logo
Home

Blog Details

Scroll

Combine Threat Modeling and DevOps Methods to Reduce Risk

Posted by Marbenz Antonio on February 9, 2023

The Problem with Traditional Threat Detection and Response

There’s no question that Agile and DevOps are two of the most prominent security trends in recent years. The swift growth of cloud technology has increased the demand for greater agility and adaptability, leading developers and organizations to seek out more efficient and effective Threat Modeling and DevOps methods and tools to meet these new requirements and drive innovation.

The “shift-left” principle is a central aspect of Agile and DevOps. This refers to the ability to anticipate certain tasks and improve their efficiency and cost-effectiveness. For instance, applying the shift-left approach to quality means that testing should be performed as early as possible to detect and fix bugs. When viewed through the Microsoft Security Development Lifecycle, threat modeling is a prime candidate for shifting security to the left. However, integrating threat modeling into the Agile and DevOps processes can be challenging, as it has typically been a separate aspect. Thus, new methods are needed to seamlessly incorporate threat modeling into Agile and DevOps.

This is the account of a team of Microsoft security specialists who have teamed up with renowned threat modeling experts from the community to tackle these issues.

Want to know more about DevOps? Visit our course now.

Threat Modeling and DevOps Methods: The importance of focusing on the return on investment

There isn’t just one threat modeling process. Threat modeling encompasses a range of methodologies used to assess the security of systems, uncover vulnerabilities, and determine the most effective strategies for defending against potential attacks that target those weaknesses. The Threat Modeling Manifesto provides one of the best resources for gaining a fundamental understanding of what threat modeling entails. Although it is crafted with the non-expert in mind, it also delves into deep considerations that hold significant ramifications for many experts.

However, not all threat modeling methodologies are equal. Some prioritize automation and aim to make the process accessible to non-experts, but in doing so, they may overlook some threats that would be identified through a more comprehensive approach. Others place too much emphasis on the skills of the threat modeler, resulting in outcomes that vary depending on the person performing the modeling. In both scenarios, the risk is to reduce the impact of the valuable insights gained through threat modeling by providing generic recommendations that may make the experience feel lackluster and not worth the investment.

This highlights the importance of broadening our objectives to prioritize maximizing the value for those who use the results of threat modeling. In our view, this requires a focus on return on investment: threat modeling has a cost, which can be substantial, and this cost must be offset by the perceived value of the process. At its core, this comes down to answering a single question: is it possible to design a threat modeling process that prioritizes quality while reducing the cost of the exercise?

Threat Modeling and DevOps Methods: The Hackathon project

A group of Microsoft employees from various parts of the company came together to tackle this question. They devoted three full days to finding a solution as part of a worldwide Hackathon hosted by Microsoft. Recognizing the importance of efficiency in achieving their goal, they named their initiative the “Efficient Threat Modeling” project. The resultant paper collects the insights and outcomes of this effort, with the hope that they will prove useful to other organizations globally.

The best way to start

Microsoft has a rich history and extensive experience in threat modeling, and the team recognized that they couldn’t achieve their ambitious goal without external assistance. As such, they invited some of the foremost experts in the field to share their thoughts on the topic. They had the privilege of learning from the following experts (listed in alphabetical order):

  • Altaz Valani, the Director of Insight Research at Security Compass and a well-known speaker at conferences and events, and a co-author of a publication on the future of threat modeling.
  • Arun Prabhakar, a security architect at the Boston Consulting Group and co-author of the publication on the future of threat modeling.
  • Avi Douglen, the CEO and founder of Bounce Security, and recently appointed as the director of the Open Web Application Security Project (OWASP).
  • Brook S.E. Schoenfield, is a highly regarded author of several seminal books on application security and threat modeling.
  • Hasan Yasar, a technical director and adjunct faculty member at Carnegie Mellon University’s Software Engineering Institute and co-author of the publication on the future of threat modeling.
  • Izar Tarandach, a well-known threat modeling specialist, is co-author of both a threat modeling tool (pyTM) and a comprehensive book on threat modeling for developers with Matthew Coles.
  • Lotfi Ben Othmane is an assistant teaching professor at the Department of Electrical and Computer Engineering at Iowa State University, where he leads the Engineering Secure Smart Cyber-Physical Systems Lab.
  • Matthew Coles is a highly regarded threat modeling expert, who co-wrote the threat modeling tool pyTM with Izar Tarandach and also wrote a comprehensive book on threat modeling for developers.
  • Michael Howard, a Principal Product Manager at Microsoft, is a trailblazer and a source of inspiration for countless security specialists. He has written several highly-regarded books on application security.

Avi, Brook, Izar, and Matthew are co-authors of the Threat Modeling Manifesto.

The outcome of this initiative is a paper that presents the ideas discussed during the Microsoft Hackathon, as participated by the team. Some of the ideas in the paper were influenced by or even directly taken from the conversations with the experts mentioned, but the paper reflects the perspectives of the Hackathon team and not necessarily the views of all the speakers. Regardless, the team is grateful for the opportunities to learn from these experts.

The key learnings

The team was inspired by the expert speeches and had many ideas to choose from, but some had a greater impact. The most significant takeaway was the need to concentrate on the DevOps process because of its widespread use. This involves not only making the process accessible to team members by streamlining and automating it, but also ensuring that it is seamlessly integrated with the existing DevOps procedures.

Threat modeling should not be viewed as an added burden but instead, as a valuable resource for gathering and prioritizing security requirements, designing secure solutions, integrating security tasks into the preferred task and bug-tracking tool, and evaluating the residual risk based on the current and future state of the solution.

Here at CourseMonster, we know how hard it may be to find the right time and funds for training. We provide effective training programs that enable you to select the training option that best meets the demands of your company.

For more information, please get in touch with one of our course advisers today or contact us at training@coursemonster.com

Recent posts

Verified by MonsterInsights