IriusRisk launches infrastructure-as-code to enable automatic threat modeling of cloud-native designs

27 July 2022 - London: IriusRisk has launched infrastructure-as-code (IaC) as part of its automated Threat Modeling Platform. IaC enables developers or operational teams to automatically manage and provision security architecture, doing away with the need to manually configure software-defined infrastructure.

This latest version of the IriusRisk Threat Modeling platform is designed to make it easier than ever for teams to generate threat models for cloud architectures. Customers can generate a threat model from an infrastructure-as-code (IaC) descriptor from cloud orchestration tools, such as AWS CloudFormation and HashiCorp Terraform, as well as from diagramming tools such as Microsoft Visio, while also containing the applicable threats and prescriptive security controls.

These recent updates mean that customers can create a completely automated end-to-end process from cloud-native designs. This single-step action to create a threat model with built-in, actionable, countermeasures makes threat modeling far easier and more scalable than ever before. If an organization uses AWS CloudFormation or HashiCorp Terraform, it can generate threat models automatically within IriusRisk by using infrastructure-as-code.

IaC is enhanced by IriusRisk’s scoring system, which significantly reduces development teams’ workloads by providing a prioritized list of countermeasures and guidance on implementation. By offering a consolidated view of the application risk landscape, the IriusRisk Threat Modeling Platform empowers non-security experts such as Cloud and DevOps engineers to evaluate the security of their designs.

CEO and co-founder of IriusRisk Stephen de Vries said: “Infrastructure-as-code is a vital next step in our drive to continue pushing the boundaries of threat modeling and our mission to make it easier than ever to implement in more environments, and at scale. IaC makes further automation possible and will help to put threat modeling into the hands of more non-security people”.

In addition to adding infrastructure-as-code capability, the new version features several UX updates including an improved home dashboard, more intuitive project management, and clearer reporting including Compliance Reports. Within the Advanced Analytics module, it is now possible to access the module with the same user logged in IriusRisk by configuring an SSO authentication token.

About IriusRisk

IriusRisk is the industry's leading threat modeling and secure design solution in Application Security. With enterprise clients including Fortune 500 banks, payments, and technology providers, it empowers security and development teams to ensure applications have security built-in from the start - using its powerful threat modeling platform.

Whether teams are implementing threat modeling from scratch, or scaling up their existing operations, the IriusRisk approach results in improved speed-to-market, collaboration across security and development teams, and the avoidance of costly security flaws.

For updates, follow IriusRisk on Twitter and LinkedIn.

‍