What is threat modeling?

Threat modeling is an activity most of us incorporate in our daily life without realizing. For instance, a commuter might wonder what his action would be if his train is delayed, which leads to him missing his flight. Threat modeling is a process that helps us identify potential threats and analyze their risks and mitigation strategies. At its core threat modeling answers four key questions:

  • Where am I most vulnerable to attack?
  • What are the most relevant threats?
  • What should I do to safeguard against these threats?

Threat modeling prioritizes a journey of understanding security over a fixed snapshot (such as pen testing).

Why threat modeling?

100% security doesn’t exist. Security is difficult if not impossible to objectively quantify as opposed to e.g., code coverage in testing. Hence, as a manager, as a customer, and even as a software engineer the question of how much investment in security is enough is challenging. Threat modeling provides a list of the most essential concerns and an approximation of the cost for fixing them.

How does it work?

Threat modeling is a collaborative process and most of its flow is done together with your development team and other stakeholders. Together we will have a number of time-boxed brainstorming sessions during which our consultants will create a model of your system. Based on this model we will start eliciting threats, assess their risk level and look into possible mitigation strategies. We will highlight the existing security best practices and plan the subsequent improvements to your organization’s security posture.

What do you get?

The result of the threat modeling is a helicopter view of the security state-of-the-practice in the context of your software system. We will provide a comprehensive report of the threat modeling process including the list of threats, their likelihood, impact, risk, and mitigation strategy. However, the focus of the threat modeling activity is a set of short and long-term actionable security improvements.

As opposed to pen testing that provides a largely loose snapshot of your security posture, threat modeling is a first step in helping your organization introduce a culture of finding and fixing threats in a more autonomous manner.