Growing Cybercrime Sophistication Inspires New Security Strategies

Cybercrime, Threat Modeling, Attack Simulation, Coalfire
Growing Cybercrime Sophistication Inspires New Security Strategies ITSW

Coalfire, a provider of cybersecurity advisory and assessment services, introduced its proprietary Threat Modeling and Attack Simulation (TMAS) methodology designed to help organizations validate their own security effectiveness, guide contingency strategies, and justify overall security operations.

IT Security- 97% of Enterprises Have Suspicious Activity in Network Traffic

“The threat landscape is becoming more sophisticated, and security professionals have to look beyond the expected,” said Mike Weber, Vice President, Coalfire Labs. “With our new TMAS approach, Coalfire brings our clients a unique methodology to plan for the unexpected, optimize security systems and workflows, and to establish a baseline command of security operations toolsets.”

The Coalfire TMAS engagement incorporates the use of purple team simulations to represent both attacker and defender postures, customized according to each client’s priorities. In addition, the Coalfire Labs TMAS team identifies low-priority, overlooked, and unexpected threat vectors with the following approach:

  • Evaluate the risk management strategy to determine how the organization has prioritized security investments
  • Identify threat actors and threat vectors that could leave the organization vulnerable based on the prioritization of risks
  • Develop attack simulations based on the application of the MITRE ATT&CK framework and the organization’s threat model
  • Execute attacks, identify security program strengths and weaknesses, and use these to enhance the threat model and inform future attack simulations

An example set of attack scenario categories derived from threat modeling includes:

  • Insider threat access to sensitive data
  • Compromised customer account used to attack application interfaces
  • Supply chain/software dependency compromise
  • “Malware-infected” workstations controlled by an attack on the internal network
  • Spear-phishing attacks, targeting high-profile individuals
  • Physical attacks to breach the perimeter and gain access to the network

Remote Working: How can IT leaders Ensure Productivity for the Team

“Our testers can carry out any attack vector against any organization by physical access, social engineering, technical attacks, or non-traditional IoT solutions,” said Weber. “Coalfire’s TMAS engagements are designed to build a threat model unique to each business, and to complement additional initiatives such as vulnerability assessments and defensive diagnostics.”