Product Release 4.33
Overview
IriusRisk 4.33 includes these enhancements and improvements:
- Adjust Column Width of Threats & Countermeasures Tab
- Revamped Current Risk Summary Report
- Users can Filter Threats and Countermeasures by Custom Fields
Revamped Current Risk Summary Reports with HTML Format
In version 4.33.0 of IriusRisk, you will find a newly designed Current Risk Summary Reports and a new HTML format replacing the less standardized DOCX. The spreadsheet formats (CSV, XLS, and XLSX) have also been adapted. The HTML format makes copying information and repurposing it much easier.
Content
- Components: The section to list the components is now called “Components” instead of “Architecture”.
- Architectural Diagrams: this section has been removed since the architectural diagrams are shown in a previous section.
Report Structure Enhancements
- Sleeker Tables: We've revamped the table structures to ensure clear and easy comprehension.
- Enhanced Tracking: Added identifiers (e.g., CR 1) within the document for better tracking across different sections.
In the following image appears the improved version (right side) versus current version (left side):
See Threat Model Output (Threats and Countermeasures) Changes Over Time
In the ever-evolving world of software development, keeping track of changes is critical. For organizations with large, complex systems, manually reviewing project snapshots to identify component changes can be a time-consuming and error-prone task. We know that threat model practitioners often feel frustrated by the need to manually compare snapshots, especially when dealing with extensive software portfolios.
With this enhancement, you will be now able to see the differential in Threats and Countermeasures between two versions of a project.
NOTE: Only available in the backend / API
Users can Filter Threats and Countermeasures by Custom Fields
This new functionality empowers users to quickly find and filter threats and countermeasures based on their specific criteria, defined in the custom fields, making it easier than ever to tailor your threat modeling process to your unique security needs. Whether you’re looking to refine your risk assessments or manage complex security landscapes, this feature provides greater flexibility and control over your data. These would also include the new system custom fields included in the new V2 components.
Users can adjust the threats and countermeasures width sections
This enhancement provides greater flexibility, enabling you to resize these sections for a more personalized and efficient viewing experience. Threats and countermeasures modals have been redimensioned as well, providing the user a better visibility, and reduce the use of scrollbars.
This intuitive change allows customers to now expand the threats column to see more details/info and adjust the column sizing as needed. Users can also minimize one side completely to focus just on one area.
Configure Trust Zone Visibility
You are now able to configure the visibility of Trust Zones at a Business Unit level. This will allow for individual Trust Zones to be restricted to the Business Units of users who need to see them, ensuring that sensitive items remain secure and improving user experience by allowing for more focussed user selection. By default all trust zones will be visible.
Mitigation Field displayed on weakness and countermeasures
For ease of access and editing the mitigation field has been added to the new UI for weakness and countermeasures.
APIs to use UUID rather than Username
To enhance security and comply with best practices for data protection, we will transition from using usernames to UUIDs in our v2 API endpoint paths. This change will prevent the logging of sensitive information in our logs and any intermediary systems like VPNs. Customers will need to ensure that any existing endpoints using usernames are updated to UUID to continue functioning.
User Management Improvements
User profile pictures can now be uploaded and deleted in the UI so that it is easier to quickly identify users through the platform. Additionally there will be a warning displayed when you invite users from outside your domain, to reduce the risk of accidentally adding unauthorized users.
Using SAML as an authentication-only identity provider
Some of our clients require that only the user data is shared to IriusRisk, because they want to handle permission/role management directly through IriusRisk, instead of handling it via their identity provider, and we previously offered no way of doing so with SAML.
Clients can now configure their SAML integration so IriusRisk ignores the roles that come from the Identity Provider. Even more, clients will be able to manage these roles manually from IriusRisk, even if the users authenticate via SAML.
New Components and V2 Components
SRE-137: AWS components have been converted to V2 components:
Amazon Web Services
- AWS Application Load Balancer
- AWS Appstream 2 0
- AWS Artifact
- AWS Backup
- AWS Batch
- AWS Braket
- AWS Chatbot
- AWS Chime
- AWS CLI Command Line Interface
- AWS Client VPN
- AWS Cloud Map
- AWS Cloud9
- AWS Cloudfront
- AWS CloudHSM
- AWS Cloudsearch
- AWS Codeartifact
- AWS Codebuild
- AWS Codeguru
- AWS Codestar
- AWS Comprehend
- AWS Compute Optimizer
- AWS Connect
- AWS Deeplens
- AWS ELB Report
- AWS ELB Web
- AWS IoT Things Graph
- AWS IoT Twinmaker
- AWS IQ
- AWS Kendra
- AWS Keyspaces
- AWS Lake Formation
- AWS Launch Wizard
- AWS License Manager
SRE-436: New components for several libraries:
Generic components
- Zoom AI
Machine learning & Artificial Intelligence
- Foundational Model
- LLM Framework
- Vector Database
Alibaba Cloud
- Alibaba ApsaraDB MongoDB
- Alibaba ApsaraDB RDS MySQL
- Alibaba ApsaraDB RDS PostgreSQL
- Alibaba ApsaraDB RDS SQLServer
- Alibaba ApsaraDB Redis
- Alibaba Content Delivery Network
Financial services
- Transaction History
Deprecations
Currently, you can set Custom field permissions when you are modifying the permissions for a role for a particular workflow state. As we are implementing project-level roles we are changing how permissions on a workflow status are configured and this new method doesn’t include custom fields. Additionally, some customers suggest that we should emphasize Custom Fields at the project level, which introduces more complexity. Therefore, it's essential to simplify the areas where Custom Fields are configured. Removing them from Workflows should be the first step.
Release Notes
See the full release notes here for 4.33.
