The cyber supply chain is increasingly being used by attackers to gain access to†critical infrastructures,†healthcare providers, and†lucrative confidential data†at Fortune 1000 companies. The National Cyber Security Center in the UK and the National Institute of Standards and Technology in the US both cite the cyber supply chain as a significant source of cyber risk for organizations.
“An organization may have excellent security internally,” says†David Nester, Chief Security Officer of ThreatModeler Software, “but they have relatively little control over the security of their supply chain vendors.”
According to Nester, a stealthy attacker who infiltrates a supplier’s IT system can mask their approach to their target’s IT system as legitimate communication. “It is very difficult for event scanners and defensive tools to detect an attacker’s signal when coming from a trusted vendor’s connection,” continued Nester. “From the perspective of the scanner, the attacker looks like legitimate traffic.”
“Understanding the upstream threats and downstream impacts are crucial to forming an end-to-end security policy,” says Archie Agarwal, Founder and Chief Technical Architect of ThreatModeler. “That is why it is important to build your threat models with†process flow diagrams†(PFD) rather than data flow diagrams (DFD). DFDs only show how an application causes information to move through an IT system. PFDs show how a user – or an attacker – can and will move through a system from entry point to the targeted assets.”
ThreatModeler’s PFDs allow visualization, for example, of how an attacker could infiltrate a cloud computing instance with ransomware starting from a phishing attack at a satellite ground communications center. “Automated malware can spread from one connected system to another in a very short time,” continued Agarwal. “That’s how NotPeyta and WannaCry quickly became global threats. But if you don’t know what could be coming into your system through your trusted supply chain vendors, how can you allocate the proper mitigating resources?”
“ThreatModeler was specifically designed to provide real-time situational visibility into the cybersecurity ‘big-picture,'” says Mark Meyer, CRO of ThreatModeler. “The ability to understand and reduce risks from the cyber supply chain is something Fortune 1000 companies are increasingly seeking. ThreatModeler provides a scalable, enterprise-wide solution.”