Threat modelling goes real time
Advances in threat modelling mean that it is now feasible to not only model an IT system such that attack paths through it can be analysed, but to also automate updates to the model as the IT system changes. For IT security managers, it means that they can see the security implications of design decisions or implementation changes as they are made and before they can be exploited. Whilst real time vulnerability analysis has been feasible for a long time, attack path analysis goes a step further. It analyses whether vulnerabilities at the device level combine to create significant attack paths at the system level. The analysis indicates what capabilities an attacker will need to compromise the system.
This capability was recently used by an innovative financial institution whose business model required very agile, but secure deployment of IT infrastructure. It gained the agility through a global cloud service provider but needed assurance that its chosen configuration of the Infrastructure as a Service was secure from Internet based threats. The database defining the infrastructure configuration was imported into foreseeti’s threat modelling tool, securiCAD. This can automatically create a threat model from the input database, identify all possible attack paths through the model and give a probabilistic estimate of the time for a skilled attacker to compromise the system. As changes were made to the infrastructure configuration database, these were fed into securiCAD on an hourly basis, giving a near real time update to the critical attack path.
The approach builds upon research by Sweden’s Royal Institute of Technology.
To download a free evaluation version of securiCAD, please visit try.securicad.com. When asked for a PIN, enter cynewsMar17. The associated software licence will be valid until end March 2017.