Table of Contents
IriusRisk Team
|
The Threat Modeling Experts
March 3, 2025

Product Release 4.39

Overview

IriusRisk 4.39 has even more improvements, we are thrilled to share this latest update! Some advancements include:

  • Issue Trackers Configuration for Projects
  • Set User’s Roles in a Business Unit (BU)
  • Simple Trust Zone Replacement
  • Risk Reduction Widget Across Projects

Take a look at the full list below, or go directly to the Release Notes.

Custom Issue Trackers Configuration for Projects

Requirement: Threat Modeling Practitioners are frustrated by long lists of irrelevant Issue Tracker Profiles when creating issues, which can lead to confusion and unnecessary ‘noise’ when selecting the appropriate profiles.

Solution: To address this, we are enabling custom project-level configurations that show only relevant options.

Set User’s Roles in a BU

Requirement: There is no one-size fits all. And this cannot be more true than when related to managing user permissions and roles. This is why substantial changes have been made, with the final feature looking at setting individual roles within a BU. 

Solution: Users with appropriate permissions will now be able to set individual users' roles within a business unit. When a whole BU is added to a project, the configured roles at a BU level will apply to the project. This allows for configuring permissions for a group of users once and applying those permissions to multiple projects by just adding the business unit.

Simple Trust Zone Replacement

Requirement: Users had to manually delete and then add a replacement trust zone which involved re-adding the connections every time. This was hugely time consuming and caused frustration for busy teams.

Solution: Now users can seamlessly replace trust zones directly within the diagram using a right-click. This eliminates the need to recreate connections and significantly streamlines the update process. 

This feature notifies users of any risk changes that impact components within the trust zone. This uses a sidebar to provide a list of trust zones to select from.

Widget displaying risk reduction across projects

Requirement: Validating the level of risk and demonstrating how it has reduced within a project, or across all projects is essential to manage risk effectively. In addition, it is helpful to emphasise the value that threat modeling brings to risk management for both practitioners and managers. 

Solution: We’ve introduced a clear indicator to make it easy to see the current position of risks across project seats. We also made available tooltips and external links to provide additional information about these metrics for users. 

Security Content

New content across the categories Amazon web services, AWS Report Processors, Client side, Data store, Financial services, Functional, Generic, Microsoft azure, Network components, Service side, Microservice architecture, and Oracle cloud infrastructure. A total of 114 components.

Amazon Web Services - Components

  • AWS Report Processors

Client Side - Components

  • Browser
  • Internal Server
  • SSH Client
  • Web Client

Data Store - Components

  • Elastic Stack

Financial Services - Components

  • SWIFT in Banking
  • Payment Gateway
  • Payment System
  • POI Device

Functional - Components

  • Build Configuration File
  • Chat Message
  • Chatbot
  • Checkout
  • Code Snippet Sharing
  • Cookie Consent Banner
  • Data Chart
  • Formatter

Generic Functional - Components

  • JWT token
  • Pipeline Deployment
  • Private signature key
  • Search
  • Spring Security Configuration

Generic - Components

  • Full Collaboration Tool
  • Account Statement Generation
  • Compliance Reporting System
  • Data Visualization/Dashboard
  • Market Data Component

Microsoft Azure - Components

  • Azure Arc
  • Azure CLI (Command Line Interface)
  • Azure Confidential Legder
  • Azure Data Lake Storage
  • Azure Database for MySQL - Single Server
  • Azure Database for PostgreSQL - Single Server
  • Azure Datadog
  • Azure DevOps Services
  • Azure Elasticsearch
  • Azure Files
  • Azure HDInsight
  • Azure Import/Export
  • Azure IoT Edge
  • Azure Managed Resource Groups
  • Azure MarketPlace
  • Azure Powershell
  • Azure Queue Storage
  • Azure Relay
  • Azure SDK
  • Azure Virtual Network Manager

Microsoft 365 - Components

  • Microsoft Defender for IoT
  • Microsoft Dynamics 365
  • Microsoft Power BI

Network - Components

  • Akamai Guardicore Segmentation
  • DNS (Domain Name System)
  • F5 BIG-IP
  • Firewall
  • FortiGate FortiOS
  • ISP (Internet Service Provider)
  • Load Balancer
  • Router
  • Tanium Patch
  • VPN (Virtual Private Network)
  • Zscaler ZIA

Service Side - Components

  • Apache HTTP Server
  • Apache NiFi
  • Apache Tomcat
  • FTP Server
  • Generic Service
  • GraphQL Web Service
  • IBM WebSphere Liberty
  • Kerberos Authentication Server
  • Kong Gateway
  • Microsoft IIS Server
  • NGINX Server
  • OAuth2 Authorization Server
  • OAuth2 Client Application
  • OAuth2 Resource Server
  • Okta
  • OpenID Connect Provider
  • OpenID Connect Relying Party
  • Proxy Server
  • RESTful Web Service
  • SAML Identity Provider
  • SAML Service Provider
  • SOAP Web Service
  • SSH Server

Microservice Architecture - Components

  • API Gateway
  • IAM
  • Microservice
  • Service Mesh

Oracle Cloud Infrastructure - Components

  • OCI Agent
  • OCI Analytics Cloud
  • OCI ATP (Autonomous Transaction Processing)
  • OCI Autonomous Shared Databases
  • OCI Bastion
  • OCI Block Volumes
  • OCI Cloud Guard
  • OCI Compute
  • OCI Container Engine for Kubernetes
  • OCI Data Integrator
  • OCI Events Service
  • OCI File Storage
  • OCI Flexible Load Balancing
  • OCI Functions
  • OCI IAM
  • OCI Identity Cloud Service
  • OCI Integration Cloud
  • OCI Logging
  • OCI Notification Service
  • OCI Object Storage
  • OCI Streaming
  • OCI Vault
  • OCI VCN

Deprecations

Postgres version 12 has now reached end of life and is no longer supported. You can find out more here: https://www.postgresql.org/support/versioning/

We currently provide a mechanism to provide some configuration options for SAML via environment variables instead of configuration files, facilitating secure versioning of these configuration files. As part of our initiative to move SAML authentication configuration to an UI-based flow, we will remove these environment variables on 30 March 2025. If you have any questions, please reach out to your Customer Success Manager.

Release Notes and Documentation

For more information, see Version 4.39 Release Notes or check out our Documentation.

Shape the future of Threat Modeling with us!

Join IriusRisk Horizon - Customer Research, Product Discovery, and Early Access. Join today.

Swaggerhub & Github

Find out more of what you need in GitHub and Swaggerhub Repos:

https://app.swaggerhub.com/apis/continuumsecurity/IriusRisk/1.24.0 - We provided this featured API to allow for deeper customer integrations as well as enable very flexible automations within the many varied environments IriusRisk needs to operate.

https://app.swaggerhub.com/apis/iriusrisk/IriusRiskV2/2.0.0-beta.8 - Please note that this version of the API is currently in beta. While it offers advanced features for deeper integrations and flexible automations, we reserve the right to make breaking changes during this phase and encourage caution in production environments.

https://github.com/iriusrisk/IriusRisk-Central - Provides content useful for IriusRisk threat modelling, including templates, API scripts, libraries and more.

FAQs

keyboard_arrow_down

keyboard_arrow_down

keyboard_arrow_down

keyboard_arrow_down

keyboard_arrow_down