In this article you will learn how you can use threat modeling for your risk management and thus prevent the loss or leak of internal data. We look at 3 different perspectives and explain what advantages they offer you. You will also learn how penetration testing and red teaming are related to threat modeling.
Threat modeling is a part of risk management. This process is never complete but must be repeated continuously. The goal is to identify potential and real vulnerabilities, attack vectors and gaps in defense.
Based on the results, companies and organizations can take appropriate countermeasures to prevent the identified attack vectors from being exploited. Threat modeling therefore also plays an important role in topics such as data loss prevention and data leakage prevention.
Threat modeling is basically about identifying possible vulnerabilities when protecting a network. There are three different perspectives from which this identification can be made:
When considering an attacker, ask yourself the following questions: What ways could he find to obtain company data or company devices? How could it spread in the network (lateral movement)? Could he do all of this unnoticed? What might his next steps look like?
Such a scenario depends as much on the attacker's capabilities and objectives as on the location from which he attacks (external, Internet, internal, or a neighboring network). These parameters are tested in all variants in comprehensive threat modeling from the attacker's perspective.
This variant comes closest to reality in many respects. For example, she comes at penetration testing and Red Teaming for use.
Another perspective is that of the administrator or IT consultant. If you find yourself in this position, you have extensive knowledge of your own infrastructure: You know which devices are in your company. You know your database server, your routers and switches, the mail and file servers. You know who needs access to what, what devices make up the network (or subnets) and how they are connected to each other. You also know which data is located where.
In this form of threat modeling, you focus on the individual elements of your infrastructure one at a time. You check which vulnerabilities affect them individually. After identifying them, you implement appropriate countermeasures and protective measures.
The third view of threat modeling focuses on a company's assets. This includes critical information, data as well as machines and their location. Based on this, the profile of a possible attacker is developed. You ask yourself what his motivation could be, how valuable these assets would be to him and how much effort he would have to put in to get these assets. This is also threat modeling from the attacker's perspective, but with a particular focus on the assets to be attacked.
It makes sense for companies not to just choose a threat modeling approach. Ideally, you use all three perspectives to get the most comprehensive picture of your security. In reality, the harder you make it for attackers to reach their target, the more likely they are to look for other, easier targets.
It's not just important to be able to fend off a real attack. In the first step, it is crucial that you can recognize attacks at all. No matter how resilient an IT infrastructure may seem, you can never rule out the possibility of compromise with absolute certainty. It is always better to find IoAs (Indicator of Attacks) than IoCs (Indicator of Compromise).