IriusRisk Team
|
The Threat Modeling Experts
February 29, 2024

Product Update Release 4.26

Overview

IriusRisk 4.26 includes these enhancements and improvements:

  • Over 100 new v2 API endpoints (yes, really)
  • Updated Settings menu now includes an intuitive and logical structure and the use of icons to help you quickly access the items you need
  • Adapt your threat modeling tooling around your business needs with our improved Custom Fields interface
  • The new Roles and Permissions interface makes it even easier to manage the roles and permissions for your users
  • New UI improvements for other parts of the product including Assets, Trustzones, and Project-level Vulnerability and Test Tracker configuration
  • Plus new SalesForce components

Over 100 new v2 API endpoints (no, that isn’t a typo)

There’s a real danger of turning this Product Announcement into War and Peace given the sheer volume of API endpoints we’re released. So we’re going to highlight a few of them, and to read through the full list, checkout the following support article: Zendesk

  • For projects, retrieving and commenting on project threats and their associated countermeasures, ownership management by enabling the addition and removal of user and business unit ownership for projects, apply standards to the project, and more
  • Manage project components including managing the users and business units who have access to the component
  • Everything to do with Custom Fields: Getting, creating, editing fields, groups, and even field types.
  • Libraries and Risk Patterns can be retrieved, created, and modified; there’s comprehensive management of threats and countermeasures, including creation, modification, deletion, and retrieval, along with the ability to manage comments on threats and link threats to weaknesses and countermeasures; and more.

What can you do with these new endpoints?

Here are some suggestions of how you could use some of these API endpoints to take your threat modeling automation to the next level:

  • Automatically apply Standards based on a project’s custom field value. For example, if you tier your applications based on business impact, then Tier 1 projects could have stricter standards applied resulting in more required countermeasures or automatic inclusion of standards like PCI-DSS. Tier 4 projects could just have the OWASP Top 10 automatically applied.
  • Automatically create a project component when a threat model is created as part of the CI/CD pipeline (for example using our Terraform API endpoints).
  • Integrate a “State of Threat Modeling” view into your BI solution using the endpoints that let you obtain the top ten countermeasures with the most impact, the global risk of the projects visible to the user, and the implemented countermeasures timeline.
  • Automatically build and update Risk Pattern libraries based on the latest security intelligence available in your SIEM.

See the support article for the full list of endpoints released in v4.26: Zendesk

Updated Settings menu now includes an intuitive and logical structure and the use of icons to help you quickly access the items you need

Life begins at forty, but most user interfaces begin with a menu. That’s why our Settings menu has been completely restructured to make it easier to find and access key parts of the product. We have grouped the menu items into logical sections, split nicely by headers and horizontal rules, plus we have given each item an icon to give you an instant at-a-glance way to find what you’re looking for.

Adapt your threat modeling tooling around your business needs with our improved Custom Fields interface

Custom Fields are a powerful feature of IriusRisk that lets you add essential metadata to your projects, threats, countermeasures, and tests. This allows you to tailor your threat modeling tool around your business needs, and not having to adapt your processes around the tooling. And managing them just got easier thanks to our new Custom Fields interface.

Accessing Custom fields through the top menu, you can immediately see the context in which the Custom Fields apply, as well as manage the Data types, or perform a search.

Creating new groups and fields is intuitive and is done without leaving the context of the group or where they are applied.

You can quickly and simply manage the Data types used by your custom fields, giving full control of the data users have access to.

The new Roles and Permissions interface makes it even easier to manage the roles and permissions for your users

Your users are critical to the success of your threat modeling program, and ensuring they have the right permissions is essential for both the users and for secure tool usage. Our updated Roles and Permissions interface now makes it even faster and easier to manage the roles and permissions you assign to your users. Not only does this save you time, but it also reduces errors.

Accessing the Permissions from the Settings menu, you are presented with the list of roles. From here you can browse, search, select, or create roles.

Creating roles is simple. Give it a name, a description, and then just scroll through the permissions to enable those that apply. The permissions are grouped into Global, Project, and Custom Fields, and then are further grouped to make it easier to find the right permissions. Use the Allow All buttons to quickly enable all of the permissions within the group for that user.

Managing existing roles is just as easy as creating new ones. Simply select a role from the list, and the details are shown right there, without losing context. When you open a role you’ll land on the Users tab so you’ll immediately be able to see all of the users who have that role assigned (as well as any other roles they have). And of course you can also sort and search those users.

Clicking on the Permissions tab allows you manage the permissions for the role. Make your changes, save, and you’re done. And don’t forget that you can also clone existing roles for an even faster way to get started.

New UI improvements for other parts of the product including Assets, Trustzones, and Project-level Vulnerability and Test Tracker configuration

There are a number of other user interface improvements in this release.

The assets page has a fresh new look with paginated tables, quick access to all the relevant information, and the usual sorting and filtering of fields.

The Trust zones interface has also been refreshed, with quick access to see and edit all of your trust zones.

Switching to project level configuration, the vulnerability tracker configuration is now a modal that pops up and allows you to make your changes, even test them, before going back to whatever you were doing.

And the same applies to the project test tracker configuration. Easily set the values from the project menu, save, and get back to threat modeling!

Threat model more with new security content

Finally, in this release we have included four new Salesforce components:

  • Salesforce Experience Cloud
  • Salesforce Health Cloud
  • Salesforce Tableau
  • Salesforce Veeva CRM

Deprecations

Release Notes

For more information, see the Version 4.26 Release Notes.

Shape the future of Threat Modeling with us!

Join IriusRisk Horizon - Customer Research, Product Discovery, and Early Access. Join today.