectives with its technical requirements. As a result, technical teams and key senior decision-makers can benefit from cross-team collaboration. However, it is also time-consuming and costly.
Threat Modelling Process
Of course, the threat modelling process is a series of steps that a business can take to ensure its security measures are up to date. But how do you conduct a threat modelling process to obtain a complete view of the potential threats? Security threat modelling involves:
1) Outline the Vulnerabilities
Depending on the nature of your business, attackers can gain access through multiple avenues leading to large data breaches. Unauthorised access is one of the major ways hackers gain access to a system, and once they do, they can target valuable points. In such an instance, vulnerabilities can include:
- Customer payment information
- Corporate financial data
- Client contracts
- HR information
2) List of Vulnerabilities
Within the system architecture, different areas will face different threats. It’s important to check for potential attackers in areas like:
- Malicious insider threats (anyone who has access to the system).
- Network threats (an attacker would typically intercept communication between two parties).
- Hardware threats (an attacker will launch an attack using sophisticated and specialised equipment).
- Software threats (an attacker releases malware into the system in an attempt to gain access).
3) Vulnerability Evaluation
In this stage, it is important to evaluate any potential threats that you found when outlining the vulnerabilities. Therefore you can start by determining who has access to proposed vulnerabilities and whether the roles they play are controlled. Information security controls should be put in place to alert security teams when an unauthorised user is in the system without the proper credentials.
4) Remediation Methods
After determining the vulnerabilities, the next step is to assess the security requirements for each vulnerability and the best way to mitigate it. A common vulnerability scoring system is helpful in this step since it can indicate how a particular vulnerability could affect a business’s network.
In this stage, you can determine the security risks that come with unauthorised access. You can completely revoke access or use a watch-and-wait approach.
5) Verified Remediation Methods
Threat modelling is a repetitive process. Developing threat modelling frameworks will also help you continuously assess the security protocols. Remember, if the security incidents keep decreasing, your threat modelling remediation methods are working. You can keep updating and adding security elements to the system.
The Bottom Line
New threats to your information technology’s security are a real daily issue. Ransomware, denial-of-service attacks, hackers, and information disclosure without authorisation are everpresent. However, to address them all, it’s hard to know where to begin. It’s equally difficult to know when to stop. That is where modelling threats can be useful.
Featured Image Source: Unsplash.com