Learn how to scale threat modeling with a pattern-based strategy

Posted by Synopsys Editorial Team on Thursday, January 11, 2018

Performing threat modeling is a difficult and expensive undertaking for most firms. And, understandably. Traditionally, threat modeling requires an experienced security architect with knowledge in three fundamental areas.

Architecture and design patterns
Enterprise application technologies
Security controls and best practices

When creating a scalable threat model, it’s important to recognize the benefits and limitations of these approaches.

Pattern-based threat modeling

Here, we’re proposing a pattern-based method for exploring the threat modeling process for commonly recurring patterns.

As humans, we employ patterns in our lives every day. We can hear musical patterns and assign them to specific genres. We can look at cars and recognize that they belong to various style and function categories. This categorization that we perform happens subconsciously. When used implicitly, patterns tend to lack structure, comprehensibility, and therefore scalability. When used explicitly, they provide considerable value to an organization, including cost reduction, scalability, reliability, and even maturity.

Patterns provide the following key benefits:

Consistency and reliability

The use of patterns allows us to identify recurring problems/patterns and employ consistent solutions. In security, this means that by identifying patterns during threat modeling, we can create consistent guidance for design, development, testing, and risk management.

Efficiency

The use of patterns allows us to automate some part of a problem while leaving the more complex concerns to be examined by experts— thus creating efficiencies.

Commonly understood taxonomy

Patterns create a common taxonomy to organize knowledge, train users/practitioners, and communicate with stakeholders.

A proposed solution to enable scalability

The pattern-based threat modeling approach uses an understanding of commonly accepted patterns for threat analysis to bring consistency and efficiency to the threat modeling process. This solution provides more flexibility for scarce expert resources.

Join the conversation in the Synopsys Community.

Scalability through a pattern-based solution:

Allows resources to conduct deeper analysis on critical applications while templating commonly understood application subcomponents
Provides definitive design, development, and testing guidance for commonly recurring problems
Brings consistency and reliability to the threat modeling process

A template-based threat modeling approach provides organizations with the means to make threat modeling consistent, efficient, and scalable while being mindful of application and enterprise context. This approach opens doors to automate threat modeling processes while creating much-needed bandwidth for security experts to focus on critical and high-priority areas of applications.