Product Update: IriusRisk Version 4 With Huge Improvements

Product Update: IriusRisk Version 4

We’re very excited to announce a brand new major version of IriusRisk!

• New User Interface improvements with clearer navigation, sections and options.
• Improved security for API tokens.
• New diagram styles that help users to identify IriusRisk mapped components. This comes with a migration assistant that allows you to convert any diagram to the new styles.
• A bunch of new countermeasures, plus we’ve added OWASP Juice Shop challenges references to the OWASP Top 10 countermeasures.
• New GCP, Azure, and AWS components

User interface improvements

We’ve laid the foundations for a new React based user interface, and have improved the main navigation within IriusRisk. The more flexible, intuitive front-end allows for quicker access to and easier grouping of functional elements of the IriusRisk platform – which speeds up the process of creating and assessing threat models. New user profiles also allow developers and security personnel to more easily manage their details within the platform. Plus the API token management which is now available under the user profile and includes security improvements.

New diagram styles

Improved diagram styling reduces the visual load for the user, increases the consistency of visual information, and has improved accessibility and support for users with visual impairments. This helps teams to better identify the relationship between components in a diagram, quickly identify the important information, and ultimately derive more actionable insights from visualizations in the platform.

Advanced Analytics

A new embedded analytics and reporting system offers the power and flexibility of external Business Intelligence tools inside IriusRisk. The ability to automatically generate reports on-demand across the entire IriusRisk dataset also enables teams to better present the ROI and progress of threat modeling to senior leadership.

• Gain actionable insights into threat model data and real-time editable dashboards
• Use ‘out-of-the-box’ visualizations or create your own using Javascript, HTML and CSS
• On-demand automated scheduled reporting
• API access to threat model data for integration with sources such as Elastic, Apache Hive, Snowflake, Salesforce and many more

New security content

We have included 19 new countermeasures across the CS-Default and AWS libraries. We have also removed support for ASVS v3 in favour of the current version is is v4. The impact of this change is explained in the following support article:  Removing the ASVSv3 Standard Support in v4.0.0.

Countermeasures across the IriusRisk default libraries that are relevant to the OWASP Top 10 now include references to the OWASP Juice Shop challenges. OWASP Juice Shop is a deliberately insecure web application and is used for educational purposes, and the new references allow developers to easily access security training resources related to the countermeasures they have to implement.

21 new Azure component

New Azure components include:

• Microsoft Azure VPN Gateway
• Microsoft Azure Container Registry
• Microsoft Azure Container Instances
• Microsoft Azure Event Grid
• and many more!

21 new AWS component

New AWS components include:

• AWS Organizations
• AWS Certificate Manager (ACM)
• AWS IoT Device Management
• AWS Network Firewall
• and many more!

Release Note

For the full set of changes and bug fixes, take a look at the release notes available here:   Release 4.0.0 - 22-11-2021

‍