Threat Modeling

Threat Modeling

or Whiteboard Hacking

Threat Modeling

Threat Modeling is the best way to expose and analyze risk in system designs.

Coming from the expert field of application security, it has become a widely used way of analyzing any IT or OT system for weaknesses.  In fact, Threat Modeling has become a must in compliance heavy industries such as Automotive and Medical Device Manufacturing (MDM). The Federal Drug Administration (FDA) requires MDMs to threat model during the design phase of new systems or they are just not allowed to go to market!

We also call Threat Modeling ‘White Board Hacking’ because it brings system owners, architects, designers and developers around the table. It engages them in a structured way to take a deep look at the structure of the IT system and use scenarios and risk pattern to find stress points and vulnerabilities.

Threat modeling is the way to avoid risks in your systems upfront. Without threat modeling your protection is a shot in the dark and you will only know your vulnerabilities once someone exploits them.

Why Threat Model?

Threat modeling doesn’t take the need for pentesting away. Rather, it guides pentesting efforts and makes sure some vulnerabilities don’t appear at all.

Threat Modeling allows to talk about risk in a structured and guided way, using ‘risk patterns’ that are relevant to the system (such as Privacy, industrial security, safety).

Some of the benefits of Threat Modeling are:

  • TM brings business and IT to the table in a focused discussion.
  • It allows for a high level security risk assessment methodology and risk matrix to be directly applied to a design, bridging the gap between
    security governance and design.
  • It creates a living piece of security documentation that can evolve with the system. When the system is changed, the Threat Model is updated to reflect a new reality.
  • It clearly shows how complex systems are linked and dependent on external systems, which may be a weakness.
  • A Threat Model enhances the value of penetration testing, by highlighting areas of interest, where penetration tests should be focused.

Why Toreon

Very simple. Toreon has been at the forefront of Threat Modeling internationally, having trained hundreds of professionals in our Threat Modeling training. Our experts in application, IT system and OT architecture have Threat Modeled countless systems, including:

  • SaaS software
  • Critical business applications
  • OT environments such as smart networks, windmills and all kinds of process industry
  • Nuclear environments
  • Privacy sensitive systems

Our expertise combined with our clients’ intimate knowledge of their systems, together have created safer and more secure systems worldwide.

Need help Threat Modeling your system or application?

Leave your contact details and an expert will be in touch.

TM done right

Stop shooting in the dark

Threat modeling – also called Architectural Risk Analysis – is an essential step in the development of your application. Without it, your protection is a shot in the dark.  Download our whitepaper and discover how to do threat modeling right.

Learn more about Threat Modeling

What is Threat Modeling?

This post – What is Threat Modeling? – is the first in a series to educate those who are interested…

TMI newsletter 13 – Threat modeling: what are we modeling, exactly?

Check out our guest article by Koen Yskout and a Toreon blog post covering 7 key learning principles to create…

TMI newsletter 12 – Keys to successful privacy threat modeling

Discover a guest article by Kim Wuyts covering “Keys to successful privacy threat modeling” and an update on our Threat…

© 2020 door Toreon | Algemene voorwaarden | Cookie policy

Start typing and press Enter to search

Shopping Cart
Copy link
Powered by Social Snap