Threat Modeling Recipe for a State-of-the-Art SOC

7 Steps to Successful Threat Modeling


Today, every security expert agrees that we are in the middle of a cyber warfare walking right across a mine field waits for a single wrong move for mass destruction. The enemy holds a wide arsenal of most modern and destructive weapons. The only difference between a real-world warfare and Cyber warfare is that in Cyber the enemy and the weapons are mostly UNKNOWN.

Organizations spend most of their money and resources on security, sometimes more than actual operations. Because they understand that the unauthorized revealing of a single bit of code could possibly put an end to their business. However, none is immune to cyber-attacks. Security professionals within the organization would equip their defense with all the tools they can accommodate assuming to deter any attacker. This is like a wild fire. Along with the new tools they bring new vulnerabilities to the Network infrastructure. Above all, attackers are so patient to wait for the right chance to get access to your data as they know it values a lot. Even the smallest negligence in security infrastructure could be an invitation to the attacker.

One possible way to increase the immunity and shield the business from this war is to sometime wear the hat of an attacker and attack your own organization without any mercy in all possible ways. Now sit back, review how could you compromise such a strong security, find the gaps and fill it. In simple terms, perform Threat Modeling.

HAWKEYE Sample Correlation Rule Plan for Site to Site VPN Security Zone


What is threat modeling:

Threat modeling is the process of identifying potential threats and risks from internal or external actors for an infrastructure, evaluating the existing counter measures and gaps, develop a strategy in action to fill the gaps and respond to the threats.

A Successful Threat Modeling should involve the following steps:

1) Understand the Organization and Line of Business
2) Physical and Logical Security Architecture Review
3) Define Assets
4) Identify the Vulnerabilities, Threats, and Risks
5) Review the Countermeasures and Gap Analysis
6) Integrate your Security state to SOC
7) Monitor-Tune-Mature

To read more about each step in detail, please click here.