What is the PASTA Threat Model?

What is the PASTA Threat Model?

PASTA threat modeling determines the impact and probability values of threats and vulnerabilities. It is critical for managing risks associated with the threat model and having a strong cybersecurity program. PASTA (Process for Attack Simulation and Threat Analysis) is a risk-centric methodology that recognizes the significance of probability (likelihood) and introduces the concept of probability as a coefficient. This coefficient is quantifiable, allowing organizations to prioritize their security efforts effectively.  

One of the primary strengths of using PASTA Threat Modeling is its practicality. Other threat modeling methodologies can be intricate and time-consuming, but PASTA offers a structured and systematic framework that is straightforward to implement. This makes it an invaluable resource for organizations of all sizes and varying levels of security expertise.

PASTA Threat Modeling also stands out due to its focus on real-world attack scenarios. It enables organizations to gain valuable insights into the weaknesses and vulnerabilities of their systems by simulating potential attacks and analyzing the threats associated with them. This information is crucial for prioritizing security efforts and allocating resources effectively.


Beyond Compliance, FUD, and into Impact & Probability-led Risk Conversations  

It is important to differentiate between impact and likelihood when assessing threats. While PASTA leverages the Rr = Tp x Vp x I / C x E formula (*formula explained below) inspired by military and financial models, we must note that impact and likelihood have separate calculations.  

  • Impact refers to the potential consequences or harm from a cybersecurity threat. It assesses the severity of the damage that could occur if the threat occurs. This includes financial loss, reputational damage, data breaches, operational disruptions, and legal consequences. 
  • Probability, however, focuses on the likelihood or chance of a cybersecurity threat occurring. It assesses the probability of the threat being successful or the vulnerability being exploited.

While impact and probability are distinct concepts, they are interrelated in assessing threats in cybersecurity. A high-impact threat with a low probability may still require attention and mitigation because the potential consequences are severe. Conversely, a low-impact threat with a high probability may also demand action due to its frequent occurrence or possible cumulative effect.  

As a security professional, the focus must be on substantiating threat claims and providing executives with a quantifiable information chain. Fear-mongering is ineffective; executives expect security personnel to present well-supported threat claims.

The PASTA Threat Model: Probability as a Coefficient to Threat

One of the critical aspects of threat modeling is assessing the probability of a threat being manifested. The PASTA methodology introduces the concept of probability as a coefficient tied to the probability that the threat objective can be successfully realized via the introduction of a successful exploit. This threat likelihood can be substantiated through various offensive/ adversarial tests that exemplify the feasibility of a given attack supporting a threat in an attack tree. Probabilities can be depicted on the branches that point from the vulnerability node and associated attack pattern nodes on the tree.   

The key to success begins with substantiating threat claims. Firstly, analyzing threat data in your SIEM (Security Information and Event Management) and SOAR (Security Orchestration, Automation, and Response) systems can provide insights into specific events or incidents that align with the threat motive in your threat library: the more instances supporting a particular threat, the higher the coefficient value assigned to it.

Secondly, incorporating threat intelligence into the analysis allows you to operationalize the intel by correlating it with patterns that support the threat motive in your threat library. You can further enhance the coefficient value by examining exploits in the wild, observables, campaigns, and Indicators of Compromise (IoCs).  

Probability as a Coefficient to Vulnerability in the PASTA Threat Model  

Assessing the probability of a vulnerability being discovered is equally crucial in threat modeling.  Not all vulnerabilities can be discovered by a possible threat actor based on the affected node, the attack path, and other conditions.  The PASTA methodology suggests considering several factors in this evaluation:   

  1. Analyzing the accessible attack vector to a threat actor while considering threat attribution can help gauge the likelihood of exploitation.  
  1. It is essential to determine whether the observed vulnerability, Common Vulnerabilities and Exposures (CVE), or Common Weakness Enumeration (CWE) has a known exploit associated with it. Contrary to popular belief, most CVEs do not have exploit code available. 
  1. Evaluating whether the vulnerability or weakness is exploitable via adversarial testing in Stage 6 of PASTA can provide valuable insights.  

Why is assessing probability important?  

By integrating probability as a coefficient into threat modeling and vulnerability assessment, organizations can make informed decisions, prioritize their security efforts, and effectively manage risk. The PASTA methodology offers a structured and comprehensive approach that aligns with executive expectations and enables security professionals to present well-supported threat claims. 

The PASTA methodology provides a practical approach to threat modeling, emphasizing the substantiation of threat claims and considering the unique characteristics of each application. Download a FREE PASTA eBook. 


Dissecting the Risk Formula Referenced by PASTA 

Formula Rr = Tp x Vp x I / C x E best illustrates the coefficient use of probability (vulnerability, attack) in threat modeling. 

Rr – residual risk; 

Tp – threat/attack probability; 

Vp – vulnerability probability; 

I – impact; 

C – countermeasures; 

E – exposure factor; 

Let’s break down the formula: 

  • · Tp represents the threat probability, which refers to the likelihood of a specific threat or attack occurring. It is usually measured on a scale from 0 to 1, where 0 indicates no probability and 1 indicates a certainty of occurrence. 
  • · Vp represents the vulnerability probability, which denotes the likelihood of an attacker exploiting a vulnerability. Similarly, it is measured on a scale from 0 to 1, where 0 indicates no vulnerability and 1 indicates a high probability of successful exploitation. 
  • · I stands for the impact, which measures the potential consequences or damage caused by a successful attack. It can be subjective but often quantified based on factors such as financial loss, data compromise, system downtime, reputation damage, etc. 
  • · C represents the countermeasure effectiveness, which signifies the degree to which existing security measures and controls mitigate the risks. Measured on a scale from 0 to 1, where 0 indicates no effectiveness and 1 indicates complete risk mitigation. 
  • · E represents the exposure factor, which considers the extent to which potential attacks can affect the system or network. It considers factors such as the system’s visibility, accessibility, and potential entry points for attackers. 

By multiplying the threat probability (Tp), vulnerability probability (Vp), and impact (I) together and then dividing it by the countermeasure effectiveness (C) and exposure factor (E), we obtain the risk rating (Rr). The higher the risk rating, the greater the overall risk associated with the analyzed system or network.

impact and probability values in risk-centric threat modeling. Dissecting the risk formula by PASTA

This helps to provide a simple yet effective quantitative angle to assessing cybersecurity risks by incorporating multiple factors and assigning them numerical values. It allows organizations to prioritize security efforts and allocate resources effectively to mitigate the most significant risks. In the end, this is the mission of PASTA as the only risk-centric approach to threat modeling – to contextualize and substantiate risks by qualifying the variables in the risk equation.   

Benefits of the PASTA Threat Model

The PASTA Threat Modeling Framework brings numerous benefits to organizations seeking to bolster their security practices. By implementing this framework, businesses can experience enhanced identification and prioritization of threats, improved collaboration between development and security teams, and seamless integration of threat modeling into the software development lifecycle.

A notable benefit of the PASTA Threat Modeling framework is its ability to aid organizations in identifying and prioritizing threats more effectively. With its systematic process, PASTA enables businesses to thoroughly analyze their software and identify potential vulnerabilities and weaknesses. By understanding these threats in detail, organizations can allocate their resources more efficiently and focus on mitigating the most critical risks.

Additionally, the PASTA framework encourages enhanced collaboration between development and security teams. By involving both teams in the threat modeling process, PASTA promotes open communication and knowledge sharing. This collaboration ensures that security concerns are addressed early in the software development lifecycle, reducing the likelihood of security flaws being introduced during the coding and implementation stages.

Lastly, PASTA facilitates the integration of threat modeling into the software development lifecycle. By incorporating threat modeling into each phase of the development process, organizations can proactively address security concerns and design more secure software from the outset. This integration helps to establish a culture of security within the organization and ensures that security considerations are given due importance throughout the entire software development lifecycle.

For more information on how threat modeling can benefit your organization, get in touch with the cybersecurity professionals at VerSprite.

Contact VerSprite today to protect your business’s most important assets and your clients.

PASTA Threat Modeling eBook - Risk-Based Threat Modeling

To learn more about risk-centric threat modeling, download our free PASTA methodology eBook.