Events Add an event Speakers Talks Collections
 
Duration 40:01
16+
Play
Video

Cloud Threat Modeling - from Architecture Design to Application Development

Randall Brooks
Engineering Fellow at Raytheon Intelligence, Information and Services
+ 1 speaker
  • Video
  • Table of contents
  • Video
RSAC 2021
May 20, 2021, Online, USA
RSAC 2021
Request Q&A
RSAC 2021
From the conference
RSAC 2021
Request Q&A
Video
Cloud Threat Modeling - from Architecture Design to Application Development
Available
In cart
Free
Free
Free
Free
Free
Free
Free
Free
Add to favorites
80
I like 0
I dislike 0
Available
In cart
Free
Free
Free
Free
Free
Free
Free
Free
  • Description
  • Transcript
  • Discussion

About speakers

Randall Brooks
Engineering Fellow at Raytheon Intelligence, Information and Services
Jon-Michael C. Brook
Principal at Guide Holdings LLC

Mr. Randall Brooks is an Engineering Fellow for Raytheon Company (NYSE: RTN). He is the Director of the Raytheon Cyber Center of Excellence. Brooks represents the company within the U.S. International Committee for Information Technology Standards Cyber Security 1 (CS1) and the Cloud Security Alliance (CSA). He has more than 20 years of experience in Cybersecurity with a recognized expertise in Software Assurance (SwA) and secure development life cycles (SDLC). In addition to holding eight patents, Brooks is a CCSK, CISSP, CSSLP, ISSEP, ISSAP, and ISSMP. Brooks graduated from Purdue University with a Bachelor’s of Science from the School of Computer Science. Specialties: Cybersecurity, Cyber Learning, Software Assurance, Vulnerability Assessments, and Secure Architectures

View the profile

Jon-Michael C. Brook is a certified, 25-year practitioner of cybersecurity, cloud, and privacy. He is the principal contributor to certification sites for privacy and cloud security, and has published books on privacy. Brook received numerous awards and recognition during his time with Raytheon, Northrop Grumman, Symantec, and Starbucks. Brook holds patents and trade secrets in intrusion detection, GUI design, and semantic data redaction. He is recognized as a Research Fellow with the Cloud Security Alliance, and currently co-chairs the CSA’s Top Threats to Cloud Security and Enterprise Architecture Working Groups. He is a certified trainer for the CSA's Cloud Security (CCSK+) and Cloud Governance (CGC), teaching the CCSK+ training at Black Hat, RSA, and ISC2 conferences.

View the profile

About the talk

Randall Brooks, Principal Engineering Fellow, Raytheon Technology Jon-Michael Brook, Principal Security Architect, Starbucks Threat modeling combats the age-old misconception of architects and developers trying to protect everything from everyone. Threat modeling focuses on determining what to protect, who to protect it from, and how to protect it. The main result of cloud threat modeling is to determine one's attack surface, which helps to eliminate common architectural flaws.

Share

Hi, my name is Randall Brooks. I'm a principal engineering fellow from Raytheon Technologies. And I am here with my good friend, John Michael and he'll recuse himself in a second to talk to you guys about threat, modeling from architecture design application. I get to work a lot in what we call software. It's a software assurance and we focus on building Security in into products, including threat modeling, and all those wonderful things were going to talk about today. In fact, I actually do cyberlearning cyber training across

the company and it's very happy to be here and talk to you guys today about this topic Starbucks, and a cloud research fellow with Cloud security Alliance. I also share are working group. All right. So what were the things we're going to focus on is what is threat modeling? How does this really apply to what you do in your day and a life, you know how to go about it. Sometimes it's very hard. In fact, I've been teaching, folks how to do threat modeling for a long time. And sometimes

it's just not for for certain folks, but we're going to hopefully give you things to think about as you go through a looking at applications that you're basically migrating or things that you want at Target for the cloud. How might you go about thinking about that with respect to threat modeling? Now, for me. I have to get to work in government type work. So we we focus on things such as the nist of special Pub, 800 series and in the recent revision of 5, which is focusing on their security

controls and clouds. I called the cloud controls Matrix, which is a similar set of controls that's out there. But one of the things they have in there is the systems and service, acquisition 11 developer, testing and evaluation. And this is focusing on really understanding your your attack surface. How might your systems be attacked? How might you go about validating that and so forth. Then one of the things specifically, as they call the call out here, it's threat modeling and vulnerability analysis. Now, one of the things that they call

out, which I think you folks really struggle on is conducting threat analysis to a certain level of rigor, in that level of rigor, is very difficult for folks to really understand and how far do you know how far do I keep going with my threat modeling and we're hopefully going to have a good example for you guys upcoming. That'll help you really understand what's really meant by that and how you might be able to play. What you do? One of the things about threat modeling is you want to focus on really a system Centric or a defensive way of looking at a system. You really

as as, as someone who creates systems, you want to think about any ways that the system could be interacted, what potential threats that might be How likely, you know, what means would they might go about attacking you? Maybe you have an external interface or something along that line Avenues, would they be going through? May be there that you have a partner Network that you communicate to and that part your network gives access into some of your back-end systems, then start to think about prioritizing the wrist and it start to mitigate those and then designed that system out a

model it start to decompose at step through each section. And then look at ways for various different attacks against that one of the fun things. We also get to do is Think about what an attacker wheelie might. Do you know what is their techniques that they might go about attacking a system and you really going to start you kind of and I use this term a lot. Like I know it's in one of the slides is like building your stink evil Gene and thinking about how can you go about bringing the system down thinking about how my attacker might subvert a system and you know, really bring it if you don't

bring it to its knees. So there's going to be certain goals that you don't want to do. Maybe it's going to be, you know, spoof of a certain type or we produce certain credentials or something along that line, but there are certain goals that folks will want to get to announce they break down those goals. Don't really understand how might that might be there Avenue of attack and how it goes through. A lot of times the actual attack portion of the modeling happens as an output of the threat model. So folks might present their threat model and you know, folks kind of skilled

in the Arts a lot of you know, Defcon attenders those types of folks might take a look at that and say, you know, I can do this this in this then I can attack your system and it may be potentially bring it down and sell you look at all of those likely responses and what might the application go about a to do to defend against that. Now, as you do this, you're going to actually produce something in. One of the things you'll produce is certain attack patterns, you might extend and putting come out with use cases of abuse, cases misuse cases. However, you want to describe it but basically all

the bad things that could be done to a system and so forth and one of things were going to delve into its attack trees and attack grass and so we're going to graph out of We're going to walk through that and talk about those types of attacks. Now. This is one of my favorite slides and it really simplify threat modeling into some specific ideas in that. What is it that you want to protect? Who do you want to protect it from How likely we need to protect it and that's always a hard one cuz they can support a probability of occurrence.

Right? And then how bad is it if you fail? And then, of course, how much money do you have? How likely are you to go about to spend that kind of money to defend? I can't defend against everything. So that's what my friend Molly was. So important. You can't defend everything, right? So if you can focus on, what's the highest probable thing that could potentially cause damage to your system or application? Then that's what you want to focus on some things of the core things. You really want to think about. Now. I really got this from an MIT. Of course that was online, but I've seen it

reproduced in many different subjects. So I do really like this kind of simple thought of what do I protect? Who do? I protect them from and how much money do you have? How likely will you need to protect that system? Now, Microsoft has done a great service for Ali to the industry and really thought about threat modeling. In fact, they have a full tool to do sudden threat modeling so they came up with five steps really to go through with respect to die because there is it's not just the diagramming an in really, you know, thinking about the system. But there's a lot more

things to really consider. And one of the things that you want to do is really kind of think about your requirements that you might have to find all those late. But Liam out, maybe track them in some sort of y'all tracking for Carmen's tracking database and done as you create. Location. Then you can, you know, diagram it out, architect architecture, lay it out model, the system, come up with, in a particular threats, that might go against the system. Now, of course, A lot of the stuff we're going to

emphasize later is on the work that the cloud security lines does. And so that'll really help with the identifying, the Frets, and then coming up with ways to mitigating mitigating threats. With respect to that and then validating that those threats have been mitigated over time. And we have a link down there to Microsoft work in front modeling. This is always and also another good one. We have overlaid hear some of the work that might hurt. The Mitre. Corporation has done with respect to what they called, making a security measure of all in one of the things they have in there is

Capac their comment attack pattern enumeration and classification. So the kind of soup with your looking here is your thinking about known fright after. These are the guys that, you know, they potentially be targeting your your system. What attacks might they go through? In capex, really good at helping you that also, the miter attack framework is something. Also considering we'll talk a little bit about that later. And then I'll see you code your application. You'll have what we like to call common weakness, in numeration, and those are potential things that you may become

vulnerabilities or not. Yet vulnerabilities right now, but an attacker might be able to leverage that and create a specific vulnerability. Now, of course, you'll have Other impacts are other controls that you'll apply and that we'll have results and impact based on how you've applied those controls. And so we're trying to kind of get you think about attacker. Does this bad thing to my code, but I've got this wonderful thing to protect it or I'm in a defense-in-depth scenario where I've got more than one layered control to mitigate that risk and mitigate that as we go through time.

All right. So we talked about attack models. So let's list Give an example really here on. What would this look like? Now? He's fun to assume the role of attacker you do you get to, you know, take you know, taking a look at each kind of Fred and then apply those against your particular Target, you know, you don't need to go through the firewall if you can trick someone to do something, right? So however, you know, someone might go about getting their goals to go. Step one, step, two, step, three and was depicted here is

from Microsoft article on basically how to obtain credentials over the network, but you'll go through various different stuff that you'll go through trying to achieve what you would like to do. Now. There's a lot of products out there that will help you walk through these types of things. And to be honest. I've I've seen Vizio PowerPoint, you know, basically box an arrow way. In problem. And so for now the hard part is getting to the kind of bit and state like to do, I understand that and stay, where do I need to stop? And that's what we're going to focus on here with this next

example, so, we're going to pretend it's Christmas time and it's time to watch a wonderful Christmas movie called Home Alone in it. Surprising. You probably didn't know this. At least we will make the assertion. He is an attack tree and so, we'll go through this example here in and talk about how each step that was done in this particular set of attacks. And how things went from a distance of perspective and how Kevin McCallister was going to quote, defend his is family home because he was left home alone. How is he going to go about to do

that? So the waist depicted here is really an attack defense or you might use the word countermeasure. Whichever is your Appropriate term that you like to use, they won't attack countermeasure attack, countermeasure, and was depicted over over on the right. There is, is really the whole graph laid out, but one of the things that started off in the folks, really Harry and Marv, they wins and kind of look out in kind of knocked on every door and said, hey, you know, where the police, you know, when I find out which kind of mechanisms you've got to, you

know, defend your house. I'd during this Christmas season would hate for you to get robbed or something like that. So they're out there already, you know, fingerprinting figure out what's out there, looking at the infrastructure and trying to understand, you know, what kind of defenses are in place? And their expectation is not know when they'll be able to bust, right in? You know, there is no actual larm, this a sign that says, you know, you know, security system and so forth, but there's no actual aren't right. They're a little steps. They have this gold courses that the

attackers goal was to rob the McAllister's house. So the first thing they do, they actually do find out that Kevin is there. So they actually it was signed or towards the bank. It's right by the kitchen, in the kind of trick. Kevin. They like me know. Hey, we got some candy, open the door, you know, where the good guys? Let us in the house. And Kevin has already kind of thought about ways that he might be attacked and he's laid out his defenses to mitigate any potential incursion into by Harry and Marv. So, the first thing he does is shoot Harry and Marv with a BB gun. Now, of

course, that does help them learn that. That was a huge mistake on their part. And they decide that, you know, what, we're going to do. We're going to really double up our attack. Harry is going to go around to the front door while Marv is going to go down to the basement door, which is actually right next to the door, which they stop. Now, Kevin is really thought this out and he's laid out his defense. He's put water on all the stuff, so he's ice them up, they fall, they get hurt, you know, they're limping after this, they're both of, you know, trying to reel from this event.

But now, what they do is they slowly walk up the stairs and kind of, you know, think about how they're going to attack as they go on now. Marv uses exactly fell all the way downstairs at this point. He's in the basement floor now and use the Crowbar and he has some success and he enters the McAllister's house. Unfortunately has a one yet. He's got a lot more to go, but he's making some success in that does happen. Sometimes in front models. You'll you'll come out with an attack. Defence attack the fence and you are a, the person explaining you might come up with the, maybe

something that is a little bit successful and no and as such you want to keep going with you or your Text free. Now as a defense against for Harry as he's trying to enter the front door. He uses a an electric grill starter in Burns Harry's hand. So that kind of stops and Harry at that point. And one of the things you'll notice will have an end of the end of attack. There are certain things you might do is Defender that might cause a Defender to just give up

this Avenue is not going to work. Maybe they're trying to fuss or launched various different attacks where they're trying to brute-force your authentication strategy, you know, they're trying to denial-of-service. You are, you know, cloud service provider or whoever it is, you know, they're trying to ask. And it is a point in which that attack is just no longer going to work. But like I said for Marv, he's had some success. And so, Marv is entering the house. Is coming through the basement and Kevin drops a iron-on on Mars had rigged it up

and I Burns Marv, of course, but now he's still making some success. So he's going to attempt to climb the basement stairs. Now, finishing out, Marv, one of those things that Kevin has done is besides destroyed his entire house at this point as put tar on the ground. And that this causes things get very sticky. He pulls, you know, loses his shoes and so forth. Just like if you're amusing things like honey pot. You might have tarpinian technology that might slow down your attacker and cause them to maybe reveal themselves and so forth. Now, he's going

to put a note are on there and he end up stepping on a nail and for some reason, he actually gives up at this point and his end of a tight ends. At that point. He's given up on the basement. He leaves and actually comes up with a new A new attack. Now, he's starting his new attack. He's comes back around to that that kitchen door, where they first met Kevin, they knocked down that door and a, but as he does open it up. There's flamethrower working at Burns, Hillary on the head. Now, now he's least inside the house and he sees Kevin, he

yells at him. He enters the dining room. Now, at the same time, Marv has went around to a window open the window. Kevin has laid out, broken glass ornament 2044 on to step on and of course, he hurts his feedzai, which he lost his shoes at the park and so forth. But for Harry Kevin fleet has a thing who run. Jason Kevin to run to get Saran wrap. All locked, all over him and he blows feathers on him. At that point. They've decided that they're two separate attacks is not. Don't work. And so they're going

to join forces double up on the defense and attempt you go up the stairs. Well, Kevin has placed micro mini machines. A great toy from the 80s, a slipping in the 90s to what Slippin Fallin. They fall hurt themselves as so forth, but they're still, you know, determined they are going to compromise this particular facility. There's house they want it. They're going to, you know, keep falling Heaven up the stairs. Now he's going to swing can see Ashley swings them individually, misses one, but then he gets hit them later when he thinks he's dodged it. Now. They're

very wary of what Kevin's going to do and I was Kevin tries to defend against their attack. Now, they're slowly coming up the stairs, definitely moving slower. Looking for things. Like they're always kind of like, you know, looking out, you know, what's going to get me next? So Kevin has set up a tripwire and he calls the police. The neighbor's house not actually to his own house, but a neighbor's house because Kevin is part of Kevin's defensive plan. That is the Avenue in which he's decided to take. Now. The attack Marv does a dive a Gramps cabin. Split

does get ahold of him. But luckily for Kevin his brothers tarantula is available any places that tarantula on on Mars had now. Now the attack they basically want to follow Kevin upstairs. Kevin has a defense where he's already set up a zip line to zip over to the tree house. And of course they want to follow that zip line, but Kevin's defense is the guy already got the scissors. They are shears to cut down that zip line and so forth. So they see Kevin going over to the neighbor's house. Now, since they have knowledge of this particular

home, since they've already compromised themselves. They actually invade as Kevin Andrews. The basement, they end up capturing Kevin as he comes upstairs cuz they already knew that he would be there. So, the question is, is did, did they win? I did they achieve what they intended to do. Now unfortunately not a neighbor, actually comes to the rescue hits Harry and Marv on the head with a shovel, the police arrived. And at that point it's really the end of attack. But so

question you might have is spent five minutes and you told me about a Christmas movie, again how it is that you have to do with cyber security. Now it's attack and defend attack, the sound and you'll go through this little steps. As you lay out. You were defensive infrastructure and how you feel and mitigate with potential attacks. But the key thing that's really happened, here is, is that all of these sequences really have delayed the usefulness of their attack. Now, they might your attacker mitasie achieved. Some level of footprint onto your

system. Maybe they've compromised one of your notes, you know, maybe you have a certain cluster. And so forth. But Dave it's it's taking them so long and they're able to you defend and detect what's being done. Here. It's no longer useful or maybe the data is out of date or so forth. But one of the things you want to try to do to do with attack modeling is figure out that level of rigor and if you can come up with that point, like, oh my gosh, they have to break encryption or to do. So we kind of layout a software to find perimeter in implementing zero. Trust with the classic good way of

Defending Cloud architecture, you know, for them to get access to that, system's going to be really hard for them to do that. All right, so getting back to one of my favorites and I do this a lot. This is actually an homage to the Batman threat model. I do encourage folks to search on the internet for the Batman threat model. So this is a time to emulate but as a defender in as a software person myself, I know my system and I don't always know the evil things that attacker might do to my system. So I want to think that out

and, you know, I'm going to think about, you know, what is they want to protect food? Want a protective from, I will. Am I going about to protect this? And really was the consequences and that's what we've got a drawn out here. And in this particular case, this is the, the Troy Trojans rat model. And in this case, Paris has Helen in his city of Troy and he is under siege under attack by the Greeks were very very much upset. With the fact that Helen has been taken and so King agamemnon's Army is coming to fight

and no armies, armies, you know, that would be a no pretty. You know, 141 write in an invidious particular case that got these walls protecting their sister, you know, protecting them that got Provisions. Know, they can hold up to a seizure or a very long time now, unfortunately, no for them. They have the Greeks have Achilles. And if you add Achilles to the Army, it really becomes really a moderate level or medium level risk, with, respect to what's going on here. Unfortunately, for them, they did not know about the threat and the gift, it's going to be

coming for them, which is the Trojan Horse. And it's always that one thing we did not forget our think about and that is the thing that ends up becoming the high threat really allowing folks to compromise. Our situation. Now, I spoke start to think about this and like, okay, I know, maybe I know what I want to protect and who do I am protected from and I have an idea of how willing am I going about protected? What's a good way for me to think about doing this? Now? This comes from the Microsoft threat modeling way of

thinking about it and it's the stride methodology. In this particular case, you look at ways things can be, spoofed. Maybe someone might tamper with data, as that data transmitted from certain objects know, if you have an application and a server or service that you're interacting with me know, can someone who fits tamper with that data. Is there a way for them to cryptographically? Stay that there's someone who they are not. Inviolate repudiation. Will I be giving up any kind of particular data and, you know, information disclosure and so forth, you know, will

I have a denial of service or elevation of privilege? Now, as we really think about all what all this threat modeling is that we're starting to move the cloud. Is there any difference know, how does it affect, you know, how is effective attacker, sap, software assets and so forth. So who's going to be available for any questions that you have during the noise? You mentioned in on what we're moving to the cloud, right? What we're now dealing with attackers software assets that we don't necessarily completely out. And so I want to talk a little bit about the other

Cloud security Alliance and the top threats working group that I am involved with. And here, you see, a couple of the products on the right hand side at the top. Fresh working group is put out. So, in 2010, they just had their 11th anniversary covid-19. Time for having a party members, 300 / 300. There are a ton of Products that come out of that deal. Organization. Cloud controls Matrix, the Enterprise architecture tour privacy. Level agreements will talk about. We won't talk about the cake and ccsk. But we will talk about the

collaboration site. You can go on a circle and see everything for the top 4S Community. Right? And so we put out several surveys, cross two years. And yes, they all have cute little name. Centauri us92 was a Sinister Seven, Treasures, 12, and most recently, the egregious 11. So that's part of a survey that we put out there and we send it out to Cloud participants and we say hey, what do you see as the biggest risk too? Well to Cloud security and so we get those, you see that beat. The case studies will talk about that a little bit more than two of those that we

published. And then that's a cloud penetration testing play, Brooke, Playbook. That is something that would have caught the Capital One. Breach. You do all great research. Most recently. We've been working on something that is cloud rap modeling as fact, and then there's something about a deeper dive a partnership. We have enough time. I'll try to cover off on a little bit. Do all of this when we get into this Cloud controls Matrix, basically a matrix of controls for the cloud and this is one of the bigger products to see

if you see their 17 domains for their Cloud controls Matrix version 4.0 that came out, and I want to say maybe three months ago and so fresh hot off the press. You see, on the right hand side there to the application and interface security. I believe it's seven. And that particular domain that particular control you start getting into us, some of the aspects of a threat modeling and where you would put those into your organization and where you would control for those within a cloud environment. Do they mention the

top threats working group? Well, we put together a fun little fun. Little paper here. Cloud Print modeling anybody that can call out what that is. On the on the side. There will get some definite Kudos from us. Phillies far as the mood to Cloud Ghost with got a shared responsibilities, right? And this is the real proposition Deanna. The Crux comes down to this. Is it possible to allow developers to develop, right? They don't have to worry about which cloud service providers cheapest. They don't have to worry about Siesta

Key lock in. I don't have to worry about any of those aspects. Is it possible just to allow them to go do their thing and security team, and the governance risk and compliance team will take care of all of the security protections. Write all of the controls that are necessary. Is that a possibility? If they want to put it into a seizure or a tab? USB wanted to put it on and do an eye as or to us as doesn't matter. It's just taken care of. That's the ultimate goal cannot happen. We'll see what we laid out a methodology there. You see those four steps to do

what they do. And so part of this came out what we started looking at this threat modeling, came up with a sidecar figure out what kind of controls, what kind of threats, what kind of vulnerabilities we should be looking at how we can describe them, how we can convey that information quickly. So that you can use this technique, like, what Randall laid out in the in the previous section and so old that home alone, you know, he talked about the vulnerabilities. He

talked about the other threats in the counter bactrim Sprite. While those would go back into the controls. We know the impact. Going to hold, they get in, they steal everything and they they they hurt Kevin. So. All right, as far as the clip, the front modeling cards go. We put quite a bit of time into this but we didn't want to just find everything. Right. The whole idea is there's a lot of extra work out there, you know, you got stuff that came out of Miss, Randall mentioned miter a little earlier. You got there CBD in their attack framework. Carnegie Mellon is done quite a

bit of good work in this and other products from the security line. Their ccak, which is an auditor knowledge serve another if there's any identification and a method of using lo and behold some of the other top Tres, working group materials to help you thread modeling. And so, all of this started with, with our deep dive, which in a losing effort, to better quantify, you need better Express, the, the risk that were associated. We were coming up with, in the,

in the surveys. What, how do we show what that really is in a, in a true threat, vulnerability matter, right? Breast has a very real work out of real definition. And, you know, wasn't being issues by properly in the top, Brett working group or team knew that that was the case. And really wanted to figure out how to do how to clean that up. So, Here, you've got this Dow Jones case. You got a w s. I I said you can have whichever service provider it is we can still threaten model against it. We having a last

search database. Okay. Well, those are aspects that we're going to look into if I were to go take care of that. You don't do a Shonen search and take a take a look at a couple of products that are out there lo and behold. Hey, I can find a couple of servers that are in Amazon. These are both in the US and start modeling. Start coming up with assets and descriptions that go along with them. Both of them had that same elasticsearch capability ones built on maybe a separate image, right on AWS. Where's

the other is a self-managed elasticsearch. Maybe it's an image to comes from the the vendor write. These are all things that go by. back into the overall threats that are that are Potentially successful against the systems because their vulnerabilities it will be Associated specific to this again. We are developers to develop. We don't want them to have to worry about the asset. We don't want them to have to worry about the vulnerabilities to go with each one, right? So at that point, we can start looking at, you know, these

assets. What's the Providence? What's the pedigree? Where do they come from? Who owns them? Who puts them together? What do we have to worry about within each one of these assets within each one of these systems within each one of these cloud service providers. So we we we look at things like a connected versus just connected systems. If I have an express route or a direct connect back into my new structure right back into my corporate data center because I am running some sort of hybrid cloud. That's going to

have a different set of controls that I need to put in place in order to keep my overall security posture for for risks and general, right? I hear we've got a couple of examples of drill and you've got the host of The Last research and corporate image that we're looking at. So, a Sazon and I has an infant will start considering these against vulnerability, and these vulnerabilities are going to be well, across them. Some of them are going to be very specific to a very specific service provider, right? I haven't missed integration to goes in and will affect us as a pass in the

engine. I asked and tastic with some of them are only going to be appropriate for such as environment and I can start marrying. I was up against the assets that I have. Eventually, I'm going to come up with a couple of examples. Here's a s p, i r and maybe they aren't appropriate, right? We we see the guy in the middle there that I has isn't going to work against the pass environment. So from that standpoint, we can start whittling down which of these vulnerabilities we need to worry

about. One of the things that we've noticed that we noticed in creating this document in creating this threat modeling guide, right? We never sit there were some issues as far as the naming convention so that threat modeling consistency. We were able to use you know, as far as the assets go. As far as the vulnerabilities go now, there's been a lot of great work against those other pieces control. She got to see CM, you've got missed, you got International standards, organization know, all of them are out there. They Define all of this in our past documents,

downloading, bad code, for social engineering, vs. Business, email, compromised brought, none of those have any sort of consistency. So what we put a little bit of time and effort in and it was dead. All right, look, here's something that we could put together, you know, you define a type in actor, some sort of verb and an object and then what is going to result in. And so, this is something that it will propose in going forward in the Future top threats working. Now, working group activities and output will actually be coming up with another

survey here coming out. Now will replace the egregious, 11, moving. From from that. You see, a couple of examples on the right there, malicious spot in jacksepticeye. Well, code and a password for each right going back. We can start cataloging this overall list of threats and move forward from there. So with that. Again, any questions, please feel free to include those in the chat with will definitely be answering those as quickly as possible. And Randall, if you will bring it home

and tell everyone what they can do next. All right. So over the next week, 1 and really think about what we've said here. With respect to threat modeling, pick a system, pick something that you're going to be moving to the cloud. However, you're going to be, do it be doing that. You're moving to a cloud service, provider start to really think about how my I go about you know, praying to thread model. Think about which one would text you and protect you from and how likely will you need to protect it? Do it in the first three months, following his presentation

that there's a very nice layout of next steps. And hopefully if you guys are already involved with y'all, with the CSA, or you are familiar with that cloud controls Matrix, go ahead and see if you can start utilizing that to create some litigations against the spread. And I definitely think about as you get into six months further, down the road, as you thought about those medications thought about your threat models, go back and validate that for a model. Make sure it's still valid. It's still current with what's going on today. And last but not least

looked up that the top Tres working group. We're putting out a lot of a lot of good work on the lot of research. You see that 2020-2021 survey that'll be coming out by black-headed this year. At least estimated. I would expect that, that will that will become the next, whatever the replacement is for the egregious 11. We're also looking at a game of Game of Thrones station of the threat modeling show. How do you can quantify, how you can put some score cards together and in the lawsuit, be a. Another Deep dive that comes out as well as some additional, maybe even deeper, or

like Marianas Trench Who is that? We definitely appreciate your time. It's been an absolute pleasure. And if you have any more questions, please feel free to reach out to us. And if not happy that you are, you, you attended our session. And we look forward to meeting you in the future. Hopefully in and meet stay strapped. I think you're thanks again.

Cackle comments for the website

Buy this talk

Access to the talk “Cloud Threat Modeling - from Architecture Design to Application Development”
Available
In cart
Free
Free
Free
Free
Free
Free
Free
Free

Ticket

Get access to all videos “RSAC 2021”
Available
In cart
Free
Free
Free
Free
Free
Free
Free
Free
Ticket

Similar talks

Nathaniel Quist
Senior Threat Researcher at Palo Alto Networks
Available
In cart
Free
Free
Free
Free
Free
Free
Free
Free
Available
In cart
Free
Free
Free
Free
Free
Free
Free
Free
Susam Pal
Senior Architect at Walmart Labs
Available
In cart
Free
Free
Free
Free
Free
Free
Free
Free
Available
In cart
Free
Free
Free
Free
Free
Free
Free
Free
Glauco Sampaio
Information Security at Cielo
Available
In cart
Free
Free
Free
Free
Free
Free
Free
Free
Available
In cart
Free
Free
Free
Free
Free
Free
Free
Free

Buy this video

Video

Access to the talk “Cloud Threat Modeling - from Architecture Design to Application Development”
Available
In cart
Free
Free
Free
Free
Free
Free
Free
Free

Conference Cast

With ConferenceCast.tv, you get access to our library of the world's best conference talks.

Conference Cast
816 conferences
32658 speakers
12329 hours of content
Randall Brooks
Jon-Michael C. Brook