What is Threat Modeling?
By: James Azar
Threat modeling in cybersecurity is a group of different activities for boosting cybersecurity that includes identification of objectives and vulnerabilities, elucidation of countermeasures to avoid, and mitigation of the effects of danger and threats to the system.
To make it simple, threat modeling in cybersecurity is a planned activity that identifies and assess’ application vulnerabilities and threats.
How can we help?
Cyberhub Academy seeks to work with the latest technologies to mitigate the threat landscape and get to the vulnerabilities in an organization before the hackers have a chance.
In order to explain what threat modeling seeks to achieve, it’s better to have a closer look, piece by piece of how threat modeling works in action:
What is a threat?
A threat is an actual undesirable or potential event – either incidental, such as the failure of a storage device or malicious, like a DoS attack
Even the organizations, which put great focus on securing IT processes can succumb to cybercrimes and legal compliance just won’t cut it, when it comes to prevention.
Threat modeling, gives organizations the chance to pivot when situations arise.
In cybersecurity this covers three main components:
Assets: What valuable equipment and data should be protected?
Threats: What might an invader/hacker do to your system?
Vulnerabilities: What shortcomings in your system make an invader realize a threat?
So, in any organization, there are various threats, which are inscribed to distinct layers of the company’s framework.
When threat modeling, we must look at three layers under attack:
Application: The threat involves input tampering, XSS, SQL injection, etc.
Host: The threat involves a malicious file, buffer overflow, etc.
Network: The threat involves malicious packets, spoofed, etc.
When should we be doing threat modeling for better cybersecurity?
Preferably, threat models are generated during system-design prior to any development, although they can be performed at any time.
Practically, threat models are created for the existing systems to make it a part of maintenance. The system designers having security experience are most suitably provisioned to identify the dangers or threats.
Threat modeling in action.
There are six following steps to threat modeling which include:
1. Identification of Assets
It is the first and foremost step in threat modeling in which the potential and valuable assets of an organization are identified. For example,
- Entrance and exit points
- Trust levels
- System assets and resources
2. Description of the Architecture
This step requires the description of the architecture on which the potential asset will be processed. It includes the software version, framework, and other architecture related details.
3. Application breakdown
This step requires the collapse of the application related to its processes and all the sub-processes, which are running that application.
4. Identification of the threats
This step requires the identification of threats in some descriptive way as to be reviewed in further processing.
5. Categorization and Classification of the Threats
In this step, the threats in predefined classes are categorized, which are: tampering with data; identity theft; Denial of Service and Information Disclosure
6. Rating Threats
In this final step, the damage potential is rated, helping companies prioritize their business processes regarding threats and the correct response. It takes place through a run through of the complete lifecycle of the process from the initialization and deployment to the maintenance process as well.
If you are a security professional, hobbyist, or enthusiast, the CyberHub Engage YouTube Channel publishes content daily on the latest news, trends, events, and CISO interviews.