July 5, 2016

Threat Trees

Build Threat Trees Automatically

One of the biggest challenges of information security is the output of security exercises in the form of wordy reports. For stakeholders these are not very easy to read and often seem to be delivered in the form of lists without demonstrating a system or application at a high level. Threat models in themselves take a hybrid approach of being system and asset centric in the visualization where a viewer sees the system of interconnected components.

ThreatModeler goes a step further. Using the threat model as a source, the Intelligent Threat Engine builds a tree diagram as seen in the figure below that we define as a threat tree. Each threat tree displays a logical and hierarchical representation of a threat,and the relation to the underlying attributes of the application or system. Additionally, multiple threat trees, each representing the individual components of an application merged into a single entity to provide a consolidated view of threats to the whole application. This illustrates why a threat exists in the system and the relevant security controls to mitigate those threats

 

Benefits

  • Enables the rapid visualization of individual components in conjunction with all the potential threats and their relevant security controls that should be applied to the component to prevent or mitigate the threat.
  • Ensures a full understanding of all the attack vectors and the attack path needed for an attacker to succeed.
  • Assists in determining the adequacy of existing security controls against threats.
  • Provides the ability to map security policies and actions to application components and the courses of mitigation that are available.

Constructing Threat Trees - Create Threat Tree - ThreatModeler

Try ThreatModeler™ today!  Request a Demo