Threat analysis is a very simple concept. One needs to determine where your organization is vulnerable. What are the possible attack vectors and how large an attack surface do you have. Ideally one also evaluates the cost benefit of addressing any threats discovered.
Basic software threat analysis asks the developers and QA to ensure that classic threats such as cross site scripting, SQL injection, and buffer overflow attacks won’t work. The developers also need to analyze the application and break it down into its components and determine if there are any places where communication between components could be subverted and look at all of the inputs and outputs. I.e., looking for security flaws in the implementation of the software.
That is not sufficient or sometimes not relevant unless the use cases are taken into account.
E.g., an IT department develops software and they have an internal policy to do a threat analysis on the software before it is released. The security team has read all of the latest documentation on threat analysis for software and has decided on some tools to use. They focus on ensuring that cross site scripting, SQL injection, buffer overflow can’t work (Perhaps using an input fuzzing tool). They use static analysis tools to make sure the code is “clean”. However, they need to also take into account the use cases. Is it an internal or external facing application? Is some,all, or none of the data confidential? If it is an internal facing application running on a secure corporate network there should be less concern about man in the middle attacks. However, there should be more concern about the high level design of the applications. Are roles and privileges well defined and secure. Is there an audit trail of actions taken ? Is the audit trail protected? Often a threat analysis is limited to the generic security issues that may not be relevant and ignores the high level less than secure functionality of the product.
Threats can be physical. If a laptop is stolen, lost, or left in an unprotected hotel room, your data can be compromised. Much of the computer security focuses on external cyber-based threats but inside theft, malicious users and user error also need to be examined. User error such as someone leaving their desk without locking the computer or leaving while still being logged into a key corporate software system can have severe repercussions but do not require a high tech approach to subvert the system. Savant Protection is useful tool that reduces the attack surface of end points in the organization. The attack surface is not just the internally developed applications and corporate blessed third party applications but if users have the ability to install apps on their own (intentionally or accidentally) then that opens up more avenues of attack. Savant Protection mitigates the risk of these attacks by preventing unauthorized software from running.
All security is about trade-offs. One has trade-offs in deciding how much effort to invest in threat analysis. One needs to decide which threats are most important to mitigate. What tools to deploy and what policies to put in place. All organizations should do some level of threat analysis even spending just a small amount of time can be valuable and help to reduce the attack surface of your organization and mitigate threats.
Savant Protection offers a flexible, low impact, easy to deploy, easy to manage layer of security that blocks unauthorized software, stops zero day attacks, prevents the creation of advanced persistent threats, prevents key loggers from running, and eliminates the need for many system rebuilds. It does this by automatically creating and maintaining an implicit whitelist of all executables on each computer system. It is a simple and effective layer of security that will only allow a process to run if it is on the whitelist. This keeps the attack surface from expanding.
Filed under: Security | Leave a Comment »
