Since Edward Amoroso first introduced the concept of threat trees in 1994 within his book “Fundamentals of Computer Security Technology,“ threat modeling tools and methodologies have evolved to meet the changing needs of the threat landscape. The concept of threat trees was based on decision tree diagrams, visually representing how threats to IT systems can be exploited.
Related Blog: The Evolution of Threat Modeling
Enterprises now have access to sophisticated threat modeling tools that save money and time by automating and scaling security during the early stages of the software development life cycle (SDLC). Free threat modeling tools are also available, however, the limited capabilities and lack of automation and ability to scale means that these solutions aren’t ideal for large or growing enterprises.
Before considering and choosing a specific tool, it’s critical to first review the various threat modeling methodologies that the tools are built upon. Because all methodologies are capable of identifying potential threats, an organization should decide on its methodology by identifying the desired outputs and reviewing the pros and cons of each methodology:
Threat Modeling Tool Methodologies
VAST (Visual, Agile, Simple Threat modeling) is founded on the idea that threat modeling will only be effective if it scales across the enterprise and encompasses the entire SDLC, starting in the earliest stages. VAST provides actionable insights to key stakeholders while integrating seamlessly within Agile environments. The end goal is to provide threat visualization to stakeholders across the entire organization, regardless of technical proficiency, so responsibilities can be distributed through the organization.
Learn More: Threat Modeling Methodologies: What is VAST?
STRIDE (Spoofing, Tampering, Repudiation, Information disclosure, Denial of service, Elevation of privilege) was created for developers to identify and mitigate security risks during the design phase, before deployment. If new threats arise after the application is in use, STRIDE must be used in combination with post-deployment evaluation. The further along the SDLC that a threat is identified, the more costly and time-consuming it will be to resolve.
PASTA (Process for Attack Simulation and Threat Analysis) assess security from the attacker’s point of view using simulated attacks, constructing a defense strategy using threat identification and risk scoring. Because PASTA incorporates business impact analysis as a crucial part of the process, cybersecurity responsibilities can go far beyond the IT department. This can result in the need for significant education and training for stakeholders across the organization.
OCTAVE (Operationally Critical Threat, Asset, and Vulnerability Evaluation) is one of the oldest methodologies and focuses exclusively on security practices and operational risks. A security team must be comprised of stakeholders across departments, and OCTAVE works best when an organization has comprehensive knowledge of the applicable threat landscape. This manual methodology lacks scalability; with new users, applications, and functionality, it quickly becomes unmanageable.
Trike is unique in that it requires stakeholders to review each class of assets before threat assessment and assign an acceptable risk score. Identified threats are then compared to the assets so that remediation can be prioritized. Trike automates repetitive threat modeling actions to free up resources, but it does require someone to conduct an attack surface analysis of the entire system; making it challenging to scale to large systems.
As you can see, there are a variety of ways to implement threat modeling within your organization. For growing enterprises, the VAST methodology provides the most value because it directly supports automation, integration, and collaboration; the three pillars for scalable threat modeling.
Using VAST, ThreatModeler provides a holistic view of the entire attack surface, enabling enterprises to minimize their overall risk. ThreatModeler’s easy one-step process flow diagrams, visual interface, and up-to-date threat databases empower organizations to enable non-security professionals to strategically prioritize and address threats.
ThreatModeler is an automated threat modeling tool that strengthens an enterprise’s SDLC by identifying, predicting and defining threats across all applications and devices in the operational IT stack. This automated platform works with all types of computing environments.
To learn more about why ThreatModeler is a good choice for your enterprise, contact us to speak with an application threat modeling expert today.