Threat modelling is the process of identifying cybersecurity threats and vulnerabilities to an existing system or combination of systems. Security teams usually lead the process in an organisation and may involve application developers, network specialists and incident response teams, as appropriate.
Threat modelling provides an opportunity for the organisation to consider security risks as a whole, as it attempts to anticipate potential attack vectors from a malicious actor. As such, the primary benefit of this proactive exercise is to identify cyber threats and address them before a bad actor can exploit them.
The threat modelling process has the following key steps:
- Identifying a set of stakeholders: While security teams usually initiate the threat modelling process, identifying, prioritising and mitigating security risks is often a business-wide exercise. Identifying the primary and secondary stakeholders is the first step in ensuring that various parts of the organisation have the appropriate involvement.
- Define the model’s scope: Depending on the organisation’s perceived value of the assets under consideration, a robust scope ensures the evaluation of only relevant threats. For example, a threat model may narrow its scope to an application that handles sensitive information. In contrast, a broader model may also include the network of systems with which the application interacts. Data flow diagrams are created by technology teams to understand the architecture as a whole.
- Identification of threats: Security teams scrutinise each artefact for threats. Security teams create scenarios from the point of view of the adversary. They can also use existing threat intelligence resources within the organisation or third-party services that provide up-to-date information.
- Identification of threat severity: All stakeholders rate the identified threats based on their impact on the business, in terms of financial loss or reputational damage, in the event that the threats are exploited. This provides a structure for addressing threats according to priority.
- Documentation: The scope, identification of threats, threat severity and responsibilities of each stakeholder are documented. This document is the basis for a threat mitigation plan.
- Mitigation Plan: A plan involving all stakeholders to secure the various components in the scope is formed.
There are many methodologies to conduct threat modelling, such as the STRIDE model, and tools such as Microsoft’s Software Development Lifecycle and Threat Modelling or Ensign’s AI-Powered Cyber Analytics, that may help the organisation assess its process.
A part of the ISTARI Collective, Ensign’s AI-Powered Cyber Analytics allows organisations to stay ahead of new unknowns. Powered by patented algorithms and novel approaches, their self-learning threat detection models leverage deep neural networks, proprietary self-taught learning training techniques, and customized behavioural analytics to provide our clients with a technological edge in detecting threats.