Until very recently, threat modeling was strictly a proactive technique to identify and mitigate potential threats in an application. Creating the threat model was something you did during development and before you launched the application. It had a very “fire and forget” feel to it. Do it once and then move on.
To be sure, this proactive aspect of threat modeling is still an essential step in application security (AppSec). But, applications are no longer static pieces of software. And therefore, fire and forget is no longer enough.
Applications sit in a cloud environment, which is anything but static. VMs come and go. Containers come and go. Processing power, storage, and memory are all spun up and turned off as needed. Everything about the application’s environment is constantly changing in response to the application’s demand. Surely a threat model formalized before launch cannot account for the ephemeral nature of today’s applications. I can’t, which is why modern commercial threat modeling tools must include this essential capability: continuous real-time threat assessment.
Is it Still Threat Modeling After Deployment?
Is it still considered threat modeling if it occurs after the application is deployed? Does it matter? The bottom line is effective threat modeling can no longer be a one-time project and must be an ongoing process.
There are two implications here. First, threat modeling must include continuous real-time threat assessment, and second, it cannot be done manually. This implies that whichever threat modeling tool you choose, make sure it has this essential capability.
What do You Get With Continuous Assessment?
What kind of features can you expect from a threat modeling tool with continuous real-time threat assessment? First, it must have auto-discovery. Auto-discovery essentially is a one-click ability to discover the environment and generate a map, a diagram, and a threat model which works with the major cloud service providers (CSP) like AWS, Azure, and Google Cloud. There’s just no way to do continuous assessment without auto-discovery.
Next, it must be able to continuously monitor the application’s environment for any changes and update the threat model periodically, keeping it in sync with the cloud environment. And finally, based on the changes detected, the tool should be able to automatically mitigate the newly identified threats due to the changes. This ensures all the required security controls and requirements are implemented to secure your architecture. Of course, it wouldn’t hurt if the threat modeling tool also sent out alerts to keep you in the loop too.
Organizations understand the importance of creating secure applications. And they are starting to embrace the idea that threat modeling plays an important role in that. Now, organizations need to take the final step and understand that threat modeling must be a continuous process. There are commercial threat modeling tools available today that can deliver that.
If you would like to learn how Threat Modeler can be used to turn your threat modeling efforts into an ongoing project using continuous real-time threat assessment, sign up for a free live demo here.