How to choose the right threat modeling methodology for your organization
Organizations are increasingly aware of the pressing need to bring threat modeling into their cyber security operations. In doing so, businesses can identify, understand and manage the threats they face, protecting them from an ever-expanding threat landscape.
However, while organizations are conscious of the need to threat model, it can be daunting to know where to begin. This is in part due to the range of threat modeling methodologies that companies can make use of, as each is a unique approach and provides varied benefits. Among these, the most common are STRIDE, OCTAVE, TRIKE AND PASTA. In this blog, we will unpack these methodologies and how to assess which is right for your organisation.
1 - STRIDE
STRIDE (Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service and Elevation of Privilege) is a popular methodology, originally developed by Microsoft. STRIDE is designed to focus on the identification of specific types of threats and vulnerabilities. The advantage of STRIDE is that it allows organisations to analyze systems and networks, classifying threats in a prioritized list, based on the likelihood of them occurring and the scale of their potential impact. For example, a healthcare organization using STRIDE might consider the confidentiality of patient information as a top security priority, at risk of disclosure of sensitive data or unauthorized access. By elevating these threats as potentially highly consequential, the organization can develop and implement countermeasures that will be effective in preventing this from occurring. This methodology is particularly useful for companies that have a clear understanding of the threats and vulnerabilities it faces.
2 - OCTAVE
OCTAVE (Operationally Critical Threat, Asset and Vulnerabilities Evaluation), developed by the Carnegie Mellon Software Engineering Institute, is a risk-based methodology. This methodology focuses more on organizational risks than technological risks, for example, a company could experience a data breach and this would have an impact on a company’s operational capabilities. OCTAVE employs a self directed approach, and thus employees are responsible for setting the overall security strategy - typically Management and Operations rather than Technical teams. This can make this difficult to scale and as such this methodology is aimed at small to medium sized organisations. OCTAVE benefits organizations in that it helps with the identification of mitigation techniques and increases risk management, awareness and cross team collaboration. As such, it reduces the need for excessive documentation and is highly customizable, giving security teams a reliable asset-centric view of their operations and consistent and repeatable results.
3 - TRIKE
TRIKE, unlike the previous two methodologies, is an open source threat modeling process designed to tackle the security auditing process from a risk management and defence perspective. The TRIKE approach is risk-based, assigning a level of risk for each asset and guaranteeing this is acceptable to its stakeholders. The purpose of this methodology is to ensure that the risk attributed to each asset is acceptable to all stakeholders. It also serves a purpose in being able to communicate its effects with stakeholders, as well as empower them to understand and reduce risks to their organization. This benefits users by enabling coordination and collaboration, through its built in prioritization of threat mitigation and automated components. In addition, by using Data Flow Diagrams, illustrations are created for the flow of data, and the user is therefore able to perform actions within a system. TRIKE allows users to enumerate and assign a risk value, as well as create security controls or preventative measures to address threats. Due to this methodology requiring the team to understand the entire system, organizations can face difficulties when applying this process to large-scale systems.
4 - PASTA
The Process of Attack Simulation and Threat Analysis (PASTA) was created by VerSprite CEO Tony UcedaVélez and security leader Marco M. Morana. This risk-centric methodology uses a seven step process for risk analysis: define objectives, define technical scope, application decomposition, threat analysis, vulnerability and weakness analysis, attack modeling and risk and impact analysis. PASTA aims to bring together the objectives of an organization, but also its technical requirements. As such this method creates cross-team collaboration, involving both technical teams and key decision makers. This means that with PASTA both compliance and regulatory needs are met, as well as the technical scope and potential vulnerabilities. In addition, PASTA is scalable (both up and down) as required which makes this the ideal methodology for growing businesses - indeed, most other threat modeling frameworks can map to it. Among the other benefits of PASTA is the fact it allows for a contextual approach, in which technical actions can always be tied back to business objectives. With a focus on the probability of attack, likelihood, inherent risk and impact of compromise, PASTA provides evidence-based threat modeling to support threat motives and leverage data.
5 - Finding the right methodology
Finding the right threat modeling methodology requires a thorough assessment of an organization's needs. This can range from the size of business, the type of business and the potential risks it faces, as well as who within the organization will need to understand and operate it. By following these steps and implementing the right methodology, whether it be STRIDE, OCTAVE, PASTA or TRIKE, companies can continue with normal business operations, feeling confident that their assets are secure.
If you’re interested in understanding what threat modeling methodology will work best for your organisation, get in touch with the IriusRisk team here: https://www.iriusrisk.com/contact.
Bringing you the latest on all things threat modeling and architectural security.