Threat modeling is a key responsibility for any cybersecurity team that is looking to protect their organization and their organization’s assets. It’s designed to help cybersecurity teams proactively find and identify potential risks and threats, working through scenarios, response models, and other forms of threat detection.
However, threat modeling continues to evolve as threats evolve. In this article, we’ll go over how to start leveraging threat models, which misconceptions to ignore, and how to find the right framework so you can properly defend your organization.
- What is Threat Modeling?
- The Threat Modeling Process
- Common Threat Modeling Misconceptions and Mistakes
- Choosing a Threat Modeling Framework or Method
- Threat Modeling With Varonis
- Threat Modeling FAQ
What is Threat Modeling?
Threat modeling is the overall process of evaluating risks, threats, and vulnerabilities to an organization, identifying the likelihood of those threats compromising an organization, and assessing your ability to prevent and respond to those threats.
Threat modeling helps organizations proactively prepare against scenarios that would put them in a compromised place. Common scenarios include when an organization falls prey to a malicious attack such as phishing, ransomware, or MitM attack.
However, effective threat modeling expands the scope of what’s possible and what an organization can be prepared for. For example, when an organization is bringing on a major vendor or partner, such as a database infrastructure provider, there’s a risk to account and prepare for.
The same is true if an organization is deploying something public-facing such as a new website or a major update to their app. Understanding how these scenarios could lead to a potential compromise and knowing how to respond effectively is key.
The Threat Modeling Process
The threat modeling process, traditionally, follows four basic steps:
Planning: What Are We Building?
This is a crucial step where you build out the framework that scopes out your threat model. Here’s where you define your applications, your architecture, data flow, data classifications, involved assets, and the parties and stakeholders involved, such as departments, partners, and even customers.
By speaking to all involved parties and understanding each relevant use case, components, permissions, users, access points, and significant assets, you’ll be able to move onto the next step.
Identifying: What Can Go Wrong?
This step starts with identifying and classifying the kinds of threats you may be exposed to or at risk of based on the previous steps. This is why being as detailed as possible is important as you need to have the full scope of your entire attack surface.
From there, you should go through various attack scenarios – whether it’s a ransomware attack, data exfiltration, SQL injection, or something else. Knowing how critical your assets are and where the point of failure is will help you understand which attacks put your organization most at risk.
Prevention/Mitigation: What Are We Doing to Defend Against Threats?
This takes the scenario-building exercise further, where you and your team identify what technology, incident response plans, controls, threat and risk mitigation tools, and processes you have to prevent or reduce the damage in case of a compromise or successful attack.
Understand that there may be a lot of overlap here – you shouldn’t have a one-to-one set of tools and technology for each type of attack or scenario. Instead, your organization should be leveraging tools, systems, controls, and processes that protect and defend your organization more holistically.
Validation/Remediation: Have We Acted On The Previous Steps?
The above step should surface any gaps that may leave your organization or data unsecured or vulnerable. Ultimately, this step should allow you to assess whether the threat is properly mitigated or not and identify what’s necessary to shore up any critical gaps.
This step is continuous and ongoing – as threats change and evolve, and your organization changes so do the threat model. Returning to this step regularly will allow you to better understand what changes require you to update your processes, tools, system, or approach.
Common Threat Modeling Misconceptions and Mistakes
Threat modeling is one of the more complicated security undertakings, leading to misconceptions and mistakes that can hurt the overall process. Here are a few worth going over.
Thinking Penetration Tests, Security Awareness Training, and Code Reviews are enough
Threat modeling encompasses threats and scenarios much more holistically than something like a penetration test or security awareness training.
These are still effective processes that will alert you to gaps and vulnerabilities, but threat modeling is much more effective at giving you a company-wide understanding of what you are and aren’t prepared for while providing more applicable proactivity.
Waiting Until Your Department is Larger or More Mature
Threat modeling is complicated but not so much so that you should put it off. Starting small and even working through some basic threat modeling steps is a good start and may surface some important blind spots.
By starting out small, you can build in regular check-ins so you can build up your threat modeling, mature it, and make it more effective as your department grows and increases its resources and availability.
Not Threat Modeling Before Any Major Deployment
Releasing new code, a new product, or a major upgrade without threat modeling first can be incredibly risky. Not only are you allowing yourself to deploy something that’s potentially vulnerable, but you also don’t know the extent of the threat or the risk.
Threat modeling is best applied in this scenario, allowing you to ensure there aren’t any easy-to-exploit vulnerabilities while also giving you the detailed information needed to be proactive in case there is a compromise or security incident.
Choosing a Threat Modeling Framework or Method
There are a variety of threat models and frameworks available to choose and they each have their different applications and level of complexity. Some vendors, partners, or tools also provide solutions or software that help you undertake the threat modeling process.
Some of these frameworks can also be combined or leveraged in tandem with other risk frameworks, especially if your threat model incorporates various kinds of attack surfaces and risk vectors. A helpful blog by CMU details 12 different threat models you can use and details the scenario that dictates when you should use one over another.
In general, there are several key factors you should consider when adopting a threat model framework or method:
- Your industry (and associated threats and risks)
- Your security department’s size
- The make-up of your organization (and stakeholders)
- Available resources
- Your risk model and appetite
- Reason for threat modeling
- What’s involved (employees, devices, code deployment, third-parties)
- Available threat models (whether offered by a partner or existing vendor)
As you embark on your threat modeling, these considerations will help you scope out a few key details, such as the assets at risk and potential attackers, which will narrow down what kind of framework you should use.
Threat Modeling With Varonis
It’s common for organizations to work with other partners or vendors to aid them in their threat modeling process. Varonis helps organizations by working with them to apply the right threat model framework depending on an organization’s needs and upcoming projects.
Varonis’ research lab is continuously developing new threat models to identify vulnerabilities, threats, and risks as soon as they come out, giving it the ability to build out further ways to prevent, secure, and respond to any incident.
With Varonis, you’ll be able to find the right threat model and have an experienced partner that won’t only alert you to the kinds of threats you’re exposed to but also give you a framework and plan of action to keep your organization secure.
To see how you can work with Varonis to keep your organization secure, check out our Data Protection Solution and get your free data risk assessment.
Threat Modeling FAQ
A quick look at the answers to common questions people have about threat modeling.
Q: What is the threat modeling process?
A: Threat modeling is a procedure put in place to identify security threats and vulnerabilities and prioritize countermeasures to respond to potential threats.
Q: What is a threat model example?
A: An example of a threat model would involve a template or checklist that is the basis for a process flow diagram that helps visualize potential threats from the perspective of user interactions.
Q: How does threat modeling vary from an attack tree?
A: Attack trees are graphical representations of a system’s vulnerabilities. Attack trees can be used as a component of threat modeling.
We've been keeping the world's most valuable data out of enemy hands since 2005 with our market-leading data security platform.How it works
Josue Ledesma is a writer, filmmaker, and content marketer living in New York City. He covers information security, tech and finance, consumer privacy, and B2B digital marketing. You can see his writing portfolio on https://josueledesma.com/Writing-Portfolio