When you perform threat modeling for your organization, you document potential threats and prioritize those threats (often by putting yourself in an attacker’s mindset). There are four well-known methods. STRIDE, introduced at Microsoft in 1999, focuses on spoofing of user identity, tampering, repudiation, information disclosure, denial of service and elevation of privilege. PASTA (process for attack simulation and threat analysis) provides dynamic threat identification, enumeration and scoring. Trike uses threat models based on a requirements model. VAST (visual, agile and simple threat modeling) applies across IT infrastructure and software development without requiring security experts.
Threat Modeling Methodologies.
Part of the job of the security team is to identify threats. You can identify threats using different methods:
A Focus on Attackers.
This is a useful method in specific situations. For example, suppose that a developer’s employment is terminated. After extracting data from the developer’s computer, you determine that the person was disgruntled and angry at the management team. You now know this person is a threat and can focus on what he or she might want to achieve. However, outside of specific situations like this, organizations are usually not familiar with their attackers.
What is Assets.
Your organization’s most valuable assets are likely to be targeted by attackers. For example, if you have a large number of databases, the database with the HR and employee information might be the most sought after.
Focus on Software.
Many organizations develop applications in house, either for their own use or for customer use. You can look at your software as part of your threat identification efforts. The goal isn’t to identify every possible attack, but instead to focus on the big picture, such as whether the applications are susceptible to DoS or information disclosure attacks.
The Concepts (Threat Modeling).
If you understand the threats to your organization, then you are ready to document the potential attack vectors. You can use diagramming to list the various technologies under threat. For example, suppose you have a SharePoint server that stores confidential information and is therefore a potential target. You can diagram the environment integrating with SharePoint. You might list the edge firewalls, the reverse proxy in the perimeter network, the SharePoint servers in the farm and the database servers. Separately, you might have a diagram showing SharePoint’s integration with Active Directory and other applications. You can use these diagrams to identify attack vectors against the various technologies.