Threat Modelling

Threat Modeling: Think Like an Attacker, Defend Like a Pro

What is Threat Modeling?

Threat modeling is the process of identifying assets, analyzing the vulnerabilities associated with those assets, and building strategies to prevent or reduce the impact of threats.

It’s typically done from three key perspectives:

1. Attacker’s POV : thinking like a hacker to anticipate their moves.

2. Infrastructure & Organization POV:analyzing how systems are structured and secured.

3. General Overview :covering assets, attacker motivation, and potential risks.

Logs Tell a Story: IOC vs IOA

When analyzing logs from firewalls and other perimeter devices, defenders may spot:

IOC (Indicator of Compromise):

This means something already went wrong. A breach or negative impact has likely occurred.

Ex Malware signatures, file hashes, IP addresses from known malicious sources.

IOA (Indicator of Attack):

This is proactive. It points to suspicious behavior that may lead to an attack—before the damage is done.

Think of it as digital “early warning signals.”

E.g., Unusual user behavior, odd traffic patterns, repeated login attempts.

\> Pro tip: Security teams aim to detect IOAs rather than waiting for IOCs. Prevention > Reaction.

Firewalls + Cloud = Dynamic Defense

Traditional infrastructure often isn’t powerful enough to stop modern attacks alone. Here’s where cloud-based threat intelligence comes in:

Cloud vendors like Cisco and Palo Alto provide real-time threat feeds.

These feeds constantly update firewalls and perimeter devices.

When a suspicious IP or server is detected trying to breach a system, cloud intelligence helps block it before it causes harm.

Why Threat Intelligence Matters

Threat intelligence:

Keeps systems up to date against the latest cyber threats.

Strengthens perimeter devices.

Enables organizations to stay a step ahead of attackers.