Product Update: Release 4.9

We are excited to announce the release of IriusRisk 4.9 which includes many new enhancements and features:

Brand new view of the Audit Log, now available in the Settings dropdown menu
Generate threat models from Microsoft Threat Modeling Tool files
New Standards Coverage widget on the Home Dashboard
Create Jira tickets by IriusRisk user instead of a service account
and more!

New Standards Coverage widget in the Home Dashboard

Meet your compliance goals with the new Standards Coverage widget available in the Home Dashboard. At a glance you can see the progress of countermeasures that have been implemented versus planned for each Standard, including a breakdown by Project, giving you an instant overview of your compliance with the Security Standards available within IriusRisk.

Import Microsoft Threat Modeling Tool files

Use your existing Microsoft Threat Modeling Tool (MTMT) threat models inside IriusRisk.

Whether you’re a new customer wanting to onboard quickly, or an existing customer that wants get value from previous threat modeling work, the new API will let you use the diagrams inside the MTMT files to quickly create a full IriusRisk threat model. A future release will also parse the threats and controls from MTMT into IriusRisk.

Map Standards into ServiceNow

A new setting has been added to the ServiceNow issue tracker configuration, allowing you to map IriusRisk Standards, as applied to countermeasures, into a configured field inside ServiceNow. This allows you to categorize countermeasure delivery tasks by Standard within ServiceNow.

Set the Jira issue reporter as the IriusRisk user for Jira Server

When IriusRisk creates a ticket in Jira, the reporter field is set to the service account used by IriusRisk, regardless of which IriusRisk user created the issue. As of this release you can now enable a setting that will set the reporter of the issue to be the IriusRisk user, as if they had created it directly in Jira, if the user has the same email address in Jira and IriusRisk (otherwise it just uses the service account). This gives you much more visibility and manageability of tasks inside Jira. This feature will be supported for Jira Cloud in a future release.

Disable users

When an IriusRisk user no longer needs an account, it is important for security reasons that the access is revoked in order to prevent misuse of the account. However, there may be some metadata associated with the account that is important to keep in the system for audit or traceability reasons. Rather than having to delete the user account, as of IriusRisk 4.9 you can just disable the user. This also works automatically where the user is disabled through Single Sign On (SSO).

Brand new audit log

A new version of the audit log, built in React, that is lightning fast and much easier to use. You can find it in the Control Panel dropdown menu.

Security Content

This release includes a ton of new security content as well as improvements to existing content.

New and updated components:

Azure Managed Apps
Azure Resource Manager
Azure Container Apps
Azure Batch
Azure VM Scale set
AWS Identity and Access Management (IAM)
Proxy Server
Firewall
Virtual Appliance
Vmware Workstation

Plus a new Hardware category containing 41 new components including:

Wi-Fi Port
Drone
Laptop
Sensor
and much more

New libraries:

Mitre ATT&CK Framework

New standards:

OWASP Top 10 Kubernetes Top 10 2022

Release notes

For more information, see the Version 4.9 Release Notes.

Shape the future of Threat Modeling with us!

Join IriusRisk Horizon

IriusRisk Horizon - Customer Research, Product Discovery, and Early Access

‍