IriusRisk Launches Infrastructure-As-Code


IriusRisk has launched infrastructure-as-code (IaC) as part of its automated Threat Modeling Platform. IaC enables developers or operational teams to automatically manage and provision security architecture, doing away with the need to manually configure software-defined infrastructure.

These recent updates mean users can create a completely automated end-to-end process from cloud-native designs. This single-step action to create a threat model with built-in, actionable, countermeasures makes threat modeling far easier and more scalable than ever before. If an organization uses AWS CloudFormation or HashiCorp Terraform, it can generate threat models automatically within IriusRisk by using infrastructure-as-code.

IaC is enhanced by IriusRisk’s scoring system, which significantly reduces development teams’ workloads by providing a prioritized list of countermeasures and guidance on implementation. By offering a consolidated view of the application risk landscape, the IriusRisk Threat Modeling Platform empowers non-security experts such as Cloud and DevOps engineers to evaluate the security of their designs.

CEO and co-founder of IriusRisk Stephen de Vries said: “Infrastructure-as-code is a vital next step in our drive to continue pushing the boundaries of threat modeling and our mission to make it easier than ever to implement in more environments, and at scale. IaC makes further automation possible and will help to put threat modeling into the hands of more non-security people”.

In addition to adding infrastructure-as-code capability, the new version features several UX updates including an improved home dashboard, more intuitive project management, and clearer reporting including Compliance Reports. Within the Advanced Analytics module, it is now possible to access the module with the same user logged in IriusRisk by configuring an SSO authentication token.