To be clear, I don’t want you to raze the Amazon Rainforest here. What I am referring to for this blog post is another visualization technique. Where as DFDs focused on understanding the flow of information through your systems, Attack Trees are another graphical representation to uncover how an attacker might exploit weaknesses in a system to achieve specific malicious objectives.
Category: Security Concepts (Page 7 of 8)
We’ve talked about Microsoft’s view of threat modeling, but this next one might appeal to folks with a background in software that doesn’t crash – sorry, I jest, i jest! (or do I?) Well in this useful method, we’re all about understanding the flow of data across our systems. We’re talking Data Flow Diagrams (DFDs) used in software engineering and systems analysis.
Continue readingAs you can see in the previous post, the “know yourself” side of the Threat Modeling process is extensive and covers all but one of the steps. While some may be tempted to deal only in knowing the adversary, you must grasp on your organization’s own policies, capabilities, and design to model most effectively. These efforts also feed related activities, such as project planning and roadmap development, business strategy, risk management, and procurement & staffing. Several externally focused frameworks and methodologies map adversary behaviors and their impacts to the environment and should be selected to compliment the skills and capabilities of your organization. Each offers different areas of focus, fidelity, and processes that can be adapted to your organization’s needs.
Continue readingAs Sun Tzu might advise, “If know the enemy and know yourself, you need not fear the result of a hundred battles.” Let’s focus on “knowing yourself” first. We introduced this as an important step to Threat Hunting in a prior post. All organizations should start by identifying and scoping the environment’s key assets, data types, and security controls (both technical and process related). What are you trying to protect? Why are they important? Who needs or uses those things? Threat Modeling is the proactive process that helps you understand and address security risks before they can be exploited by attackers. This requires an understanding of both the environment to be protected and the way threats might overcome those defenses.
Continue readingAll of us encounter the use (and misuse) of terms like threat hunting, threat modeling, threat intelligence, and threat picture.
- Threat hunting is about leveraging knowledge of adversaries and the target system to proactively identify (and hopefully eradicate) threats before damage is incurred.
- Threat Modeling is a structured approach used to identify, assess, and mitigate potential threats and vulnerabilities in a system, application, or environment – outlining the hypothetical ways that a threat might attack us.
- Threat Intelligence (often called Cyber Threat Intelligence or CTI) characterizes the potential adversaries or troublesome events that might exploit those weaknesses, the organization’s most likely adversaries, attack vectors, and dependencies must be evaluated against that context.
- The likely adversaries portion of threat modeling is often called the Threat Picture – an externally-focused view of the most likely attacks your organization will face.