Scalable, collaborative threat modeling
IriusRisk beats the complexity of manual threat modeling with its powerful automation engine, extensive security standards, and integration with major issue trackers. The result is a fast and reliable self-service tool for designing secure applications - that's simple for your developers to use, too.
The most common challenges of manual threat modeling
- "We're manually threat modeling, but it's becoming too time-consuming and complex - how do I solve this?"
- "Our threat models aren't always consistent, and the process isn't easily repeatable"
- "Modeling 1-2 products is simple, but how do we scale this to hundreds, or even, thousands of applications?"
- "Security time and resources are scant - is there a way we can scale their knowledge to other teams?"
- "We want our engineering teams to perform threat modeling themselves, but they don’t have the time"
How IriusRisk solves these challenges - and how we empower your teams
SAVE time, rework, and cost through automation
IriusRisk provides a single point to define secure design patterns and manage Threat Models throughout the entire development process. You can quickly define diagrams using draw.io, generate threat models and push security tasks to issue tracking tools. You're able to scale this across your organisation and remove manual threat modeling output from people's heads, into living, iterative threat models, contained within a centrally accessible location. IriusRisk customers are addressing the security bottleneck head-on as design flaws are eliminated from the offset.
EASILY scalable, repeatable AND consistent
IriusRisk automates repetitive threat modeling tasks so your security team can focus their resources effectively - regardless if you're modeling 1, 10, 100, 1000, or 10000s+ applications. Our platform is powered by industry-leading diagramming technology, Draw.io, plus an extensive rules engine that uses standard threat and countermeasure libraries. The output is a series of high-fidelity threat models, complete with risks and countermeasures, all with repeatable, consistent results.
SELF-SERVICE for all teams - not just security
You don't need to undergo formal security training to use IriusRisk and you don't have to be an expert in threat modeling. Software development and engineering teams use IriusRisk to design their applications using intuitive diagramming and questionnaire functions and have the output assessed and validated by the security team. IriusRisk uses two-way synchronisation with issue trackers to give you a real-time view of the status of security activities which allows them to keep abreast of development progress. The result? Engineering teams can incorporate security into their existing workflows with minimal impact.
GREATER collaboration, and less conflict
We understand the conflict in the software development lifecycle. We understand the need for security and engineering teams to work more closely together, and that security is just as crucial as speed-to-production. Our clients have found that using IriusRisk during application design has led to increased security awareness, greater communication and understanding across teams, and less anticipation of the potential disruptions during testing due to fewer delays.
An overview of our plans
COMMUNITY (FREE)SaaS | Free Lifetime Subscription
Perfect for getting hands-on with threat modeling for the first time, or to combine your efforts with tooling
- 1 threat model
- Export Threats & Countermeasures as XLS
- Export threat models as XML
- Architectural diagramming with draw.io
- Limited technical and compliance reports
- Receive free community updates
- No API access
- No sync with issue trackers
- No data imports, custom field definition or workflow management
ENTERPRISEAvailable as SaaS or On-Premise
Our most popular option. Benefit from all of the powerful capabilities IriusRisk has to offer to automate and scale across your organisation
- Available with up to unlimited threat models
- All community capabilities, plus:
- Dedicated Customer Success Manager
- Hands-on, assisted onboarding process
- API access
- Import your test results
- Enhanced import and export of models, threats, and metadata
- Import threats from Microsoft Threat Modeling Tool
- Full custom field definition and workflow management
- All technical and compliance reports
- Syncs with popular issue trackers
AWS MARKETPLACEDedicated SaaS
An option for existing Amazon Web Services customers who want to host their tooling in the cloud
- Most of the features of Enterprise*
- Easy purchase via your AWS accountHost IriusRisk in your AWS environment
- Full control over infrastructure costs
- *Limited to 5 threat models
- *No customer success manager
- *Self-guided onboarding process