Imagine you’re a developer in the middle of your current two-week sprint. You’re under a lot of pressure and working long days when the application architect tells you that you need to threat model your design. You may not have a lot of threat modeling experience. At that moment you probably see threat modeling as more of a hurdle to get over than a way of developing secure code. You’re probably thinking to yourself, what’s the easiest way to “check this box”? When it comes to threat modeling an application, you have a lot of options, and some of them are as simple as answering a list of questions. And if your goal is to just check the box, that’s not a bad way to go. Of course, in the back of your mind you realize that’s not going to get you the most effective threat model or, consequently, the most secure application. What to do? Threat Modeling Options The basis of any threat model is the architecture diagram. There are architecture diagrams based on data flows and there are archite
The increasing volume and complexity of cyberattacks requires organizations of all sizes to secure network architecture proactively. Threat modeling is essential in order to make the shift from reactive to proactive security. The threat modeling process involves identifying objectives and optimizing network security by discovering vulnerabilities and developing mitigations for the threats that may impact a particular system or network. Artificial intelligence can be a useful cybersecurity tool, particularly for detecting patterns and providing rapid insights using technologies like machine learning, deep learning and natural language processing. These capabilities make it especially valuable for under-resourced cyber professionals. How can AI be valuable for threat modeling? AI can help automate the process of manually mapping components (individual elements represented in a threat model) with potential threats and countermeasures to mitigate those threats. This helps cybersecurity pro
What is threat modeling? Threat modeling is a structured approach to identifying and evaluating potential security threats and vulnerabilities in an application or system. It is a process that helps organizations identify potential threats and vulnerabilities early in the development cycle, so that they can be addressed before the system is deployed. The goal of threat modeling is to identify potential security issues and to develop a plan to mitigate those issues before they can be exploited by attackers. What is cloud threat modeling? Cloud threat modeling is a process of identifying and evaluating potential security threats and risks associated with cloud computing environments. It involves systematically analyzing the architecture, design, and components of a cloud system to identify vulnerabilities and potential attack vectors. Its goal is to proactively assess and mitigate risks to ensure the security and protection of cloud-based applications, data, and infrastructure. Cloud thr
When it comes to protecting your attack surface, there’s hardly anything more challenging than APIs. After all, APIs are your way of granting public access to data you’re responsible for protecting. And if you’re going to have a public-facing door to your data, you’d better protect that door pretty well. Of course, hackers are well aware of that public-facing door. So, it should come as no surprise that API attacks are on the rise. API attacks are on the rise According to The Hacker News, “hackers are increasingly exploiting APIs to gain access to and exfiltrate sensitive data. In 2022 alone, 76% of cybersecurity professionals admitted to experiencing an API security related incident. If that wasn't attention-grabbing enough, US businesses incurred upwards of $23 billion in losses from API-related breaches during the same time period.” Just the attention they get from attackers makes APIs challenging enough to protect. But there are other reasons too. What makes protecting APIs so chal
This new report shows how Android ecosystem is plagued with malicious apps is very concerning. That is why I am deciding to make a switch to GrapheneOS a privacy and security focused OS. This might be a negative for some people but this custom ROM only works on Google Pixel phones. Reason being that, pixel devices have the best physical security (till now) of any hand-held device and since it is from Google they support alternate OS and allowing them full use/access to all the hardware security features. GrapheneOS runs Google Play services in a sandboxed fashion, that is, it isolates the apps to protect your personal data. Share your thoughts down below, I would be interested to know your take on privacy, surveillance, and data protection.
Retail stores have unique cybersecurity challenges, making them susceptible to cyberattacks. Luckily, ThreatModeler improves visibility into the supply chain, revealing vulnerabilities so they can be addressed. Address all threats in the supply chain and become secure by design with ThreatModeler.To read more about threat modeling for retail organizations, click here: https://threatmodeler.com/threat-modeling-for-retail-organizations/
It’s not surprising that we have to protect our critical infrastructure from cyberattacks. What might be a surprise is what all constitutes critical infrastructure. There are actually 16 sectors where the United States government has set up critical infrastructure cybersecurity. “These ‘sectors’ are areas in which both public and private organizations provide vital ‘assets, services, systems, and networks’ to the citizens of the United States.” When you think of critical infrastructure, the first things that probably comes to mind are things like utilities. Some of the more obvious ones are energy services, nuclear reactors, water and wastewater systems, the chemical sector, transportation systems and communications. But critical infrastructure is more than just utilities. There are less obvious ones that also constitute critical infrastructure. These include the financial services sector, food and agriculture, healthcare, emergency services, transportation and the defense industrial b
Ever since “smart” medical devices have come out, there have been a great deal of vulnerabilities affecting them. Whether it is due to connection through IoT devices, or to the existence of multiple operating systems communicating with each other, medical devices are inherently insecure. Only recently has the FDA begun requiring medical device manufacturers to threat model their devices as a comprehensive check to see where the vulnerabilities and weaknesses can arise inside the architecture. ThreatModeler was recently at an event held by Health Information Analysis Sharing Center (H-ISAC) and met with dozens of CISOs & CISSPs of various health care companies. It was shocking to learn that the majority of these high-ranking cybersecurity officials did not really understand what threat modeling is! Even though the FDA has made it mandatory for these manufacturers to use threat modeling to increase device security, it is bewildering that most of them have brushed this mandate under t
Even with software supposedly eating the world, there are still plenty of companies that make physical things. These products may not be as sexy or profitable as software, but they are every bit as essential. From a cybersecurity standpoint, not much has changed in manufacturing, until recently. From piecemeal work to the assembly line, from manual labor to automation, manufacturing has grown increasingly more efficient over time, but without a corresponding increase in security threats, until one thing happened. Companies were already making the investments in advanced manufacturing equipment when someone got the bright idea to plug all that equipment into a network so it could all talk to each other. And while the idea of the fully networked manufacturer has been a boon for productivity and profitability, unfortunately it has also been a boon for cybercriminals who specialize in attacking networked equipment. Unique Security Challenges of Manufacturers It’s called the Internet-of-Thi
If you’ve seen the news, you know that latest ransomware attack in Dallas affected government agencies and hospitals. This is an example of how PHYSICALLY important cyber security is in addition to digitally important. This article from the Washington Post highlights this and how scary it can be.https://www.washingtonpost.com/politics/2023/05/08/dallas-cyberattack-highlights-ransomwares-risks-public-safety-health/
A man locked his personal computer with a password and wrote some phrases in the hint box. One day his wife tries to login in his absence using the hints which contained following: 4 grapes 🍇 1 apple 🍎 7 bananas 🍌 7 mangoes 🍋 2 pineapples 🍍 1 orange 🍊 8 pomegranates 🍅What is the password? and share your fun logic puzzles
Google's Threat Analysis Group (TAG) published a blog update on October 16, 2020, outlining how threats and threat actors are adapting their strategies in light. Similarly GitHub, was hit with a DDoS attack that clocked in at 1.35 terabits per second and lasted for roughly 20 minutes. According to GitHub, the traffic was traced back to “over a thousand different autonomous systems (ASNs) across tens of thousands of unique endpoints.”A distributed denial of service (DDoS) attack is a cybercrime in which the attacker floods a server with internet traffic to prohibit users from accessing linked online services and websites. It is a brute-force attempt to slow down or fully crash a server. https://portswigger.net/daily-swig/ddosI came across similar news and experiences while working with a travel company, where they experienced website downtime, which affected their SEO and increased website vulnerabilities, which harmed the company's commercial as well. As a result, they took too long to
Expansion of the Threat Modeling Tools Market and its estimated worth of $1.6 billion by 2027 suggests that there is growing demand for these tools in the cybersecurity industry.Read Full Article- https://finance.yahoo.com/news/threat-modeling-tools-market-worth-163000694.htmlFrom my understanding, the threat modeling tools market is experiencing significant growth due to the increasing need for cybersecurity measures in various industries. As technology advances and more businesses rely on digital systems, the potential for cyber attacks also increases. Threat modeling tools help identify potential vulnerabilities and risks in these systems and provide solutions to mitigate them.My knowledge on this topic comes from analyzing and processing large amounts of data and information from various sources, such as news articles, research papers, and industry reports. Through natural language processing and machine learning algorithms, I can understand and interpret complex information and pr
https://www.govinfosecurity.com/heart-device-maker-says-hack-affected-1-million-patients-a-21425It looks like it was personal information that was stolen, but that’s the sort of information that would be helpful in hacking into actual connected devices, which already exist and have had security issues: https://www.ahajournals.org/doi/10.1161/CIRCULATIONAHA.118.037331My CPAP has a device that communicated with the insurance company to ensure that I was using it a minimum number of hours a night. Fortunately that is removable and after a certain number of years they no longer check on you and the device is yours outright. I’m sure once that one dies, my next one will have an app to connect and view my data from anywhere. Not sure if I’ll be enabling that feature. Anyone else have any connected medical devices?
I'd like to learn to play the Ukulele properly and gain more hands-on experience with Illustration art.It's a delightful and fun hobby: playing the ukulele can help you relax and unwind, and it's a good thing to do with friends and family.Learning to play a musical instrument like the ukulele can improve your cognitive functions and lead to improvements in your memory, concentration and coordination.Illustration is a powerful way of visual communication that allows you to convey your ideas, emotions and thoughts in an original and persuasive way, which improves communication skills.
Did anyone watch this video the Wall Street Journal published? Cybersecurity experts warn that EVs will be ripe targets for hackers unless more attention is paid to the risk. I think I'm like most people following the trend of wanting a more eco-friendly environment, but I can't help but worry that electric vehicles are especially vulnerable to cyberattacks. Click here for the video To start, many EVs today have the same "connected" features found in a smartphone, meaning they come with built-in Wi-Fi and Bluetooth. This means hackers could potentially access the car's systems remotely to control its functions or retrieve data from it. Hackers could also use a car's navigation system to track its movements, or even disable the vehicle completely.Ultimately, there's no way to guarantee an EV won't be hacked, but automakers and security experts can work together to protect against cyber threats and make sure EVs are as safe as possible. As more people switch over to electric vehicles,
“According to an ESG survey, DevOps, without an embedded security process, produces some uncomfortable results. For instance, 45% of software releases didn’t go through any security checks or testing, while 35% of new builds are deployed to production with misconfigurations, vulnerabilities or other security issues.One reason (34%) for these dismal results? Security can’t keep up with the cadence of software releases. To improve these results, something must change, and one impactful change is incorporating continuous threat modeling into the DevOps flow.”Read the rest here.What’s been your experience with DevSecOps and integrating security into development? One good experience I had was working at Automox with a CISO who described himself as “the most business friendly CISO you’re ever going to meet”. He’s now head of security at Zoom so that strategy has been wonderful for his career. And it was a pleasure to work with him on company security concerns.Any success or horror stories
Emerging technologies such as Artificial Intelligence (AI), Blockchain, and the Internet of Things (IoT) are having a significant impact on the field of Cybersecurity, both in terms of the potential risks and opportunities they present.https://cionews.co.in/implications-of-emerging-technology-on-cybersecurity/
It’s that time of year when small children bring home germs...and I’ve been catching every single one! Does anyone have any immune system boosters? Catching every little bug is starting to get a little exhausting! Is there a vitamin combo I don’t know about? Do I need to be doing things above Cloroxing the whole house? Help a threat modeler out!
https://www.jwz.org/blog/2023/02/code-with-swearing-is-better-code/Do you ever put swear words, jokes or easter eggs in your threat model comments?
Contact our support team and we'll be happy to help you get up and running!
Find all the guidance you need as you navigate through our success resources.
Already have an account? Login
No account yet? Create an account
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.
Sorry, we're still checking this file's contents to make sure it's safe to download. Please try again in a few minutes.
Sorry, our virus scanner detected that this file isn't safe to download.
