Like everything else in the world of cybersecurity, threat modeling tools and practices continue to evolve. How is threat modeling evolving? There are five areas where we will continue to see improvement in the future. These are 1) collaboration; 2) ease of use; 3) more info in one place; 4) customization; and 5) improved reporting.
In this article, we will briefly touch on these five areas to give a glimpse of how threat modeling will look in the (not-to-distant) future.
Very few things are done in a vacuum and that includes threat modeling. The more stakeholders that are involved, the more effective the process of threat modeling becomes. That’s why we will continue to see functionality structured around collaboration.
You will see it become easier for internal and external communities of stakeholders to communicate. You will also begin to see multi-level approval workflows. Threat models, in general, need to be approved, but not all changes to a threat model need approval from the same management level. And that’s where multi-level approval options become important.
Individual threat models will become easier to share with different users and user groups. And as threat modeling becomes more template-based, sharing templates will become a powerful form of collaboration that saves time and money.
Ease of use
It’s not uncommon for software tools to become more user-friendly as they evolve and it’s no different with threat modeling. One-click content updating and easier integration setup will become commonplace.
Building a threat model from scratch has been done using drag-and-drop for a while now in the most advanced tools. That process will contain even more functionality going forward. One example of this is dropping a component onto a link and having that link automatically split in two. Another example is being able to add more than one protocol to a link.
To make things easier to use, threat modeling will continue to come with more and more embedded intelligence. That includes things like contextual security controls and test cases.
More Info in One Place
Extending the idea of ease of use is giving users more information without searching (or making searching even easier).
As an example, in the future, you will be able to view 1) the number of high-value target components; 2) the number of open security requirements; and 3) the number of mitigating threats, as a percentage of the total, all in one place.
Components will be made groupable to make them easier to locate. Templates will be previewable to make them easier to identify. And searches will be more powerful, including the ability to search by name, tech stack, version, etc. In short, improved UIs will make building threat models faster and easier.
It should come as no surprise that it will be easier to tailor threat models to your specific needs going forward. At the component level, you will be able to customize attributes and add notes. You will also be able to edit a component to make it a new component.
You will also be able to copy intelligence into a library and make it your own. This will lead to two different kinds of copying, deep and shallow. Deep copying of a component will not only copy component attributes, but its intelligence as well.
Frameworks and templates will be customizable, as well as control implementation. Hardly any part of the threat modeling ecosystem will not be in some way customizable, even including administration and user management.
The number and types of reports will only continue to grow. And of course, each will be customizable.
You will be able to generate audit reports—an activity log of everything that happens to a threat model. You will be able to generate canned reports on threats, requirements, and compliance. And generate a compliance summary report that is filterable by different compliance frameworks.
Naturally, visual reporting will be enhanced. Graphs of threats and their status over time will become commonplace. This will help you see threat trends and take appropriate action. And matrix presentations of threats will help you view threat severity vs mitigation status in one quick view.
Reporting will be more thorough, you will have more information at your fingertips, and you will collaborate easier and customize things to meet your needs. And the future of threat modeling is closer than you think.
If you would like to get a glimpse of the future of threat modeling firsthand, reach out to ThreatModeler and let us introduce you to 6.0.