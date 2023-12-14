Threat modeling was conceived almost immediately after the invention of computer systems that allowed freely sharable data in response to the threat such a concept created. When a system that can be exploited is left unprotected or unregulated, opportunists seek it out to prey on it. Threat modeling protects those who are targeted.

There is some irony there, as cloud sharing is one of the most effective weapons that threat modeling has in its arsenal to protect against cyberattackers.

What is threat modeling?

Threat modeling assesses and improves your system's security safeguards and countermeasures, locating and identifying defense flaws and their solutions. This process also estimates the probabilities of a hypothetical attack, such as common perpetrators, likely infiltration methods, and predictable workarounds that potential hackers might exploit.

This is a practice that many people carry out casually, whether it's looking both ways before crossing the street or not tapping a dodgy link on your favorite budget Android phone.

How does the cloud help with threat modeling?

If an organization or company is subject to a cyberattack or if reports exist of frequent malicious activity from a common source, said organizations will upload valuable indication of compromise (IOC) information about the perpetrators to a cloud, such as their methods and common targets. This allows others to learn about these threats ahead of time and improve their security to be safe in the event of a future attack from the same culprits.

This can be as simple as recognizing an indication of attack (IOA) and countering the threat before it gets serious or preventing the attack. This creates a system of ever-developing threat protection that matches the constantly improving talents of hacking software. Thread models like this allow companies to identify how threats circulate, be it malicious emails, clickbait, impersonation, internal attacks, or exterior attacks from outside hacking software.

Effective threat modeling affects programmers and individuals vital to the systems operations, a collaborative effort between those who lead, those who develop, and those who refine. Banding together like this goes beyond direct cloud links between big corporations. Many refer to open source intelligence (OSINT) acquired from public services regarding infamous cyberattack methods or perpetrators or methods to counter certain attack types.

Open source refers to publicly available information in this context, not to open source platforms like Tor or programs like Linux.

Are there different kinds of threat modeling?

Yes, various threat modeling methodologies have arisen with unique strategies for assessing the security of your system. These methods have benefits, quirks, and drawbacks. The differences depend on the angle they take on the threat prevention front, whether internal, external, conceptual, or experimental.

STRIDE

The STRIDE methodology is a threat modeling methodology designed by Microsoft to categorize potential exterior threats to one of its systems. The acronym represents six threat categories:

Spoofing means pretending to be someone else with malicious intent.

means pretending to be someone else with malicious intent. Tampering refers to the manipulation or editing of company assets, be it hardware, data, or stability.

refers to the manipulation or editing of company assets, be it hardware, data, or stability. Repudiation is when someone denies that they have done or failed to do something and discerns whether they are being untruthful.

is when someone denies that they have done or failed to do something and discerns whether they are being untruthful. Information disclosure refers to granting unauthorized access to restricted material or leaking data to an outside source.

refers to granting unauthorized access to restricted material or leaking data to an outside source. Denial of service is when vital resources are used, withheld, or throttled, such as a distributed denial-of-service (DDOS) attack.

is when vital resources are used, withheld, or throttled, such as a distributed denial-of-service (DDOS) attack. Elevation of privilege is granting access to someone who is not authorized to have it.

These categories of threat make up the STRIDE threat modeling system, identifying the kinds of attacks a system needs to protect itself against.

DREAD

The DREAD threat model assesses potential flaws that could compromise a system, with each letter representing a different angle to consider. Damage, Reproducibility, Exploitability, Affected users, and Discoverability are analyzed for risk data. The model's approach is to prepare a system for hypothetical attacks in the future. DREAD provides ratings that companies can use to measure the level of danger, useful for categorizing risk factors by priority status.

Damage considers how much an attack would harm a system in its current form, paving the way for possible improvements.

considers how much an attack would harm a system in its current form, paving the way for possible improvements. Reproducibility considers whether an attack culprit or method will show up again and whether the systems' defenses will prove ineffective more than once.

considers whether an attack culprit or method will show up again and whether the systems' defenses will prove ineffective more than once. Exploitability takes a walk in the attacker's shoes, approximating how much effort is required to launch an attack and prioritizing defenses for strategies that are quicker and easier.

takes a walk in the attacker's shoes, approximating how much effort is required to launch an attack and prioritizing defenses for strategies that are quicker and easier. Affected users focuses on the would-be victims of a cyberattack, estimating how many departments and individuals will suffer damages.

focuses on the would-be victims of a cyberattack, estimating how many departments and individuals will suffer damages. Discoverability considers how easily a systems team can identify and counteract a threat, applying the antibody principle of having a better chance against threats you know about.

This methodology covers a great deal and considers a range of potential risks for the system and those running it.

Hybrid threat modeling

The Hybrid threat modeling methodology considers the specificities of a particular system when devising how to keep it secure. It mixes and matches the strategies of existing fixed methods to create something more versatile. This practice can give your threat modeling more flexibility and reach when new threats emerge that aren't covered by other methodologies, in addition to keeping itself open to improvement using new threat modeling strategies.

Are there any downsides to threat modeling?

Nothing that methods themselves cause. The only potential risk is relying on one method too much, as they can be somewhat rigid and inflexible. New threats emerge all the time, and the best systems need to stay ahead of the game security-wise. The Hybrid system short-circuits this to an extent, taking the best aspects of multiple threat models and coordinating a viable harmony between them. A threat that is constantly shifting mandates a defense that does the same.