IriusRisk Team
|
The Threat Modeling Experts
February 2, 2023

Product Update: Release 4.12

Product Update: Release 4.12

We are excited to announce the release of IriusRisk 4.12 which includes these new enhancements and features:

  • Visio coordinates are preserved in IriusRisk so the visual structure of the threat model diagram persists between formats.
  • New rules action to set countermeasures to any desired state, giving you even more power to automate.
  • Improved audit log entries when deleting countermeasures, increasing transparency of countermeasure changes.
  • Create better threat models with 10 new networking and generic components including VPN, source code repository, and Social Media.

Visio coordinates preserved in IriusRisk

When importing a Visio diagram into IriusRisk, it is often desirable to keep the layout and structure of the diagrams consistent between the two formats, to ease the transition from one tool to another and minimize confusion. As of IriusRisk v4.12, the coordinates of objects in Visio are preserved in IriusRisk, giving near-identical diagrams.

Take the following Visio diagram:

We can easily import it into IriusRisk with a single API request.

$ curl -H "Accept: application/json" -H "api-token: $IRIUS_API_TOKEN" -H "Content-Type: multipart/form-data" -F "mapping-file=@Visio-custom-mappings.yaml;type=text/yaml" -F "vsdx-file=@visio-all-representations.vsdx" -F "product-id=visio-coords" -F "name=VisioCoords" https://release.iriusrisk.com/api/v1/products/visio
{"ref":"visio-coords","name":"VisioCoords","revision":"1","type":"STANDARD","status":"OPEN","priority":"0","tags":null,"workflowState":"state-1","udts":[],"groups":null,"users":null}

As you can see, the IriusRisk threat model looks virtually identical to the original Visio diagram (but with much better looking icons and style).

New rules action to set countermeasures to any desired state

An important part of threat modeling is reviewing and refining the countermeasures, identifying which ones really matter, and which ones don’t. With IriusRisk this process can be automated, saving users a lot of time and effort, and avoiding frustration. The logic performed by humans can be encapsulated in the rules engine, and as of this release we have extended the logic to let you set a countermeasure to any state.

In the following example we may have an architectural rule that should apply to all projects, namely that certain countermeasures for any components in a Trusted Partner trustzone should me marked as Not Applicable (N/A). This is because the third party is responsible for implementing those countermeasures, not the team creating the threat model. They are out of scope in effect.

We can now do this easily with the new action, saving all users from having to do this manually every single time. Of course, this is just a simple example, but we could apply this to any number of countermeasures or conditions.

There are virtually no limits to how this action can be used to implement your organization’s business and architectural logic.

Improved audit log entries when deleting countermeasures

We have also made some language improvements in the audit log for when countermeasures are deleted. When you delete a duplicated countermeasure from a threat , the audit log language has been updated to include which threat and which countermeasure has been removed, providing greater transparency of actions taken within the

New networking and generic components

This release includes some fantastic new components:

  • Generic components
  • Social media
  • Source code repository
  • Video conferencing software
  • Ticketing system
  • Issue tracker
  • Network components
  • VPN
  • Load Balancer
  • Router
  • DNS
  • ISP
  • Cloud
  • GCP SCC
  • GCP SDK
  • Azure Customer Lockbox

Release notes

For more information, see the Version 4.12 Release Notes.

Shape the future of Threat Modeling with us!

Join IriusRisk Horizon

IriusRisk Horizon - Customer Research, Product Discovery, and Early Access. Join today.