Choosing the Right Threat Modeling Methodology

With the proliferation of new threats in an ever-growing networked environment the threat modeling concept has evolved from a theory into an industry-leading information security practice.

Organizations use threat modeling to in bringing together testers, developers as well as security engineers and business owners to better understand the threats and risks associated with their information, organizations and user communities, in order to incorporate security into the very beginning of the lifecycle of software development.

As methods for modeling threats change in response to increased applications and use from security experts, they are realizing that selecting the right method for your company can lead to more widespread adoption and greater outcomes.

Whatever method you employ an attack model will attempt to answer four questions:

What is it that we are building?
What is the most likely cause of a problem?
How do we react to something that isn’t working?
Do we have a decent enough job?

Let’s look at the different methods and evaluate their advantages and disadvantages.

STRIDE

STRIDE Microsoft’s threat modeling technique is the longest-running known, most documented and well-tested method. It was designed to ensure that developers of Microsoft software are thinking about security when they design their software. Therefore, STRIDE is a highly development-focused program.

The acronym STRIDE stands for Spoofing, Tampering Repudiation, Information Disclosure and Denial of Service and the elevation of Privilege It attempts to translate security principles from the CIA triad to the architecture and data flow diagrams. After a team creates an data-flow diagram, engineers examine the app with it against the STRIDE classification scheme. The results show risks and risks , and are drawn directly from design diagrams in the process of development.

PASTA

The Process for Attack Simulation and Threat Analysis, also known as PASTA threat modeling is a seven-step method of Risk analysis which is focused on attackers. The purpose of this approach is to align the business goals with the technical requirements, while incorporating the impact of business on the requirements for compliance.

The approach is focused on assets to assess the risk in relation to its impact on the business. PASTA threat modeling is best for companies that want to connect threat modeling to the strategic goals because it integrates an analysis that analyzes the impact on business.

Trike

Trike is a risk-based compliance modeling procedure that focuses on meeting the requirements of security auditing. Trike concentrates on a requirement model that assigns acceptable levels risk to every asset.

Once the system is in place Once the system is in place, the team develops diagrams of data flow and then threats are listed with the appropriate risk levels. Users then design mitigation measures and prioritize the threats. Since the team has to be aware of the entire system, it is difficult applying this approach to massive systems.

VAST

The Visual agile, agile and simple Threat modeling approach extends the process of threat modeling across the entire infrastructure for the entire lifecycle of software development which is integrated with agile and DevOps methods. VAST is focused on enterprise and provides practical outputs to meet the diverse requirements of each stakeholder.

Because the security concerns of developers differ from those of the infrastructure team’s, VAST permits teams to develop either process flow diagrams that outline the application and operational threat models that show the data flow.

Pick the one that’s Right for You

Selecting the best approach is a matter of determining the most effective method to your SDLC maturation and making sure that your method will produce the outputs you want. Although all threat modeling methods are capable of identifying possible threats, their quality as well as the quantity and reliability can differ.