Hybrid Threat Modeling: Bridging Manual and Automated Approaches
In recent years, the rise of regulations like GDPR, FedRamp, NIST, and many more has driven significant attention toward Secure by Design and Privacy by Design principles. However, this growing focus on security doesn’t stop there. As companies increasingly adopt hybrid and remote work models in the post-pandemic world, the way we approach proactive security with threat modeling is also evolving.
Enhancing Collaboration in Hybrid Environments
Traditionally, threat modeling exercises could mean people getting into a physical room to discuss what they were working on. Nowadays, this isn’t always possible. One effective solution has been the use of digital collaboration tools like Miro boards, Confluence and similar software which encourages live-collaboration and contributions. They allow teams to engage in remote or hybrid threat modeling sessions too.
Tools like these make it easy for teams to work together in real time, even when physically apart. Facilitators can guide the threat modeling process by sharing screens via Zoom or another video conferencing platform, allowing participants to contribute and update the model dynamically.
Elevating Security with Gamification
Gamification can take security - threat modeling specifically - a step further, especially for groups discussing potential threats and weaknesses, and how to mitigate them. Activities like the Elevation of Privilege Card Game from Adam Shostack, are great for increasing security knowledge in an accessible way.
In a recent webinar with author, Brett Crawley, he shared how he used a Miro Board, the Elevation of Privilege Card Game, (and his recent book which supports the game) to play Elevation of Privilege remotely instead of in the traditional way. This is how it worked:
Structured Play Areas: The board is divided into various sections, each corresponding to a suit from the elevation of privilege game. Within these sections, digital "cards" list threats specific to the given area.
Color-coded Stickies: Pink stickies represent potential threats, orange stickies are suggested mitigations, and green stickies indicate mitigations already implemented. This visual setup helps teams track threats and identify areas that require further attention.
Think Threats First: When conducting threat modeling, it's important to focus on threats before jumping to mitigations. This ensures a comprehensive view of potential risks, allowing for more effective security measures to be considered later.
Integrating Tools and Manual Efforts
While remote collaboration tools offer significant advantages, many organizations are also adopting a hybrid threat modeling approach that blends manual techniques with automation. This hybrid model ensures that teams can leverage the best of both worlds.
For example, tools like IriusRisk provide automated threat modeling capabilities by identifying threats related to an application architecture. These tools can rapidly detect common weaknesses, offering a helpful starting point for security teams. However, automated tools can only be successful if a process is in place for teams to follow. If there is no threat modeling program in place the threat modeling tool will not give the maximum success.
This is where manual threat modeling becomes invaluable. Teams can build upon the automated findings, adding custom threats and mitigations relevant to their proprietary systems and unique context. Over time, this process allows organizations to create a robust library of threats and mitigations tailored to their unique environments. Until they reach the point where they are ready to augment further with an automated tool.
Conclusion: The Future of Hybrid Threat Modeling
Combining manual threat modeling with automated tools and fostering collaboration through digital platforms enhances the overall effectiveness of threat modeling sessions. By approaching the task from multiple angles, organizations can ensure a more comprehensive analysis of potential risks.
The future of threat modeling lies in hybrid approaches that incorporate both manual and automated techniques. By leveraging tools that address both easily detectable issues and complex threats unique to their system or architecture, teams can address threats across both standard and proprietary components. Whether remote or hybrid, organizations can remain agile and secure, ensuring that they’re well-prepared to meet the evolving demands of their cybersecurity strategy.
Hybrid threat modeling isn’t just a trend—it’s a new way forward for teams striving to stay secure in a remote-first world.
We leave you here a part of a webinar where we addressed this topic in case you want to continue informing yourselves.