Nowadays, organizations are shifting their focus from DevOps – an approach to the software development life cycle (SDLC), which applies to the origin of a project, through deployment. Within SDLC, the DevSecOps approach integrates security as early as the planning stages – what is now known as shifting security left – to ensure a more proactive, preventive approach to data protection. Threat modeling has become a vital activity in DevSecOps application development.
Threat modeling helps organizations map out and model IT infrastructure components, including users and connectors, in order to better understand security threats. With a clearer picture of what’s “under the hood,” CISOS, IT managers and security teams can prioritize threats and vulnerabilities to minimize risk. Other outcomes of threat modeling include:
- Scope application security objectives
- Take a more preventive approach to cybersecurity
- Develop security measures, which include requirements and controls
- Save on costs related to data breaches by being proactive rather than reactive
Authors of the 2019 Cost of a Data Breach report presented by IBM reported that the chances of a data breach occurring is 29.6%, up 27.9% from the previous year. Additionally, the average cost of a data breach is $3.92 M. Organizations are hard pressed to lower prices tied to security and incident response. CISOs can accomplish this by implementing and communicating concise, enforceable security policies. They can also make it a point to align security with IT and operations (where DevSecOps comes in).
Benefits of Threat Modeling
One facet of Information security is about understanding risk and prioritizing threat management based on risk appetite. Organizations determine the level of risk they are comfortable with accepting in regard to business continuity. Determining factors include acceptable loss, cost of mitigation against the potential loss and general impact of the security event. There are a number benefits to threat modeling that make the process important to the success of an organization’s SDLC:
- Scalability, in that you can build threat models for any application, whether it be mobile, web, Internet of Things (IoT)
- Collaboration, in that authorized personnel, e.g. security managers, can keep track of the security processes that stem from the threat model.
- Think like a hacker and understand threat agents, including threats and vulnerabilities.
ThreatModeler sets itself apart from the competition by automating key processes. Through integrations with key threat frameworks (CAPEC, OWASP, NVD). ThreatModeler keeps updated with the latest threats. Scalability is a big plus featured in the platform, which allows users to save threat models to a library, refine their approach along the way, and build upon existing libraries.
ThreatModeler also integrates with AWS and Azure, which are leading cloud providers. Entire threat models come pre-built for applications with compensating controls that are based on respective cloud security best practices. The platform will help CISOs, security teams and business functions across an enterprise to achieve end-to-end protection against threats. The following guidelines will help your SDLC team to better understand threat modeling applications.
Gettting Started with Threat Modeling
- Scope out your project – at the start of your SDLC project, conduct an inventory and analysis of your information assets. Build an understanding of what is at stake based on the data and systems in your possession. Make sure your organization understands the capabilities of each system, application, data object and business process that they support.
- Identify threats – threat modeling will enable you to understand the different types of bad actors involved in a cyberattack. For example, they can be single cybercriminals, hacktivists, syndicates, even insider threats. Knowing from where your threats are coming will help to guide your security countermeasures. In cybersecurity, countermeasures are actions and applications that can help to mitigate threats and vulnerabilities.
- Prioritize identified threats and vulnerabilities – the next step will be to reduce threats and vulnerabilities to manage risk. Each threat will have a potential outcome that you can evaluate to better understand the potential impact, including cost. Look at each threat model as a learning process to better understand and predict threats.
When is the best time to threat model?
As stated earlier, the best time to threat model is during the planning phases. In the case that you have already started your application development, it is never too late to threat model. At any length, threat modeling will help your enterprise to better understand your IT infrastructure and how data is communicated to and from it. It is highly recommended that you start threat modeling as soon as possible. This will help to prevent poor design decisions that can lead to flaws. After assembling your team, your first session will be about getting familiar with threat modeling, including learning new tools and figuring out the best way to analyze the results.
What is the best way to approach threat modeling?
Threat modeling will depend on an organization’s size and objectives. Other factors include staff skill set and resource management. Whether small or large, organizations will need to either establish, build upon or maintain a threat modeling program based on the maturity level of their development processes. When seeking out security talent, more and more threat modeling is a required skill. Otherwise, figure out what training – including tools and procedures – are necessary.
When assembling your team, keep access to information and resources restricted to the degree of “least privilege.” You will need to know the administrators, system users and contractors that will be on board. Threat modeling is particularly useful to inform penetration testers on existing IT infrastructure, which could lead to effort savings. When you are looking at potential bad actors, be as thorough as possible, and include disgruntled ex-employees. Keep in mind that data breaches can occur through carelessness or oversight. If you miss a certain type of actor, you may miss an entire group of threats.
How to Map the Data Flow of Each System
Threat models are typically mapped out on a process flow diagram with connectors between components that point to the directional flow of data. The data flow will indicate other factors, such as:
- Components that interact with one another along the way
- Data destination points
- Vulnerabilities along the attack surface where hackers can target data objects along the way
Keep in mind that information flows may be different based on the processing needed. You can treat threat models a decision tree towards an expected outcome. An example is a request to a user’s browser to input username and passwords, where the information sent interacts with various components. Look again for any gaps or areas needing refactoring (fixing your own codes) and installing patches or updates to third party components.
Search for opportunities for each data flows for any actors to get hold of valuable information. If something makes you frown, step back through the process and move that threat through until you can mitigate the frowning moment.
Know When Your Threat Modeling Process is Complete
At this point you will have a list of security threats and security requirements, plus test cases. Now is the time to prioritize them based on likelihood and perceived impact. Deciding on your level of acceptable risk will occur at this point.
Once a threat modeling program is established, it’s important to continuously monitor your attack surface and make sure threat models are updated based on changes to the project.
ThreatModeler Closes the Year Out with a Strong Presence at AWS re:Inforce and H-ISAC
The world’s leading platform for creating, updating and sharing threat models is sponsoring hosted booths at AWS re:Inforce and H-ISAC 2019 Fall Summit. We are committed to building communities, while sharing information on current and emerging security trends. Come visit booth #1 at H-ISAC and booth #3809 at AWS re:Inforce #3809. Both conferences take place on December 2-6.
H-ISAC is an organization that brings together healthcare and medical providers to share important knowledge and information regarding information security. This is the first year that ThreatModeler will be at the conference, which will cover both physical and digital security. ThreatModeler will also be sponsoring a boat cruise that takes place at the conclusion of the conference.
AWS re:Invent also brings together technology vendors, customers and technology partners from around the globe for what is expected to be the biggest turnout of cloud vendors in 2019. ThreatModeler is an Advanced Technology Partner of AWS and is excited to present attendees with news and information about new platform.
To schedule a private meeting with one of our team members, email email@example.com