Threat Modelling

What Is It?

Threat modelling is an activity undertaken to identify possible security vulnerabilities in any given system, environment or organisation through mapping of inputs, outputs and functionality utilised. It allows for potential risks to be traced then rated with countermeasures factored in, allowing for specific concerns to be drawn out to guide technical assessments as well as initial prioritised remediation.

Why Assess It?

There are many reasons to conduct a threat modelling engagement, five of which are below.

Threat Actor Mindset

As systems are made, assumptions are made about how users will utilise the resources and how the architecture will work together amongst other things. Utilising a third party to model your threats allows you to obtain a unique insight which is further enriched by thinking in the vein of a threat actor who has specific objectives in mind.

Cost and Time Efficient

A thorough hands on security assessment of every component in an organisation can be expensive and take time to execute. With threat modelling, due to it is hypothetical exploratory nature, you can cover a large environment or system very efficiently to understand the key threats to your organisation.

Minimal Prerequisites

Supporting a security assessment will always have prerequisites to ensure the engagement progresses smoothly but with threat modelling there is no need to provide all the different accounts or notify the security teams as it is primarily based on documentation and your teams knowledge.

Future Gains

A well executed threat model will not only provide risk insight but will guide future assurance questions. This allows your organisation to define specific scopes for any technical assessments needed and allows you to prioritise where you deploy the assurance effort across your organisation.

Validate Secure Architecture

As a threat model looks at the system or environment as a whole, it allows you to validate that the defences your organisation has built in are architecturally effective as well as highlighting any areas where architectural changes could be made to mitigate potential risks, both in terms of likelihood and severity during an adverse security event.

The Agility Cyber Approach

Like all our engagements, we want you to get the most out of your threat modelling engagement and we do this by:

Business Understanding

Technical risks are important but your organisational risks need to be factored into the assessment. We always ensure that we understand the function being provided by the system or environment under assessment and the wider organisational risks.

Conscious of Your Time

We need your input during the assessment to ensure you get the most from it but we balance our discussions so we use your time effectively. We do this by collaborating in every discussion, ensuring that your organisation gains some additional insight whilst helping our understanding but by also ensuring we review documentation first so the questions that we ask are efficient and respectful of your time and knowledge.

Clear Output

We do not just issue a list of vulnerabilities. We believe that visual representations can help understand the risks, how they interact and where they originate from. We go to great lengths to ensure our output that is provided to you from this assessment both makes sense and is of tangible use.

Attack Path Mapping

Vulnerabilities are not exploited in isolation by a threat actor, so why should a threat model treat them in isolation. We tie vulnerabilities together ensuring proper risk analysis as well as providing you the insight of attack chains discovered, allowing you to deploy targeted remediation at a point where you can mitigate against several attack paths at once.

Multiple Inputs

A high value threat model takes inputs from different areas. We do not just review a single high level design document or base the model off a single high level demonstration during a call. We use any resources we can to build up a true picture of the system or environment in scope and use architecture diagrams, documentation, verbal summaries as well as light touch technical enumeration amongst other sources to add value.

Benefits of Partnering with Agility Cyber

Mutually Invested

Our experts work with you, not against you. There are no egotistical celebrations when a serious issue is discovered, just rapid full disclosure with pragmatic suggestions for effective remediation followed by ongoing support.

Clarity and Simplicity

We always provide clarity, believe in simplicity and value your time. An example is rather than waiting until the engagement starts, we will conduct open source intelligence gathering activities before the scoping meeting to help us understand your organisations position and risk posture thus enabling us to ask better questions, securing you higher value and saving you time.

Full Consultancy

Our team, based in the UK, is technically exceptional but we pair that with business sense to discover, triage and help you remediate the full range of security issues.

Impartiality

We are impartial, we do not sell you products or the latest buzzword laden trending solution.

Outstanding Service

We have an industry leading turnaround, agility is in our name after all. Proposals are shared with you within 24 hours of the scoping meeting. Accurate and complete daily debriefs are given during every engagement. The report is shared within 5 working days at the latest.

Scroll to Top