Traditionally known threat modeling tools evaluate and compute results on static topologies of networks. Major configuration changes are required to evaluate any changes in design of networks which can be time consuming, incur cost and may not be able to capture essential security and privacy parameters. Networks are growing rapidly and enormous data exchanges are happening. Current approaches perform risk and threat analysis at deployment view only. There lacks a view for data scientists to assess information flow view.
The current approaches have a data mapping to systems and subsystems using metadata to perform static analysis. There lacks a systematic formal representation approach to solutions when a network spans and data grows larger. With the growing Internet of Things (IoT), heterogeneous protocols (such as CoAP, MQTT) are used to connect systems and to evaluate “Threat and Risk” of any such connected systems current tools lack impact due to different type of protocols used for communication.
Most of the analysis performed by conventional approaches show vulnerabilities and security measures at the deployment view only. Very few tools like Amenaza® offer only attack simulation analysis for a system with no co-relation of the impact between different layers of the system.
Traditional metrics including threat count, vulnerability count, mapping with high, medium and low, comparison with other organizations, and the like evaluate security paradigm, but from a business perspective; information translations are not done to analyze inter-layer impact.
Existing tools provide risk assessment with their own defined metrics for the overall network. User cannot have a risk estimation and visualization in a partitioned heterogeneous network.