Monday, December 18, 2017

Threat Modeling

What is a Threat?

In information security, a threat is any actor or event that can cause potential harm to an
information system asset.

Overview of Threat Modeling



Developing a threat model is the process of mapping the specific, unique threats to your
organization and the methods used to attack any information technology asset or collection of assets.


The two primary goals of threat modeling are:

  • Provide a clear perspective of assets, threats, and possible attacks to facilitate discussions regarding risk management decisions and practices  
  • Discover and evaluate gaps in security controls at the application, system, infrastructure, and enterprise levels


The concept of conducting threat modeling exercises has been around for as long as distributed
information systems have been used to process data. Since the inception of the idea there
have been various methodologies that solve a specific problem, but may not scale to an enterprise level,
are not applicable outside of the Software Development Lifecycle (SDLC), or are not repeatable.


An effective threat modeling process that addresses these issues and can be applied to both
information technology operations and software development. The Threat Model reflects the fact
that different technology teams face different threats. Our model can be tailored to individual
stakeholders throughout an organization to reflect their areas of responsibility. This capability allows for
the entire organization to work in concert to evaluate the threats to the enterprise and develop strategies
to address those risks.

Asset Analysis



Threat models must begin with the identification of the most critical assets. This is known as the
Crown Jewel Analysis. Your organization's mission is dependent on the confidentiality, integrity,
and availability of these assets. These assets must be protected and have their risk exposure limited.
By understanding what is critical to your organization, we can identify the dependencies and the threats
you face.


Assets include two major elements:
    
1. Business Assets, which are data, components, or functionality that are essential for the business
mission of the system.
    
2. Security Assets, or data, components, or functionality that are of special interest to an attacker.
They may not always be the same.

Define the Attack Surface

The next step is to create a comprehensive map of the components of the application, system, or
environment that contain, communicate with, or otherwise provide some form of access to the assets.
The communication flows between the assets and the components are integral to determining the
attack surface. The attack surface will help define the boundaries, scope, roles and responsibilities
in the threat model.


Information including devices, interfaces, libraries, protocols, functions, and APIs is collected and
used to complete the picture of the attack surface. Existing security controls and services are captured
to outline their effectiveness.

Mapping Threats and Attacks

Threat mapping begins with determining the sources of attack and their motivation. Disgruntled
employees, state actors, and random script kiddies are all examples of potential threats to your system.
Each threat actor can have different skillsets, resources, and objectives and must be accounted for when
developing the model.


Documentation of the attack surface provides the source material of the next phase: mapping the paths
of attack. Through our understanding of the system components and functionality, we are able to
envision attacker tools and techniques applied to abuse the system. The attack surface depicts the
pathways of an attacker and allows visualization of multiple attack methods.

Threat and attack mapping is a sophisticated skill. It requires an understanding of an attacker’s
mindset and deep knowledge of attack methodologies.

Threat Analysis

After completing discovery of the system and detailing threat actors, comes the analysis phase, in
which the risk of each attack vector is quantified in a manner that allows stakeholders to understand
the potential for real damage to your organization.


The results of the analysis phase allow your organization to make decisions that maximize the
effectiveness of the security devices (such as firewalls, intrusion detection systems, and spam filters)
and procedures that mitigate threats and attacks. The DREAD Method is a simple, extensible model
that allows for comparing and ranking risks in an easy-to-understand manner.


    Damage - How bad would an attack be?
    Reproducibility - How easy is it to reproduce the attack?
    Exploitability - How much work is it to launch the attack?
    Affected Users - How many people will be impacted?
    Discoverability - How easy is it to discover the threat?


Each category is assigned a value between 0 and 10, 0 reflecting no risk/damage, while 10 is
maximum risk/damage. The DREAD formula is:

Risk = (D + R + E + A + D) / 5


The values that are derived by DREAD allow your organization to focus its energy on the
most vulnerable portion of your information systems and prioritize your efforts on implementing
controls to reduce risk.


Risk = Probabilty x Impact


Effective Defense



The goal of threat modeling is to select the proper controls to address identified threats.
System and software designers often choose security controls from a well-known best practice list,
such as antivirus software, firewalls, input validation, etc. However, the implementation of controls
without a threat model can lead to security holes since not all threats have been directly addressed.
Even the best practice controls, if configured generically, do not address the unique threats faced by
each organization's unique environment.


Without appropriate threat modeling, security controls and procedures can be ineffective because they
do not address the unique threats facing the organization. This approach to threat modeling uncovers
any technological, process, or organizational gaps in security controls and allows for enhanced risk
management practices that align to the mission of your organization.   


1 comment:

  1. Lucky niki casino injapan
    Lucky niki casino is a Japanese mobile 카지노사이트 game casino that belongs to the same company. The Lucky niki online 온카지노 slot machine is very ラッキーニッキー similar to Lucky Niki

    ReplyDelete