IriusRisk - Threat modeling platform

IriusRisk

Secure Design At Scale

Manage application security
from inception to production

section1-1

DESIGN

Leveraging best-in-class architectural diagramming with Draw.io, generate an initial threat model in minutes complete with recommended and required countermeasures based on your security policies with specific actionable advice

MANAGE

Threats models and security risk are dynamic and change over time. IriusRisk uses two-way synchronisation with issue trackers and testing tools to give you a clear real-time view of the status of security activities

section1-3

COLLABORATE

IriusRisk boasts a multi-user web interface with integrated access control and workflows which ensure that security, engineering, and development teams can effectively do remote collaboration

1 %
of software vulnerabilities are flaws in the design
1 x
MORE EXPENSIVE TO FIX IN PRODUCTION THAN DURING THE DESIGN PHASE​

IriusRisk Editions

Community

SaaS
  • 1 Threat Model
  • No API Access
  • Export Threats & Countermeasures as XLS | Export Models as XML | No Imports Available
  • Community Templates
  • No ALM Sync
  • Limited Technical & Compliance Reports | OWASP ASVS
  • Full Architectural Diagramming with Draw.io​
  • Limited Diagram Component List
  • No Workflow Management
  • No Role-Based Access Control
  • No Custom Field Definition
  • No Import Test Results

Enterprise

Dedicated SaaS | On-Premise
  • Unlimited Threat Models
  • API Access
  • Import & Export Models as XML | Import & Export Product Meta-Data from/to XLS | Export Threats as XLSX | Import Threats from Microsoft Threat Modeler
  • Unlimited Templates
  • ALM Sync: Jira, Redmine, Microsoft TFS, Azure DevOps, CA Rally
  • All Technical & Compliance Reports: NIST 800-53, ISO/IEC 27002:2013, PCI-DSS, OWASP ASVS, OWASP MASVS, EU GDPR, IoT Security Foundations, CIS Docker, CIS AWS
  • Full Architectural Diagramming with Draw.io​
  • Extensive Diagram Component List
  • Full Workflow Management
  • Full RBAC with Fine Grained Permissions
  • Full Custom Field Definition
  • Import Test Results: REST API, Fortify SSC, Fortify SCA, ThreadFix, OWASP ZAP, FCucumber

AWS

Self Hosted
  • 5 Threat Models
  • All Features Same as Enterprise
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  

Partners

IriusRisk has a strategic partner program that enables businesses worldwide to benefit from our Threat Modeling platform and increase our overall capabilities with additional support for our customers. We value our partners as an extension of our team, and they play an integral role in helping organizations around the globe secure their assets from design into production.