As threat actors continually advance their attack techniques, organisations should prioritise the improvement of their security infrastructure to protect critical assets, intellectual property, and overall business operations. The Veracity Threat Modelling Security Service evaluates your organisation’s security controls and uncovers attacker behaviours to reveal unknown risks and vulnerabilities within existing and proposed systems, including software applications, business processes, and operational networks.
THREAT MODELING ACROSS THE LIFECYCLE
Threat modelling is best applied continuously throughout a software development project. The process is essentially the same at different levels of abstraction, although the information gets more and more granular throughout the lifecycle. Ideally, a high-level threat model should be defined early on in the concept or planning phase and then refined throughout the lifecycle. As more details are added to the system, new attack vectors are created and exposed. The ongoing threat modelling process should examine, diagnose, and address these threats.
It is a natural part of refining a system for new threats to be exposed. For example, when you select a particular technology, such as Java, you take on the responsibility of identifying the new threats that are created by that choice. Even implementation choices, such as using regular expressions for validation, can introduce potential new threats to deal with.
Updating threat models is advisable after events such as:
A new feature is released.
A security incident occurs.
Architectural or infrastructure changes
HOW DOES THREAT MODELING WORK?
Threat modelling works by identifying the types of threat agents that cause harm to an application or computer system. It adopts the perspective of malicious hackers to see how much damage they could do. When conducting threat modelling, organisations perform a thorough analysis of the software architecture, business context, and other artefacts (e.g., functional specifications, user documentation). This process enables a deeper understanding and discovery of important aspects of the system. Typically, organisations conduct threat modelling during the design stage (but it can occur at other stages) of a new application to help developers find vulnerabilities and become aware of the security implications of their design, code, and configuration decisions. Generally, developers perform threat modelling in four steps:
Diagram. What are we building?
Identify threats. What could go wrong?
Mitigate.. What are we doing to defend against threats?
Validate. Have we acted on each of the previous steps?
ADVANTAGES OF THREAT MODELLING
When performed correctly, threat modelling can provide a clear line of sight across a software project, helping to justify security efforts. The threat modelling process helps an organisation document known security threats to an application and make rational decisions about how to address them. Otherwise, decision-makers could act rashly based on scant or no supporting evidence.
Overall, a well-documented threat model provides assurances that are useful in explaining and defending the security posture of an application or computer system. And when the development organisation is serious about security, threat modelling is the most effective way to do the following:
- • Detect problems early in the software development life cycle (SDLC)—even before coding begins.
- • Spot design flaws that traditional testing methods and code reviews may overlook.
- • Evaluate new forms of attack that you might not otherwise consider.
- • Maximise testing budgets by helping target testing and code review.
- • Identify security requirements.
- • Remediate problems before software releases and prevent costly recoding post-deployment.
- • Think about threats beyond standard attacks and the security issues unique to your application.
- • Keep frameworks ahead of the internal and external attackers relevant to your applications.
- • Highlight assets, threat agents, and controls to deduce components that attackers will target.
- • Model the location of threat agents, motivations, skills, and capabilities to locate potential attackers in relation to the system architecture.
VERACITY THREAT MODELING APPROACH
While adopting a threat modelling methodology, it is equally important to understand the differences in the approach, process, and objectives. There are several cyber threat modelling methodologies used to improve cybersecurity and threat intelligence practices. To ensure that threat intelligence is actionable, our information security professionals utilise methods that align with their specific business goals and objectives.
Veracity Info Parks Services include threat modelling, which can identify potential weaknesses that may increase your system’s susceptibility to an attack, including secure design violations, security control omissions, or control misconfiguration, weakness, or misuse.
The Veracity high-level approach
- • Model the system.
- • Conduct a threat analysis.
- • Prioritise the threats.
Benefits
- 1. Detect problems early in the SDLC—even before a single line of code is written.
- 2. Spot design flaws that traditional testing methods and code reviews might overlook.
- 3. Evaluate new forms of attack that might not otherwise be considered.
- 4. Maximise your testing budget by helping you target your testing and code review.
- 5. Identify holes in your requirements process.
- 6. Save money by remediating problems before releasing software and performing costly code rewrites.
Engagement outcomes
- • Executive briefing Overview of the service scope and critical findings
- • Threat model Documentation of specific system architecture components and related deficiencies and vulnerabilities that enable attackers to bypass your security controls
- • Tactical recommendations Actions that can reduce risk, improve security posture, and enable remediation for short- and long-term success