Security Persona and Cyber Threat Landscape, Two Important Elements for Threat Modelling

Application security has evolved over these few years as the software architecture changes. The main goal of application security rests on mitigating vulnerabilities and threats. In the current industrial age, the Software Development Life Cycle is faster, more concurrent, and repetitive and combines more shared efforts of teams spread over different global domains than it required years ago.

Unlike the long-cultivated monolithic pattern of software architectural composition, the growth in usage of microservices, complex system networking, API calls, etc has increased the attack surface of our applications.

Because applications and services rely so heavily on this distributed infrastructure, the potential threats have grown consequently.

`Threats and Threat Modelling`

Threats are vulnerabilities that leave the things we hold at a value to risk. These things of value could be our data, information, equipment, physical spaces, software/hardware etc.

Threat modelling employs various techniques to understand our systems as they are designed, and built and identify common threats that can affect the confidentiality, integrity and availability of the components within our systems or the other components within our organization.

Threat modelling is not a chase that could squarely secure our systems. Rather, it gives a clearer picture of our system’s makeup, and how it can be exploited by other systems, technologies or people.

As a security practice, threat modelling suggests simplified architectural designs and also gives a complete understanding of the security risks and impacts of every decision or scope built into our systems.

This practice sits as a shared role for all - developers, testers, security engineers, stakeholders, operation etc. Hence security is a collective responsibility rather than just a role for one person. Threat modelling aligns with DevSecOps principles of shifting security left - designing, planning and embedding security at every stage in the software development life cycle rather than the late-hour mitigating of security bugs, loopholes and misconfigurations that are implemented at the end.

When carrying out threat modelling, we have to fully understand our system design, our software development processes, the artefacts used in building our software, third-party libraries we use in our software, how our systems process data, the threat actors that could carry out mischievous exploits on our systems, their security persona, the risks we are exposed to, what the impact could be if successful exploited, and the general threat landscape of the time.

Techniques like Attack trees or Microsoft STRIDE can help us analyze our attack surface and give us meaningful heads-ups to prioritize security and address what is most urgent.

`Cyber Threat Landscape`

The cyber threat landscape comprises known and potential threats that impact the adoption of technology, users, and groups of people spread across geography and industries within a specific time. The emergence of new vulnerabilities and threats widens or shifts the threat landscape accordingly. The threat landscape is broad since it goes beyond conventional threats like malware, social engineering, and SQLi to cover a given period, change in trends, a wide range of individuals or users within a geography, an economy and industries, etc.

The cyber threat landscape also surrounds information available to attackers, technologies, processes and tools they employ, the security maturity of individuals and organizations, and industrial sectors operating within an environment.

As every other thing changes with time, so does the threat landscape. Checking from the time of global lockdown during the COVID-19 pandemic which shifted work culture to working from home. The threat landscape changed accordingly with attackers aiming at remote access tools which have gained popular adoption since that time coupled with some other factors which are not limited to:

Complexity in software architectures with added features.
Growth in the adoption of IoT devices
API and cloud service adoptions
Use of microservices and containers for software development
Sophisticated attack tools and techniques
Supply chain activities and third-party partnerships
Rise of e-commerce and reliance on digital products
Attackers network that promotes the exchange of cyber exploitation service and attack motivation (Dark web)

Analyzing the current threat landscape when conducting threat modelling throws much light on possible security challenges of the time and how they affect industries, threat actors and their security persona, tools and technology that are being used for exploit and workable approaches to striking a sound preventive mechanism against possible attacks.

When analyzing the threat landscape for threat modelling, the following factors should be considered.

The current cyber threat landscape - This should look into work culture as it is with the effects of the COVID-19 Pandemic, Bring Your Own Device (BYOD), etc. Global economic, social and political conditions such as the adoption of Bitcoins, war, cyber espionage, economic boom or depression, etc. New business models such as Third-party vendors, supply chain activities, dynamic organization culture, policies, etc.
Know different types of Vulnerabilities, like outdated patches, and bugs, within your application and how they can be exploited using renowned tools such as web-based attacks, malware, Advanced Persistent Threats (APTs), social engineering tricks, Ransomware attacks, zero-day vulnerabilities, human error, etc.
Perform a risk assessment to understand the impact of any successful attack on the application and proffer preventive measures of vulnerability management.

When to Perform Threat Modelling

Threat modelling as a detailed examination of the design and overall architecture of our systems is a security practice that touches other aspects of software, system and infrastructure.

Below are four key stages where we can perform threat modelling.

Design phase – before the actual build of our application or system. Threat modelling should be carried out to ensure we are building it the right way.
A major change in the system – whenever there's a major change in our systems, the technology, functionality, or the preference from end-users of the software we develop, threat modelling will examine the possibility of an attack on the new change for quick mitigation.
A major change in work teams – when there are new people, new organizational structures or approaches.
Changes in business operation, practice and context such as mergers, third-party, partnerships and changes in market analysis and economy.

Benefits of Threat Modelling

Threat modelling helps to identify the security requirements of a system or process at the earliest possible.
It aims to identify potential threats and vulnerabilities to reduce the risk to IT resources.
It adds another mechanism for understanding and validating usage patterns and requirements.
It can identify complexity or security challenges in advance and can be used to provide scoping and time estimates.
Threat modelling encourages simplicity and an easy to understanding of patterns and designs.
It keeps IT professionals conscious and aware of risks and their management

Threat Actors and Security Personas

Threat actors are individuals or groups both internal or external with the intent or action to breach security and cause damage to people or organizations in cyberspace.