The output of a single threat model begins with the identification, enumeration, and prioritization of all potential threats against an application. However, when an organization has hundreds or thousands of applications, the output needs increase. At this level organizations also need a consolidated view of all their threat models. This is where attack surface analysis becomes necessary.
An attack surface analysis is a measure of all the ways which an attacker can use to infiltrate, steal, damage, delete, or alter the available assets. Security experts calculate it as a complex aggregation of all paths into and out of the various applications within an operational system, the valuable assets which are accessible along those paths, and the controls that protect these assets. While the calculation may be complicated, understanding the resultant measurement is simple. The larger the calculated value, the more vulnerable the organization’s applications and infrastructure are to attack.
Traditionally security architects and penetration testers determine the vulnerability exposure of an application through manual and automated testing tools. The testing and remediation are resource-intensive processes. An often cited goal of threat modeling is proactively reducing an organization’s exposure to potential threats, which thereby reduce or eliminate the vulnerabilities that make it to testing. By mitigating potential threats during application design, they cannot become exploitable vulnerabilities.
However, in today’s environment which derives value from interconnectedness, a testing process that considers only one application at a time is highly inadequate and ineffective for providing the “big picture” to the senior executives. Single application analysis cannot reveal the vulnerabilities resulting from the interactions between applications, systems, or users of the application. Attack surface analysis provides organizations with a comprehensive view of how all the applications and infrastructure are interconnected and the potential threats that result from that interconnectedness.
How ThreatModeler™ helps Shrink your Attack Surface
ThreatModeler™ automatically correlates the threats and interconnectivity from various threat models and provides a powerful, automated means to monitor – in real time – the organization’s attack surface. Stakeholders benefit from ThreatModeler’s™ power, automation, and scalability with integrated tools:
- Threat Tracer – A significant challenge to building an effective threat management practice is the ability to follow a threat across the various applications back to its source or origin. Threat tracing is essential if executives are to make informed mitigation strategy decisions. Threat Tracer allows users to follow threats, across an enterprise’s complete application portfolio, back to their source within specific applications. This allows organizations to quickly determine the threat origin when it identifies an emerging attack vector, and to responsively adjust its mitigation strategy.
- Threat Profiler – Gauging the technical and business impact which may be imposed by potential threats is a significant challenge for today’s organizations. A threat profile clarifies the risk presented by threats. Threat profiles include an attacker’s profile and the impact an executed threat will impose on the business and technical aspects of the organization. Threat Profiler generates a complete threat profile for each threat, automatically, making contextual risk analysis and threat prioritization an integral part of the organization’s mitigation strategy.
- Threat Tree – An enumeration of potential threats to an application is insufficient to understanding the overall risk inherent. A more comprehensive understanding of application risk must include contextual details including data exposure, an attacker’s profile, and the appropriate security controls that should be applied to mitigate the risk. Threat Tree provides a graphical representation, in a tree-like format, of this additional detail. The resulting view allows users to easily and quickly understand application risk exposure enterprise-wide. Moreover, Threat Trees display data that may be customized and tailored to produce whatever documents are required for auditing purposes.
When your organization’s needs require a comprehensive, efficient, real-time attack surface analysis, the solution that stands out above all others is ThreatModeler™.
ThreatModeler™ is the industry’s first automated, scalable, and repeatable threat modeling tool.