Threat Modeling

Threat Modeling

or Whiteboard Hacking

Threat Modeling

Threat Modeling is the best way to expose and analyze risk in system designs.

Coming from the field of application security, it has become a widely used way of analyzing any IT or OT system for weaknesses.  In fact, Threat Modeling has become ‘a must’ in compliance heavy industries such as Automotive and Medical Device Manufacturing (MDM). The Federal Drug Administration (FDA) requires MDMs to threat model during the design phase of new systems or they are just not allowed to go to market!

We also call Threat Modeling ‘White Board Hacking’ because it brings system owners, architects, designers and developers around the table. It engages them in a structured way to take a deep look at the structure of the IT system and use scenarios and risk pattern to find stress points and vulnerabilities.

Threat modeling is the way to avoid risks in your systems upfront. Without threat modeling your protection is a shot in the dark and you will only know your vulnerabilities once someone exploits them.

Learn how we Threat Model at our clients:

Why Threat Model?

Threat modeling doesn’t take the need for penetration testing away. Rather, it guides penetration testing efforts and makes sure some vulnerabilities don’t appear at all.

Threat Modeling allows to talk about risk in a structured and guided way, using ‘risk patterns’ that are relevant to the system (such as privacy, industrial security, safety).

Some of the benefits of Threat Modeling are:

  • TM brings business and IT to the table in a focused discussion.
  • It allows for a high level security risk assessment methodology and risk matrix to be directly applied to a design, bridging the gap between
    security governance and design.
  • It creates a living piece of security documentation that can evolve with the system. When the system is changed, the Threat Model is updated to reflect a new reality.
  • It clearly shows how complex systems are linked and dependent on external systems, which may be a weakness.
  • A Threat Model enhances the value of penetration testing, by highlighting areas of interest, where penetration tests should be focused.

Why Toreon

Very simple. Toreon has been at the forefront of Threat Modeling internationally, having trained hundreds of professionals in our Threat Modeling training. Our experts in application, IT system and OT architecture have Threat Modeled countless systems, including:

  • SaaS software
  • Critical business applications
  • OT environments such as smart energy networks, wind turbines and all kinds
  • Process industry systems
  • Nuclear environments
  • Privacy sensitive systems

Our expertise combined with our clients’ intimate knowledge of their systems, together have created safer and more secure systems worldwide.

Need help Threat Modeling your system or application?

Leave your contact details and an expert will be in touch.

Learn more about Threat Modeling

Threat Modeling vs. Pentesting
This article explains the difference between Threat Modeling and Penetration Testing. It is the third article in a series about…
TMI newsletter 14 – Threat Modeling Redefined: The Self-Serve Threat Model

Check out our guest article by Jeevan Saini and a Toreon blog post covering 7 key learning principles to create…

9 benefits of Threat Modeling
This post - 9 benefits of Threat Modeling - is the second in a series to educate those who are…
© 2020 door Toreon | Algemene voorwaarden | Cookie policy

Start typing and press Enter to search

Shopping Cart
Copy link
Powered by Social Snap