Product Release 4.47 Featuring EU CRA and MAESTRO, plus Context Windows for Threats & Countermeasures

Overview

This release details many new features and improvements, including:

• Context Window for Threats & Countermeasures Details
• MAESTRO AI Framework
• EU Cyber Resilience Act Content
• Open PDFs and HTML within the UI
• And a lot more...

Take a look at the full information below, or go directly to the Release Notes here.

Reduction in Rules Engine Memory Usage 

The rules engine suffered from excessively high memory usage, leading to "OutOfMemoryErrors" and system instability. As a solution, we have reduced the Rules loaded from 40k to 3.3k. Rule operations like create, update, and delete are now up to 89% faster, and overall performance has improved thanks to protected metaspace limits.

Context Window for Threats and Countermeasures

Benefit: This improvement removes barriers to user adoption and makes investigation and follow-up processes faster, easier, and significantly more intuitive.

Challenge: Opening a threat or countermeasure detail used to take over the entire screen, losing context and making navigation frustrating. It wasn’t possible to jump from a threat to a countermeasure, or vice versa, slowing down workflows.

Solution: 

• The list stays visible in the background, preserving context.
• You can open a threat and a countermeasure detail window, side by side.
• Jump seamlessly between threats and their countermeasures.
• Resize and move windows for a personalised workspace.

‍Default User Role Configuration for Business Units

Benefits: This enhancement simplifies user onboarding, saves valuable time, and ensures consistency in role assignments across teams within Business Units.

Challenge: Manually assigning user roles in Business Units for each new user is a time-consuming and inefficient process, leading to inconsistent role assignments across teams.

Solution: The new "Default User Role Assignment" feature allows administrators to configure default roles for users within a Business Unit. These roles are automatically applied to new users added to that Business Unit.

Open PDF/HTML Reports Through the UI

Benefits: Reports can now be opened directly in HTML or PDF formats inside IriusRisk, so you no longer need to download.

Challenge: Previously users had to download and then switch to an external tool to view the PDF.

Solution: This improvement streamlines access, reduces context switching, and makes it faster and easier to validate and share report content within your workflow.

IriusRisk On-Premises Deployment with Jeff, ASH and RAG 

If you have a Cloud Azure Instance, and Gemini in Google Cloud Platform (GCP), we are pleased to now offer this. The main benefit is enabling organizations to deploy a fully functional, AI-enhanced threat modeling platform within their own infrastructure. This allows them to:

• Leverage advanced AI capabilities: Access AI-assisted analysis, recommendations, and knowledge retrieval through Jeff, RAG, and ASH.
• Maintain data control: Keep sensitive threat modeling data securely within their on-premises environment.
• Achieve secure and scalable deployment: Utilize isolated Docker networks and adhere to security best practices for API key management and network security.
• Streamline deployment: The detailed guide simplifies the complex deployment process, making it more manageable.

‍

Continuous Improvements

Success Notification After Updating Threat Models

When you update a threat model, you’ll now see a clear success message once the process finishes, even if you navigate away from the project in the meantime. This improvement removes uncertainty, keeps you informed about the update’s progress, and ensures you know the changes were applied correctly.

Simplified Questionnaire Sections

We’ve removed the duplicated section titles so that only the tab titles remain visible. This eliminates confusion, reduces visual clutter, and ensures a cleaner layout that maximizes space for questionnaire content.

Improved Standard Baseline Fields in Countermeasures

We’ve reordered the fields so users now select the Standard Baseline first, followed by its related Section, making the process clearer and more intuitive. To further improve usability, we’ve added informative tooltips explaining what each field means, so you can understand and apply sections more easily than before.

Consistent Naming for Trust Zones

We’ve standardized the terminology across the IriusRisk UI so this object is always referred to as “Trust Zone.” All variations such as trust zones, Trust zone, or TrustZone have been updated in the translations, notifications, and dialogs to ensure a consistent reference throughout the platform.

Clearer Invite to Project Message in Community

The “Invite to project” action now displays a more engaging and informative message: “Anyone with this link can access '{projectName}' and collaborate with you.” This makes it clear that sharing the link allows others to join the project, collaborate in real time, and model together, encouraging teamwork right from the start.

Questionnaire Panel Remains Open after Saving

When saving responses in a model or component questionnaire, the panel will now stay open instead of closing automatically. This lets you save progress in chunks, continue answering at your own pace, and close the questionnaire only when you decide, removing friction and keeping the experience consistent with the rest of the UI.

Component Details Show Category and Definition Name

The Component details window now displays both the component category and the original name from its definition. This way, even if you edit the component’s name in the diagram, you can still clearly see which specific component from which category is being used, making it easier to identify and manage elements in your model.

‍

Sorted Standards in Countermeasure Details

The list of Standard references in the countermeasure details view is now displayed in its own dedicated section and sorted alphabetically. This makes it much easier to scan, locate, and review specific Standards without confusion or unnecessary scrolling.

New Components and Standards

New Content

• New EU Cyber Resilience Act library with all the requirements from the CRA Annex II
• New MAESTRO framework library to implement the MAESTRO framework on AI components

New Security Standards 

• OWASP Top 10 for Agentic AI
• EU Cyber Resilience Act

New Components

Generic Components

• Apache Kafka MirrorMaker 2
• Call Center
• Git
• IBM MQ (Message Queue)
• IBM Sterling Secure File Transfer
• Solace Message Broker

Machine Learning Artificial Intelligence 

• Agent Memory Store
• AI-Driven Decision Engine
• AI Ethics Policy Enforcement
• AI Observability & Audit Layer
• AI Supply Chain Scanner
• AutoML Pipeline
• Autonomous Agent Node
• Content Moderation Layer
• Data Curation Pipeline
• Data Labeling System
• Databricks
• Dataset Provenance Tracker
• Edge Model Deployment Unit
• Feedback Loop Monitor
• GPU Job Scheduler
• Human Oversight Node
• Inference Gateway
• LLM Firewall
• Model Access Control Manager
• Model Fine-Tuning Service
• Model Governance Engine
• Output Confidence Score
• Output Validator
• Planning & Reasoning Engine
• Prompt Sanitizer

Microsoft Azure 

• Azure AI Content Safety
• Azure AI Foundry
• Azure AI Language
• Azure Cosmos DB for MongoDB
• Azure Semantic Kernel
• Azure Speech Services
• Microsoft Dataverse

Amazon Web Services

• AWS Availability Zone

Kubernetes - Components

• Helm Charts

‍

Release Notes and Documentation

For more information, see Version 4.47 Release Notes or check out our Documentation.

Shape the future of Threat Modeling with us!

Join IriusRisk Horizon - Customer Research, Product Discovery, and Early Access. Join today.

Swaggerhub & Github

Find out more of what you need in GitHub and Swaggerhub Repos:

https://app.swaggerhub.com/apis/continuumsecurity/IriusRisk/1.24.0 - We provided this featured API to allow for deeper customer integrations as well as enable very flexible automations within the many varied environments IriusRisk needs to operate.

https://iriusrisk.github.io/iriusrisk-api/v2/latest/- Please note that this version of the API is currently in beta. While it offers advanced features for deeper integrations and flexible automations, we reserve the right to make breaking changes during this phase and encourage caution in production environments.

https://github.com/iriusrisk/IriusRisk-Central - Provides content useful for IriusRisk threat modelling, including templates, API scripts, libraries and more.