Scroll to discover
See a Demo
Skip to content

3-step threat modeling using infrastructure as code

Automatically draw diagrams in IriusRisk - just add code. 


Schedule a demo

3-steps to secure your cloud applications


1. Use your existing Infrastructure as Code

2. Import your Terraform, CloudFormation or Visio IaC file to IriusRisk, apply architectural security policies centrally and generate a complete threat model, including controls

3. Use your issue trackers to manage and report on your architectural security issues and threat mitigations


Download Solution Brief
3 Step Diagram (Positive) (2)

Just add code 


Our platform allows cloud native designs to be automatically analyzed from a security perspective without having to manually draw the architecture diagram. IriusRisk generates a threat model from an Infrastructure as Code (IaC) descriptor, such as AWS CloudFormation and HashiCorp Terraform, and this model will contain the applicable threats and prescriptive security controls. IriusRisk can also import diagramming tools such as Microsoft Visio. The IaC code provides an excellent opportunity to answer the first question of Shostack’s approach for threat modeling in an automatic way: "what are you building?". After the IaC code is imported into ACSDA, we can take advantage of the rules engine to automatically see the main threats related to that architecture.

Get an automated

end-to-end process with actionable controls in a single step

Non-security experts can evaluate the security of their cloud design with speed and ease

Developer-centric tool with a consolidated view of the application risk landscape

SDLC Process 3

Automated end-to-end process 


A completely automated end to end process from cloud native design in an IaC format, to a threat model with actionable countermeasures in a single step. The IriusRisk's scoring system will take into account not only the technical impact of compromise, but also the value of the assets at risk. This way, the development team can obtain a prioritized list of countermeasures with the necessary guidance to implement them effectively.


Evaluate the security of cloud designs 


It allows non-security experts such as Cloud and DevOps engineers to evaluate the security of their cloud design quickly and easily. Where security issues are identified, the contextual risk scoring feature will allow those engineers to make informed decisions about whether their design meets their organizations security requirements. These decisions can even be automated if they are included as gates in the automated deployment process. IriusRisk will offer a consolidated view of the application risk landscape. 

Cloud architectures 3
Lack of integration 3

Developer-centricity at the heart 

We want IriusRisk to be a developer-centric security tool that could help to redefine security as another quality attribute for good software. In order to accomplish this, IriusRisk uses an API interface to directly parse the IaC file descriptors and download the complete threat model without having to use the IriusRisk user interface. This way, IriusRisk will be able to be adapted to any CI/CD environment or even integrate it with the tools that developers use in their day to day work to create the IaC architectures. 

Terraform Guide
CloudFormation Guide

Schedule your demo

Arrange your own demo and see for yourself how our threat modeling platform can benefit your organization.

Schedule a demo