Threat Modeling and Attack Simulation
First create a model of your IT environment, then run attack simulations on it
Running attack simulations on a model of your IT environment allows you to investigate your security situation without touching your environment.
Attack simulations will show how an attacker would crawl your architecture.
By comparing simulations run on different models or variations of a model, you can evaluate security changes and architectural alternatives to gain decision support before introducing them for real.
Model your IT environment
Make a model of your IT environment, existing or not, for attack simulation purpose.
A model is a set of virtual objects interconnected to represent an IT environment.
Modeling objects represent for instance networks, firewalls, hosts, clients, services, dataflows and so on.
The model can include all of your IT environment or a limited part of it which means that you decide the scope of your analysis depending on what you wish to investigate at the moment. Additional details are preferably added when needed. Since the model is a model, it can represent your existing IT environment or an IT environment to come like different design alternatives.
Simulate an attack
Follow a virtual attacker throughout your environment.
Attack simulations show how an attacker would work its way forward in your environment.
The attack simulations consist of a chain of attack steps, or attacker operations. For each step the virtual attacker will succeed with, it will see additional options, just like a real attacker or penetration tester does.
While stepping through the model, the time needed, or difficulty, for each step is logged so that you can evaluate the risk exposure.
While crawling the model, the virtual attacker will face security defenses or flaws that will make the next attack step hard or easy. Such properties can be altered to see what impact a security improvement will have on the virtual attacker’s progress.
Unknown, low detail or omitted parts of the model are also taken into account as possible hacking options.
Evaluate risk exposure
Compare simulation results
By comparing simulation results from variations of your model, you will be able to evaluate the impact of security improvements being considered.
Models representing what-if scenarios can be set up to estimate the severity of potential flaws before they happen.
By comparing the simulation results of models representing the as-is and to-be situations, you can compare your current risk exposure to what it will be after introducing structural changes or altering different security measures.
By altering the virtual attacker's starting point you can compare different attack scenarios to relate them to each other.