What is Threat modeling: Process and Methodologies

With the number of hacking incidents on the rise, cybersecurity remains a top concern in today's IT world. So many aspects of our lives have migrated online that the commercial and private worlds alike have much to lose from security breaches.

In response, cybersecurity professionals are deploying an arsenal of defenses and countermeasures to keep transactional data and sensitive information safe. Considering the sheer number and variety of attacks available today, it's a huge undertaking.

That's why threat modeling is making significant inroads into the world of cybersecurity. We are about to take a close look at the threat modeling process in cybersecurity, what it is, why it's needed, and the available methodologies.

Let's begin with the basics.

Learn to manage information security with more clarity with the Certified Ethical Hacking Certification Training. Enroll today!

What is Threat Modeling?

Threat modeling is a method of optimizing network security by locating vulnerabilities, identifying objectives, and developing countermeasures to either prevent or mitigate the effects of cyber-attacks against the system.

While security teams can conduct threat modeling at any point during development, doing it at the start of the project is best practice. This way, threats can be identified sooner and dealt with before they become an issue.

It's also important to ask the following questions:

  • What kind of threat model needs building? The answer requires studying data flow transitions, architecture diagrams, and data classifications, so you get a virtual model of the network you're trying to protect.
  • What are the pitfalls? Here is where you research the main threats to your network and applications.
  • What actions should be taken to recover from a potential cyberattack? You've identified the problems now; it's time to figure out some actionable solutions.
  • Did it work? This step is a follow-up where you conduct a retrospective to monitor the quality, feasibility, planning, and progress.

The Threat Modeling Process

Threat modeling consists of defining an enterprise's assets, identifying what function each application serves in the grand scheme, and assembling a security profile for each application. The process continues with identifying and prioritizing potential threats, then documenting both the harmful events and what actions to take to resolve them.

Or, to put this in lay terms, threat modeling is the act of taking a step back, assessing your organization's digital and network assets, identifying weak spots, determining what threats exist, and coming up with plans to protect or recover.

It may sound like a no-brainer, but you'd be surprised how little attention security gets in some sectors. We're talking about a world where some folks use the term PASSWORD as their password or leave their mobile devices unattended. In that light, it's hardly surprising that many organizations and businesses haven't even considered the idea of threat modeling.

Why Do We Need Security Threat Modeling?

Just how bad is the cybersecurity situation that we need to create things like threat modeling to help combat it?

Cybercrime has exacted a heavy toll on the online community in recent years, as detailed in this piece by Security Boulevard, which draws its conclusions from several industry sources. Among other things, the report says that data breaches exposed 4.1 billion records in 2019 and that social media-enabled cybercrimes steal $3.25 billion in annual global revenue.

According to KnowBe4's 2019 Security Threats and Trends report, 75 percent of businesses consider insider threats to be a significant concern, 85 percent of organizations surveyed reported being targeted by phishing and social engineering attacks, and percent of responders cite email phishing scams as the largest security risk.

As a result of these troubling statistics, spending on cybersecurity products and services is expected to surpass $1 trillion by 2021.

Cybercrime is happening all the time, and no business, organization, or consumer is safe. Security breaches have increased by 11% since 2018, and a whopping 67 percent since 2014. Smart organizations and individuals will take advantage of any reliable resources to fight this growing epidemic, and sound threat modeling designing for security purposes is essential to accomplish this.

Cybersecurity Expert Master's Program

Master the Skills of a Cybersecurity ProfessionalView Course
Cybersecurity Expert Master's Program

Ten Threat Modeling Methodologies

There are as many ways to fight cybercrime as there are types of cyber-attacks. For instance, here are ten popular threat modeling methodologies used today. 

1. STRIDE

A methodology developed by Microsoft for threat modeling, it offers a mnemonic for identifying security threats in six categories:

  • Spoofing: An intruder posing as another user, component, or other system feature that contains an identity in the modeled system.
  • Tampering: The altering of data within a system to achieve a malicious goal.
  • Repudiation: The ability of an intruder to deny that they performed some malicious activity, due to the absence of enough proof.
  • Information Disclosure: Exposing protected data to a user that isn't authorized to see it.
  • Denial of Service: An adversary uses illegitimate means to exhaust services needed to provide service to users.
  • Elevation of Privilege: Allowing an intruder to execute commands and functions that they aren't allowed to.

2. DREAD

Proposed for threat modeling, but Microsoft dropped it in 2008 due to inconsistent ratings. OpenStack and many other organizations currently use DREAD. It's essentially a way to rank and assess security risks in five categories:

  • Damage Potential: Ranks the extent of damage resulting from an exploited weakness.
  • Reproducibility: Ranks the ease of reproducing an attack
  • Exploitability: Assigns a numerical rating to the effort needed to launch the attack.
  • Affected Users: A value representing how many users get impacted if an exploit becomes widely available.
  • Discoverability: Measures how easy it is to discover the threat.

3. P.A.S.T.A

This stands for Process for Attack Simulation and Threat Analysis, a seven-step, risk-centric methodology. It offers a dynamic threat identification, enumeration, and scoring process. Once experts create a detailed analysis of identified threats, developers can develop an asset-centric mitigation strategy by analyzing the application through an attacker-centric view.

4. Trike

Trike focuses on using threat models as a risk management tool. Threat models, based on requirement models, establish the stakeholder-defined "acceptable" level of risk assigned to each asset class. Requirements model analysis yields a threat model where threats are identified and given risk values. The completed threat model is then used to build a risk model, factoring in actions, assets, roles, and calculated risk exposure.

5. VAST

Standing for Visual, Agile, and Simple Threat modeling, it provides actionable outputs for the specific needs of various stakeholders such as application architects and developers, cybersecurity personnel, etc. VAST offers a unique application and infrastructure visualization plan so that the creation and use of threat models don't require any specialized expertise in security subject matters.

6. Attack Tree

The tree is a conceptual diagram showing how an asset, or target, could be attacked, consisting of a root node, with leaves and children nodes added in. Child nodes are conditions that must be met to make the direct parent node true. Each node is satisfied only by its direct child nodes. It also has "AND" and "OR" options, which represent alternative steps taken to achieve these goals.

7. Common Vulnerability Scoring System (CVSS)

This method provides a way to capture a vulnerability's principal characteristics and assigning a numerical score (ranging from 0-10, with 10 being the worst) showing its severity. The score is then translated into a qualitative representation (e.g., Low, Medium, High, and Critical). This representation helps organizations effectively assess and prioritize their unique vulnerability management processes.

8. T-MAP

T-MAP is an approach commonly used in Commercial Off the Shelf (COTS) systems to calculate attack path weights. The model incorporates UML class diagrams, including access class, vulnerability, target assets, and affected value.

9. OCTAVE

The Operationally Critical Threat, Asset, and Vulnerability Evaluation (OCTAVE) process is a risk-based strategic assessment and planning method. OCTAVE focuses on assessing organizational risks only and does not address technological risks. OCTAVE has three phases:

  • Building asset-based threat profiles. (Organizational evaluation)
  • Identifying infrastructure vulnerabilities. (Information infrastructure evaluation)
  • Developing and planning a security strategy. (Evaluation of risks to the company's critical assets and decision making.)

10. Quantitative Threat Modeling Method

This hybrid method combines attack trees, STRIDE, and CVSS methods. It addresses several pressing issues with threat modeling for cyber-physical systems that contain complex interdependencies in their components. The first step is building components attack trees for the STRIDE categories. These trees illustrate the dependencies in the attack categories and low-level component attributes. Then the CVSS method is applied, calculating the scores for all the tree's components.

There are several ways to assess security threats, which is great as the threats are real and will continue as hackers develop new ways to conduct their dark activities.

Cybersecurity Career Guide

The Path to Becoming a Cybersecurity ExpertDOWNLOAD GUIDE
Cybersecurity Career Guide

Do You Want a Career in Cyber-Security?

The prevalence of cybercrime is creating countless career opportunities for the right person. Simplilearn offers a comprehensive selection of cybersecurity-related courses that equip you to tackle the challenges of the 21st century.

The CISSP certification course helps you develop expertise in defining IT architecture, so you can design, build, and maintain a secure business environment based on global information security standards. The course covers industry best practices and prepares you for the CISSP certification exam held by (ISC)². You get 67 hours of in-depth learning, five simulation tests to get you ready for CISSP certification, and the 30 CPEs needed for taking the exam.

But why stop there? You can also learn how to be a certified ethical hacker (CEH) or an accredited cyber-security expert. If you're already involved in the cyber-security field and want to upskill, consider CISM, CSSP, and CISA certifications.

In the quest for better cyber-security, the well-informed, highly skilled professional is every organization's most valuable asset. Let Simplilearn turn you into a cyber-security superstar.

About the Author

SimplilearnSimplilearn

Simplilearn is one of the world’s leading providers of online training for Digital Marketing, Cloud Computing, Project Management, Data Science, IT, Software Development, and many other emerging technologies.

View More
  • Disclaimer
  • PMP, PMI, PMBOK, CAPM, PgMP, PfMP, ACP, PBA, RMP, SP, and OPM3 are registered marks of the Project Management Institute, Inc.