Reliable threat modeling for operational technology

Spot and fix architectural security flaws in your operational technology infrastructure before you build, while adhering to compliance requirements. Enter IriusRisk’s automated, scalable and intuitive threat modeling platform.

Got your attention? Let's learn some more...

MITRE EMB3D™  

We have added this content into our tool, it is mapped to IEC62443, and includes the 3 different mitigation levels: Foundational, Intermediate, and Leading. MITRE EMB3D™ is a threat model designed specifically for embedded devices, mapping known cyber threats to device features and proposing mitigations that can protect these systems from exploitation. Learn more about EMB3D and how we utilize it in IriusRisk.

IEC/ANSI 62443

Industrial Control Systems and their operational technology assets remain a prime target for persistent attacks - particularly those deemed as Critical National Infrastructure (CNI). These critical, high-risk systems have unique security requirements to prevent compromise - but how do you identify these?

See an example on how IriusRisk can be used to quickly and easily determine what the specific countermeasures for a given Security Level should be; and how to move a component from one SL to another and see the corresponding changes to the countermeasures required.

MITRE ATT&CK for Industrial Control Systems

The ATT&CK Matrix for Enterprise is already available in IriusRisk. It provides threats (mapped from techniques and sub-techniques), mitigations, and even data sources and detections. Meaning you can be sure that your threat model includes these techniques and considerations.

German Transport Company shifts left by partnering with IriusRisk

They were able to automate a repeatable threat modeling rollout plan. Some key benefits included ‘It enabled them to create attack scenarios that had never been thought of before to make products better. There has also been interest in using the Infrastructure as Code (IaC) descriptors and future issue tracker integration to further scale and speed up the outputs.’