Threat Modeling: MITRE to STRIDE & Beyond

threat modeling

Updated April 16, 2025

Today, we will embark on an enlightening journey through the world of threat modeling. We’ll be taking a closer look at some of the big names in this arena – MITRE, PASTA, STRIDE, and others.

By the end of this exploration, you’ll have a clearer understanding of these methodologies and how they can fortify your digital defenses.

What is Threat Modeling, Anyway?

At its core, threat modeling is a proactive, strategic process for identifying, evaluating, and addressing potential cybersecurity threats before they can be exploited. Think of it as anticipating your opponent’s moves in a high-stakes chess game—but instead of pawns and queens, you’re defending patient data, device integrity, and system functionality. Threat modeling helps organizations prioritize risks and design more secure medical devices from the ground up by systematically analyzing how an attacker might compromise a system.

The Heavyweights of Threat Modeling

MITRE ATT&CK Framework: The Encyclopedia of Cyber Threats

What is it?

The MITRE ATT&CK® framework is a globally recognized knowledge base of adversary behaviors, detailing the tactics, techniques, and procedures (TTPs) used in real-world cyberattacks. Structured around the attack lifecycle, it helps organizations understand how threats operate, identify security gaps, and strengthen defenses. Think of it as a strategic playbook for anticipating, detecting, and responding to sophisticated cyber threats—essential for risk modeling, penetration testing, and regulatory preparedness in the medical device space.

The Pros:

  • Extensive Coverage: It covers many attack vectors, from phishing to advanced persistent threats.
  • Real-World Insights: The framework is built on real-world observations, making it incredibly relevant and practical.
  • Community Contributions: Cybersecurity experts worldwide contribute to its ever-evolving nature.

The Cons:

  • Complexity Overload: For beginners, diving into MITRE can feel like drinking from a firehose.
  • Generic at Times: Sometimes, the information is too broad and lacks specific context for certain businesses.

Real-World Example: 

Consider a medical device manufacturer assessing the cybersecurity posture of a connected insulin pump. The security team uses the MITRE ATT&CK framework to identify a potential tactic: “Remote Access Tools” (RATs) that could allow attackers to manipulate device behavior through compromised update channels. They also spot “Credential Dumping” as a relevant technique, which could expose authentication data stored in a hospital’s network. Armed with this knowledge, the manufacturer implements stronger access controls, encrypts update mechanisms, and trains healthcare providers to detect phishing attempts—significantly reducing the device’s risk exposure.

STRIDE: The Software Guardian

What is it? STRIDE is a threat modeling framework developed by Microsoft that categorizes six key security threats: Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, and Elevation of Privilege. It’s specifically designed to help teams systematically identify and assess vulnerabilities in software-based systems, making it especially valuable for securing connected medical devices and digital health platforms.

The Pros:

  • User-Friendly: STRIDE offers a straightforward approach to identifying potential threats.
  • Software-Specific: It’s perfect for applications and software development security.

The Cons:

  • Limited Scope: It may not cover all the bases for an organization’s broader security needs.
  • Software Only: Less effective for non-software-related infrastructures like networks or hardware.

Real-World Example:

A mobile health app developer uses the STRIDE framework to assess their app’s security posture. During the review, they identified risks such as Information Disclosure, where sensitive patient data could be exposed through insecure data storage, and the Elevation of Privilege, where flaws in access controls might allow users to gain unauthorized administrative access. By mapping threats to each STRIDE category, the team can proactively address vulnerabilities and strengthen the app’s overall security before release, supporting patient safety and HIPAA compliance.

PASTA: The Custom-Made Suit of Threat Modeling

What is it?

PASTA (Process for Attack Simulation and Threat Analysis) is a seven-stage, risk-driven threat modeling framework designed to align cybersecurity efforts with an organization’s unique business objectives and technical landscape. Unlike generic approaches, PASTA provides a structured, end-to-end methodology that simulates realistic attack scenarios, helping organizations prioritize threats based on actual risk and build more resilient systems from the ground up.

The Pros:

  • Business Alignment: It ensures that the threat model aligns with what your business values.
  • Flexibility: PASTA can be tailored to various environments and threats.

The Cons:

  • Resource Hungry: PASTA requires significant time and expertise to implement correctly.
  • Not for the Faint-Hearted: It can be overkill for smaller organizations with limited cybersecurity resources.

Real-World Example:

A medical device manufacturer developing a connected cardiac monitor uses the PASTA framework to simulate a cyberattack targeting its remote telemetry feature. The team uncovers data transmission and authentication vulnerabilities by walking through each stage—from identifying potential threat actors to modeling attack vectors like man-in-the-middle exploits or firmware tampering. This risk-centric approach enables them to implement stronger encryption, access controls, and incident response protocols before the device hits the market, aligning cybersecurity with patient safety and regulatory expectations.

VAST: The Agile Protector

What is it? VAST (Visual, Agile, and Simple Threat) is a scalable threat modeling methodology built to integrate cybersecurity into Agile development workflows seamlessly. Designed for large, decentralized organizations and complex system architectures, VAST emphasizes automation, visual modeling, and collaboration across development and security teams. Its goal is to make threat modeling practical and repeatable—supporting secure-by-design principles at scale without disrupting development velocity.

The Pros:

  • Agile Compatible: Seamlessly integrates with Agile development practices.
  • Scalable: Ideal for large-scale enterprises with complex systems.

The Cons:

  • Requires Full Integration: It must be woven into your development lifecycle to be effective.
  • Complexity for Smaller Teams: It might be too intricate for smaller projects or teams.

Real-World Example:

A multinational medical device company implements the VAST methodology to ensure consistent, security-first development across its global R&D teams. Each regional department—whether in North America, Europe, or Asia—integrates VAST into its Agile workflows, using visual models and automated tools to tailor threat assessments to the unique risks of each device or software platform. This approach enables the company to scale threat modeling efficiently, maintain regulatory alignment, and embed cybersecurity into every stage of product development, regardless of geographic or project complexity.

The Showdown: Comparing Threat Modeling Frameworks

Choosing the right threat modeling methodology is critical for building secure, compliant medical devices and health IT systems. Whether preparing an FDA submission, scaling Agile development, or managing enterprise cybersecurity, your framework should align with your technical architecture and business goals.

Here’s how the four leading models—MITRE ATT&CK, STRIDE, PASTA, and VAST—compare across key criteria:

Scope and Application

  • MITRE ATT&CK is a comprehensive knowledge base of adversary behaviors, offering deep insights into tactics, techniques, and procedures (TTPs). It’s widely used for threat detection, threat hunting, and incident response across various environments.

  • STRIDE focuses on software-based threats, categorizing six key threat types (Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, and Elevation of Privilege). It’s well-suited for securing application layers and embedded systems.

  • PASTA provides a risk-centric, attacker-perspective methodology, simulating real-world cyberattacks through seven structured stages. It’s designed to align threat modeling with business impact and technical reality.

  • VAST is built for large, Agile-driven organizations. It enables scalable, visual threat modeling integrated directly into DevOps and CI/CD pipelines.

Ease of Use and Accessibility

  • MITRE ATT&CK is detailed and powerful but can be overwhelming for those without deep cybersecurity experience.

  • STRIDE is straightforward and accessible, especially for developers and security engineers working on software-heavy systems.

  • PASTA and VAST require more upfront investment in planning and expertise, making them better suited for mature teams with dedicated security resources.

Flexibility and Customization

  • MITRE ATT&CK offers modular adaptability, supporting a wide range of use cases from penetration testing to threat intelligence.

  • PASTA and VAST are highly customizable, allowing teams to tailor the threat modeling process to match organizational structure, regulatory context, and system complexity.

  • STRIDE is more structured and prescriptive, effective for software threat identification but less flexible for broader, system-level risk modeling.

Target Audience

  • MITRE ATT&CK and PASTA are best leveraged by mature organizations with experienced security teams capable of applying complex threat data to enterprise and product-level decisions.

  • STRIDE is particularly effective for software developers, medical device manufacturers, and product security teams. It is also the preferred methodology by the FDA for its structured approach to identifying and documenting threats—making it a strong choice for premarket submissions and regulatory compliance.

  • VAST is ideal for large-scale Agile and DevOps environments, offering an enterprise-ready solution that facilitates continuous, scalable threat modeling across teams and projects.

Conclusion

Selecting the right threat modeling approach hinges on your organization’s size, objectives, and specific security concerns. Understanding and implementing these models can significantly bolster your cyber defenses, whether you’re a burgeoning startup or a sprawling enterprise.

Stay tuned for more insights, and don’t forget to swing by our other blog posts at Blue Goat Cyber for a treasure trove of cybersecurity knowledge. Until next time, stay safe and stay savvy in the digital world!

Need help with cybersecurity? Contact us.

Threat Model FAQs

Threat modeling helps organizations proactively identify, evaluate, and mitigate cybersecurity risks in the design and deployment of medical devices. It supports secure product development, FDA premarket submissions, and ongoing risk management.

MITRE ATT&CK is a detailed repository of real-world adversary tactics and techniques. It’s primarily used for threat detection, red teaming, and incident response, helping organizations understand how attackers operate and how to defend against them.

STRIDE is a structured threat modeling framework that maps specific types of threats to software systems. Its simplicity, clarity, and alignment with regulatory expectations make it a preferred methodology for FDA cybersecurity documentation in premarket submissions.

PASTA (Process for Attack Simulation and Threat Analysis) is risk-driven and focuses on simulating realistic attack scenarios to understand business impact. Unlike STRIDE, which is software-centric, PASTA takes a broader, attacker-perspective approach and aligns threat modeling with organizational goals.

VAST (Visual, Agile, and Simple Threat) is designed for scalability across large, decentralized teams. It integrates seamlessly into Agile and DevOps workflows, using automation and visual tools to make threat modeling repeatable and accessible across departments.

STRIDE is typically the best fit for smaller teams or early-stage startups due to its simplicity and ease of implementation, especially for applications and embedded device software.

Yes. Organizations often combine elements from multiple frameworks. For example, MITRE ATT&CK may be used for threat intelligence, STRIDE for software-level design, and PASTA for business risk alignment—all within the same product lifecycle.

Each model helps identify and document cybersecurity risks, a key requirement for FDA and EU MDR submissions. STRIDE and PASTA are especially effective in producing clear threat modeling outputs for regulators, while MITRE ATT&CK supports postmarket vigilance and incident preparedness.

VAST is tailored for Agile and DevOps settings, enabling teams to integrate threat modeling into their sprints and CI/CD pipelines. It scales efficiently across distributed teams and aligns well with modern development practices.

Blue Goat Cyber offers expert guidance in selecting the right threat modeling methodology based on your product, team structure, and regulatory needs. From STRIDE-based FDA prep to enterprise-wide PASTA or VAST implementation, we help you build secure-by-design systems that meet today’s cybersecurity demands.

Blog Search

Social Media