5 Threat Modeling Frameworks and Methodologies You Should Know

Five threat modeling methodologies to consider

What are the typical digital threats your business faces, and what are its potential weaknesses? These are the questions you need to answer before choosing the appropriate threat modeling framework. If you are a growing firm with a handful of cloud services, simple trees can help describe your IT threats; however, a complex organization requires more detail. This is where methodologies like STRIDE and PASTA come in.

1. Use attack trees to understand threats

Attack trees create a representation of how attackers can break into your IT systems. These charts display attack goals as a root with possible paths as branches. When creating trees for threat modeling, multiple trees are created for a single system, each denoting an attacker’s likely goal and how they could achieve it.

Attack trees are a traditional method of looking at the problem and are ideal for highlighting issues to non-technical business leaders. They can, however, become highly complex in larger IT systems, so are often used in conjunction with other methods.

2. Use STRIDE threat modeling to explore threats

Invented by Microsoft, STRIDE acts as a guide to the various threats your business can face.

STRIDE is a mnemonic:

• Spoofing: Attackers pretend to be legitimate users or systems.
• Tampering: Attackers can modify or inject code to create exploits.
• Repudiation: Untraceable or unprovable attacks or events against a system.
• Information disclosure: Data is unintentionally or deliberately leaked or left accessible .
• Denial of service: Services, apps, or networks are hit with a high volume of traffic to damage a business.
• Escalation of privileges: Hackers gain administrator or user access to create their own accounts or perform actions.

By designing an IT system or security infrastructure to address all of these threats, most firms will be well prepared to handle them. Each STRIDE weakness has a solution, be it strong account management, automated updating, enforced security, or authentication to help repel or limit the damage of any attack. 

3. Protect business objectives through PASTA

Process for Attack Simulation and Threat Analysis (PASTA) is helpful for companies that have a strong understanding of their business processes, but not their security implications. It helps businesses identify, list, and establish priorities for dealing with threats.

Using seven steps, the PASTA threat model allows a company to:

1. Define business objectives (which it should already have to hand).
2. Define the scope of each IT asset and components (networks, PCs, mobiles, applications, clouds).
3. Identify the weakness and controls in each asset.
4. Research the threats and create an analysis based on typical threats to your industry and products (an ongoing process that keeps the business aware of the latest threats).
5. Detect vulnerabilities (finding what risks your systems have and need fixing).
6. Conduct attack modeling and analysis (take the attacker’s viewpoint and understand how they would try to break into your systems) .
7. Perform risk analysis to develop countermeasures (deploy the tools that would stop attackers).

The benefits of PASTA include:

• Aligning security with the business and its processes, rather than taking an arbitrary or vendor-led approach.
• Creating a broad picture of business threats that can be expanded as the company grows, and linking cybersecurity responsibilities to roles or teams.
• Fuelling an informed decision-making process for the adoption of security tools or solutions.

4. Score your vulnerabilities with CVSS

The Common Vulnerability Scoring System (CVSS) helps companies score their threats and known vulnerabilities. It creates a prioritized list of the greatest threats and the tools needed to address them.

The CVSS standard was developed as an open framework in the U.S. back in 2007 by the National Institute of Standards and Technology (NIST). It has been updated several times to track the latest trends and risks.

CVSS helps businesses understand threats, identify the impact an attack could have, and highlight the right countermeasures or solutions. As an open framework, it helps reliably assess threat intelligence developed by other companies and security professionals.

It works by allowing teams to apply values to each element of a threat, its impact, risk, and ease of attack, among other factors. These figures enable IT security experts to explain the risks to non-tech-focused leaders.

5. Security Cards help creative types understand IT risks

Security Cards are based on brainstorming and creative thinking rather than structured threat modeling approaches. Designed to help security teams account for less common or novel attacks, the methodology is also a good way for security teams to increase their knowledge of threats and threat modeling practices.

The cards explain the risks and answer questions about possible attacks, giving businesses an understanding of how they need to respond. It also helps companies model how a likely attack could play out.

There are a number of threat modeling techniques available beyond what is presented here. The methodologies explored are commonly used and well established, with STRIDE being the most mature (formally created in 1999). But it’s important to identify the right threat modeling framework for your specific requirements and use it to make your software security stronger, more resilient, and more flexible.