IriusRisk Team
|
The Threat Modeling Experts
June 27, 2024

Product Release 4.30

Overview

IriusRisk 4.30 includes two mega enhancements and improvements:

  • The wait is over - real AI powered threat modeling is here!
  • Over 100 Azure V2 components to deliver unparalleled accuracy and effective threat modeling. 

Introducing Jeff, AI that makes threat modeling easy and fun.

There’s no denying it, AI is here to stay and is going to have a major impact on technology and our relationship with it. Not everything lends itself to being augmented or replaced with AI, despite the many bandwagons that are currently traveling around the internets, but we believe that threat modeling is one of the technologies that will greatly benefit from AI. How do we know? Because we’ve built AI into our product and we love it!

More than a gimmick, our first implementation of AI in IriusRisk brings immediate benefit to all users, but especially those new to threat modeling and IriusRisk. We understand the challenges of rolling out threat modeling. It’s a new process for people to learn, a new technique, a new tool. Being presented with a blank canvas can be daunting and you just want something to get started. Perhaps you have a load of existing artifacts and wish you could just use those to build your threat model, rather than having to duplicate anything in yet another tool. Our AI Assistant, lovingly called Jeff, changes how users get started with their first threat model, and how they create the many more threat models after that.

Why threat model in IriusRisk with AI?

  • Threat modeling made easy with guidance - Firstly, Jeff guides you interactively and intuitively through the process of creating a diagram. You don’t have to draw anything yourself, but simply telling Jeff what it is you are threat modeling allows a diagram to be created for you which you can refine and improve with Jeff, or manually in IriusRisk after the project has been created.
  • Saves time and effort - If you have existing design artifacts, then Jeff can use them to create diagram. This means you don’t have to duplicate the representation by hand, and that saves you time and effort. Jeff can handle virtually any textual representation including: A simple description; Documentation; User stories; Source code; Meeting transcriptions; SBOMs; and probably other stuff as well.
  • Learn from examples - Because Jeff does a lot of the heavy lifting for you, it is very easy to get started. This means you don’t have the challenge of starting with a blank canvas and having to work out where to even start. In this context, you can think of Jeff as creating bespoke templates based on the specific needs of the user. We also provide some example prompts to Jeff to help you get started.
  • Have fun - Ok, this might not be as important as the others from a productivity point of view, but actually, creating threat models with Jeff is pretty cool. This could add to the motivation for creating threat models, overcoming challenges with adoption by development teams etc. So go ahead, translate all of the component names into Mongolian if that’s your thing.

So, let’s see Jeff in action.

Jeff in action

From this short animation we can see a number of things going on:

  • Using Jeff is as simple as clicking the “Model with AI” button from the Projects page.
  • You can enter or copy/paste what you want to threat model, or just select one of the examples we’ve provided.
  • Jeff explains the process and guides the user throughout.
  • It’s a two way interaction - the user is in the driving seat and can adjust things as they go.
  • Jeff generates diagram previews throughout the process.
  • Once the user is happy, Jeff creates the project in IriusRisk and the user has access to their full threat model.

It’s really that simple.

Interested in using Jeff?

It's available to all users in our Community Edition (https://community.iriusrisk.com), from Monday 1 July, 2024, so go and have a play. Then reach out to your Customer Success Manager to request Jeff for your organization.

Over 100 Azure V2 components to deliver unparalleled accuracy and effective threat modeling.

This release also includes a complete refresh of our Azure components, following on from the first release of the new V2 components we started in v4.29.

Azure Components Countermeasures

  • The components you expect - We’ve matched components in IriusRisk with those published by Microsoft Azure where it makes sense to.
  • Developer friendly and actionable language - The threat and countermeasure descriptions have been re-written, with language aimed at developers and security experts alike.
  • Parity between our countermeasures and Azure controls - If Azure says it’s a control, we have a countermeasure for it.
  • Powerful threat and countermeasure metadata - MITRE reference and STRIDE-LM references help you put your threat models into context and focus on the actions that matter most.
  • Baseline standards provide consistency and transparency - baselines to automatically propagate the countermeasure with other Standard mappings.

Deprecations

  • None in v4.30