Threat modeling is a process by which potential threats, such as structural vulnerabilities can be identified, enumerated, and prioritized – all from a hypothetical attacker’s point of view. The purpose of threat modeling is to provide defenders with a systematic analysis of the probable attacker’s profile, the most likely attack vectors, and the assets most desired by an attacker. Threat modeling answers the questions “Where are the high-value assets?” “Where am I most vulnerable to attack?” “What are the most relevant threats?” “Is there an attack vector that might go unnoticed?”
Conceptually, most people incorporate some form of threat modeling in their daily life and don’t even realize it. Commuters use threat modeling to consider what might go wrong during the morning drive to work and to take preemptive action to avoid possible accidents. Children engage in threat modeling when determining the best path toward an intended goal while avoiding the playground bully.
Our adroit threat modeling exercise puts your systems to the ultimate test of what is possible when a motivated adversary targets your organization.
Six myths of threat modeling
"We already do pen-tests with tools AND people … we don't need to do threat modeling.
"The system is already built and deployed … there's no reason to do threat modeling."
"We did a threat model when the system was built … we don't need to do it again." "Threat modeling is too complicated."
"We don't have software security experts, so we can't do threat modeling."
"I'm doing threat modeling at all the right times ... there's no reason to do pen tests or code reviews or anymore."