IriusRisk - Threat modeling platform

IriusRisk

Secure Design At Scale

Manage application security
from inception to production

section1-1

DESIGN

Leveraging best-in-class architectural diagramming with Draw.io, generate an initial threat model in minutes complete with recommended and required countermeasures based on your security policies with specific actionable advice

MANAGE

Threats models and security risk are dynamic and change over time. IriusRisk uses two-way synchronisation with issue trackers and testing tools to give you a clear real-time view of the status of security activities

section1-3

COLLABORATE

IriusRisk boasts a multi-user web interface with integrated access control and workflows which ensure that security, engineering, and development teams can effectively do remote collaboration

1 %
of software vulnerabilities are flaws in the design
1 x
MORE EXPENSIVE TO FIX IN PRODUCTION THAN DURING THE DESIGN PHASE​

Feature

Community Version

Enterprise

Maximum number of threat models

1

Unlimited

API

-

Yes

Import & Export

Export Threats & Countermeasures as XLS

Export models as XML

Import & Export models as XML

Import & export product meta-data from/to XLS

Export threats as XLSX

Import threats from Microsoft Threat Modeler

Templates

Community templates

Unlimited

Two-way sync with ALM

No

Jira, Redmine, Microsoft Team Foundation Server, Azure DevOps, CA Rally

Reports

Technical and compliance reports. OWASP ASVS

All technical and compliance reports including:

  • NIST 800-53
  • ISO/IEC 27002:2013
  • PCI-DSS
  • OWASP ASVS
  • OWASP MASVS
  • EU GDPR
  • IoT Security Foundations
  • CIS Docker
  • CIS AWS

Diagramming

Full architectural diagramming with Draw.io

Full architectural diagramming with Draw.io

Diagram component list

Limited

Extensive

Workflow management

No

Full workflow management

RBAC with fine grained permissions

Not editable

Full access

Custom Fields

No

Full custom field definition

Import test results

No

  • REST API
  • Fortify SSC
  • Fortify SCA
  • ThreadFix
  • OWASP ZAP
  • FCucumber

IriusRisk has a strategic partner program that enables businesses worldwide to benefit from our Threat Modeling platform and increase our overall capabilities with additional support for our customers. We value our partners as an extension of our team, and they play an integral role in helping organizations around the globe secure their assets from design into production.