Threat Modeling? Focus on Detection!

Threat modeling means you will view your network with a subjective eye and find the most likely attack vector. from a security threat point of view.  This is similar to risk Management, where you list all devices and show which ones need the most security attention.  Threat modeling comes from a different direction – and looks purely at what is most likely attack vector by hackers.

 

Mike Rothman at Securosis Blogpost today also concludes https://securosis.com/blog to focus on detection and many have given up on prevention (not completely but mostly).  Everyone is at the RSA conference in San Francisco (listening to the luminaries)

rsaconference2015

Live RSA-TV of the keynotes at the conference.

In this keynote viewing your network using a threat modeling perspective was discussed.

By http://www.rsaconference.com/events/us15/speakers/christopher-young  A Sr. VP & GM of Intel Security Group

It is important to set up a threat model use your talented people to find a weakness in your network periodically by trying to hack the network as a hacker would.

 

Interesting to note the following story discussses this problem.

And at http://securityaffairs.co/wordpress/36105/cyber-crime/apt28-russian-hackers.html FireEye detected two Zero-day exploits which means one cannot defend against this Zero-day (until a patch is found that is)  This was the Adobe Flash CVE-2015-1701 last week.  Since there is a patch today.  But here is the kicker:

There is a Microsoft exploit that is not patched yet:

The vulnerability affecting Windows OS is still present, a Microsoft spokesman confirmed it and added that the company was working on a patch. Investigators at several security firms believe that APT28 was responsible for a serious breach at U.S. State Department computers in November 2014.

APT28 was dangerous for a short amount of time, undoubtedly was a dangerous piece of malware for a period of time. And as we all know the attack is most likely going to be malware. Especially a Zero-day attack that cannot be patched.

 

Contact Us to discuss threat modeling and other ways to test your defenses to eventually make your defenses better.

 

 

At the

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.