This represents the biggest release of IriusRisk and is focused on providing a diagram centric view, greater ease of use, speed and complete automation of the threat modeling process through enhanced API capabilities.
One of the most requested features was a visual method to swiftly select and place architectural components on a diagram and define the data flows between them as demonstrated in this video:
One of the core philosophies of IriusRisk is it’s customizability. The flexible rules engine is still a key element in version 2.0, and this has been augmented with a simple method to define Custom components and assign risk patterns to them. This vastly speeds up the process of defining custom components:
What’s more is that custom components can be defined externally in our open library format and uploaded via the API!
Our security architects are constantly researching and updating the IriusRisk knowledge-base and this release marks the arrival of two new regulatory standards; namely, NIST 800-53 and ISO 27002 as well as a re-working of the OWASP ASVS and Mobile ASVS content.
Automation is key to scaling secure design processes and IriusRisk 2.0 now includes additional API calls to both define an architecture and execute the rules engine, so that threat models can be created without having to use the UI. The complete APIdefinition is available on SwaggerHub.
The IriusRisk documentation for 2.0 is available on the updated wiki.
Thanks to our customers’ feedback, the 2019 feature roadmap is also packed with exciting and innovative features and security content (IoT, HIPAA, Serverless, Kubernetes , IEC 62443 and much more). .
Why not be one of the fist to take a tour of IriusRisk 2.0 and request a demo today.
Here’s to a secure 2019!