With the increased cloud activity, scaling threat modeling is the need of the hour and experts recommend companies to not begin with a whiteboard meeting
While some traditional approaches to threat modeling can be effective, they might not scale well in the current threat scenario. With the increased cloud activity, an organization is neck-deep in vulnerabilities with little time to address them all. Even some of the high priority threats are left exposed. Experts strongly recommend a new approach to threat modeling. Otherwise, companies risk dismantling their entire cybersecurity defense.
It is highly possible that organizations are far from realizing that their threat modeling is insufficient. Experts reckon that they need to reverse its development and look at security from a different perspective. A full system re-assessment that involves network and digital resources to identify the context of vulnerabilities is a good way to go. The upgraded security plans should cover protection, response, and recovery.
Security teams updating the threat modeling system play the most critical role. While some teams consist only of security executives and architects, some involve stakeholders, help desk personnel, administrators, and application owners. Such teams need to follow well-defined frameworks.
Experts urge organizations to do away with the whiteboard approach. According to them, if a process begins with a blank slate and time is spent drawing the existing architecture on the whiteboard and trying to think like hackers, the organization can fall further behind schedule. If the goal is to scale threat modeling across applications as quickly as possible, they cannot afford to start from square one. A large organization has hundreds of systems, and new threat vectors are constantly emerging with the increased growth of IoT as well.
The emerging trend within enterprises is to start the threat modeling process from the other end. Instead of brainstorming about the identification of potential threats, organizations should scan their existing systems and incorporate data about possible threats.
It is widely believed that the digital transformation has allowed systems to expose data and identify components that could introduce business vulnerabilities. With advanced tools and solutions to analyze data, security leaders can develop various models to highlight organizational weaknesses.
An added advantage would be to automate the process and perform threat modeling on all the systems across the organization, simultaneously. Additionally, the analysis can be done on a real-time basis to monitor the organization’s security system, continuously. Experts reckon that by matching the technological assets that emerged from system scans to an existing database of all the known component vulnerabilities, every CEO can keep a track of their organization’s security posture. The insights can be exposed to the full range of threats that an organization believes are their greatest risk factors.
Only after the vulnerabilities are discovered, should they be taken to the whiteboard room for a discussion on how best to tackle them. It is proposed to be the most efficient and effective method of threat modeling. While the threat modeling strategy has not lost its value, an upgrade on its utilization is required to fit into the new digital and cloud environment.
For more such updates follow us on Google News ITsecuritywire News.