Threat Modelling
There's no one-size-fits-all strategy for eliminating vulnerability risk. Knowing how your organization operates is what makes the difference. Threat modeling is an approach to enterprise network security that lets you optimize resources and maximize security by prioritizing the resources and programs required to keep your organization secure. A key goal for threat modeling is to model threats. The model identifies vulnerabilities according to their potential for damage to the organization along with prioritization and impact. The threat modeling methodologies include STRIDE, TRIKE, and PASTA.
The e-InnoSec team uses risk centric threat modeling "Process for Attack Simulation and Threat Analysis (PASTA)." The process involves a correlating threat to application attack surface and identifying risk to the applications and business purpose. The team will produce Attack Trees considering asset, actor, abuse case, vulnerability exploit, and countermeasure. The highly experienced team of professionals offers expertise and has knowledge of the latest technologies, understanding of risk landscape, and the ability to rank risks in the context of impact on business operations.
The PASTA steps:
- Define Business Objectives
- Define Technology Scope
- Application Decomposition
- Threat Analysis
- Vulnerability Detection
- Attack Enumeration/Simulation
- Risk/Impact Analysis
Services
Risk Centric Threat Modeling