Being a better Threat Modeler

May 10, 2020 — Leave a comment

Welcome again to the Simone on Security blog. This new article follows a long series dedicated to Quality for Threat Models, and then to the description of how we could evolve the practice with something called Threat Modeling vNext.

We have seen that quality, in particular, is an important issue. All too frequently, Threat Models represent only a missed opportunity because the due care is not applied.

Sometimes the problem is related to the need to provide guidance. Of course, expert Threat Modelers are rare, which means that we need to focus on what is required to help the rest of us to make better Threat Models. The most typical approach to address this issue is to provide some expert system which would identify a list of problems, from a diagram.

Unfortunately, this does not work.

There are various reasons why, including:

  • The expert system focuses only on a limited portion of the system at a time. As a result, the analysis misses most potential attacks, because they would be a result of the combination of multiple issues located in different places.
  • The expert system generates a lot of findings, forcing the Threat Modeler to analyze them one by one diligently, which tends to become a tedious job pretty fast.
  • The rules used by the expert system to generate the various findings are based on best practices that rarely apply to the specific scenario. As a result, the findings are less relevant than they should.

Still, Expert Systems provide an undeniable value for beginners and other categories requiring more guidance, but their effectiveness in improving the quality of Threat Models produced is limited at best.

We need something more, and that something must be about improving the number of experts able to create high-quality Threat Models. For this reason, I’ve decided to start a mini-series of five articles, the first one of them being the current one.

There are three primary skills to be acquired, to be proficient doing high-quality Threat Models:

  • Good knowledge of common security risks and mitigations
  • The ability to recognize threats to both the Infrastructure and Applications, and a good understanding of the various approaches to mitigate them by applying the best of both worlds (in other words, the application of a holistic approach)
  • A critical mindset, never assuming

The next three articles will discuss each one of those skills, will provide examples and references that will hopefully allow you to understand better how to apply them. Finally, the last article will sum it up and will provide some additional considerations.

For now, stay safe and happy Threat Modeling!

No Comments

Be the first to start the conversation!

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.