A medical device company uses IriusRisk Threat Modeling to make its devices safer and more secure for its patients and users.

Download full case study

The company was already creating architecture diagrams for its products within Visio Diagrams. These diagrams became incredibly complex. The manufacturer needed to threat model a device using an automated threat modeling tool so that threats and countermeasures were also generated and acted upon. This would also enable them to obtain FDA (Food and Drug Administration) approval.

 

“There were big advantages to using IriusRisk. After building our diagrams and processes for the cloud we used a lot of predefined components within IriusRisk. We got lots of applicable threats and also the controls for mitigating the risk. We were used to threat modeling manually and debating the mitigations between the security engineers. So the big advantage is having the prioritized threats, the weaknesses and the suggested controls of that threat as part of the tool.”

Product Security Engineer

The outcomes...

Customization :The company was able to add its own unique hardware components, and custom rules to further improve the results of their threat model and associated risks.
Prioritized risks and controls: Being able to automate this output to see a list of risks and countermeasures has been a benefit in terms of time and resource.
Compliance supported: IriusRisk allowed processes and documentation to be provided to the FDA to obtain approval on the first device in this project that was threat modeled.
Download full case study