Sold by: IriusRisk
Deployed on AWS
IriusRisk offers a scalable secure by Design, Threat Modeling platform that allows security and engineering teams to quickly create threat models and automatically generate security requirements for systems and applications at scale
4.7
Overview
IriusRisk offers a Threat Modeling platform that includes data flow diagrams, a list of threats, and both the recommended and required countermeasures to implement. This automation allows engineering teams to plan their security work before they start coding and deploying. IriusRisk uses pre-defined components and a built-in threat and countermeasure library so that teams can generate these models quickly without having to rely on security experts. Countermeasures can be pushed directly to ALM tools like Jira, TFS and Rally so that they are front and centre in the developers' workflows. IriusRisk boasts compliance with the main market standards such as PCI DSS, EU GDPR, OWASP and NIST 800-53. Full integration with most DevSecOps pipeline tools via native integration or API.
Highlights
- Design secure software and architectures by modeling the threats and deriving the countermeasures before writing software.
- Two-way sync with ALM tools like Jira, TFS, Azure DevOps and Rally. Measure and view application security risk throughout the SDLC.
- PCI DSS, EU GDPR and NIST 800-53, OWASP ASVS compliance. Manage security risks at portfolio scale across the enterprise or per business unit.
Details
Sold by
Delivery method
Deployed on AWS
New
Introducing multi-product solutions
You can now purchase comprehensive solutions tailored to use cases and industries.
Features and programs
Financing for AWS Marketplace purchases
AWS Marketplace now accepts line of credit payments through the PNC Vendor Finance program. This program is available to select AWS customers in the US, excluding NV, NC, ND, TN, & VT.
Pricing
Pricing is based on the duration and terms of your contract with the vendor. This entitles you to a specified quantity of use for the contract duration. If you choose not to renew or replace your contract before it ends, access to these entitlements will expire.
Additional AWS infrastructure costs may apply. Use the AWS Pricing Calculator to estimate your infrastructure costs.
Dimension | Description | Cost/12 months |
|---|---|---|
Platform | Including 5 Threat models | $35,000.00 |
Vendor refund policy
None
Legal
Vendor terms and conditions
Upon subscribing to this product, you must acknowledge and agree to the terms and conditions outlined in the vendor's End User License Agreement (EULA) .
Content disclaimer
Vendors are responsible for their product descriptions and other product content. AWS does not warrant that vendors' product descriptions or other product content are accurate, complete, reliable, current, or error-free.
Delivery details
Software as a Service (SaaS)
SaaS delivers cloud-based software applications directly to customers over the internet. You can access these applications through a subscription model. You will pay recurring monthly usage fees through your AWS bill, while AWS handles deployment and infrastructure management, ensuring scalability, reliability, and seamless integration with other AWS services.
Resources
Vendor resources
Support
Vendor support
Customer can request support via
AWS infrastructure support
AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.
Updated weekly
Top
100
In Infrastructure as Code
AI generated from product descriptions
Threat Modeling and Data Flow Diagramming
Platform enables creation of threat models with data flow diagrams, threat identification, and countermeasure recommendations for systems and applications
Pre-defined Component and Threat Library
Includes built-in library of pre-defined components, threats, and countermeasures to enable rapid model generation without requiring security expert involvement
ALM Tool Integration
Supports two-way synchronization with application lifecycle management tools including Jira, TFS, Azure DevOps, and Rally to integrate security countermeasures into developer workflows
Compliance Framework Alignment
Provides compliance mapping and validation against PCI DSS, EU GDPR, NIST 800-53, and OWASP ASVS standards
DevSecOps Pipeline Integration
Offers native integration and API connectivity with DevSecOps pipeline tools for automated security requirement generation and deployment throughout the software development lifecycle
Automated Threat Model Generation
One-click automatic threat model building for cloud environments with synchronization to cloud infrastructure and automatic security configuration validation
Threat Chaining and Model Nesting
Patented threat chaining capability enabling users to build upon existing threat models with automatic propagation of updates and changes across all nested models
Compliance Framework Support
Built-in support for established regulatory standards including NIST, GDPR, and PCI for compliance requirement validation throughout the development lifecycle
Automated Threat Mitigation
Automatic implementation and validation of required security controls based on threat model results to mitigate identified threats
CI/CD Pipeline Integration
Bi-directional API integration with existing technology investments such as JIRA and Jenkins for seamless toolchain connectivity
Development Tool Integration
Integrates with organizational development planning tools such as Jira and Confluence to continuously monitor planned engineering work
Risk Assessment and Prioritization
Identifies, assesses, and prioritizes potential security risks based on context and business impact during the design phase
Framework-Based Mitigation Recommendations
Generates mitigation recommendations based on industry frameworks including NIST and PCI, or customized to internal policies
Early Risk Visibility
Provides full visibility into planned development tasks to uncover security risks before development begins
Secure by Design Implementation
Embeds security considerations early in the SDLC by mimicking decision-making processes of experienced security professionals
Standard contract
No
No
Customer reviews
Lokesh T.
Secure By design using IriusRisk
Reviewed on Oct 17, 2025
Review provided by G2
What do you like best about the product?
Jeff AI and The threat Library i liked a lot.
What do you dislike about the product?
There is a Limitation in Cloud Integration
What problems is the product solving and how is that benefiting you?
It identifies the Issues before a single line of code is written, which means it identifies the issue from design phase
Gautam R.
In need of a threat modelling tool? Iriusrisk might be your friend indeed!!
Reviewed on Nov 18, 2022
Review provided by G2
What do you like best about the product?
Iriusrisk is a great tool in creating an automated threat modelling and helps achieve any organization/s a fully fledged devsecops environment with "Shift Left" approach. Since the application security is done at the end of the development process, the tool really helps in identifying and securing any architecture by design in a very short time and at early stages of the SDLC process.
What do you dislike about the product?
Iriusrisk is a tool with vast capabilities for threat modelling and to find such tool with so many benefits and finally helping an organisation with saving lots of time and costs in the SDLC process, it is hard to find any cons in the tools.
What problems is the product solving and how is that benefiting you?
Benefits
Automated threat modelling reports for development team to work on and securing the architecture at the very early stages. Further reducing the manual exercises of brainstorming to come up with a threat model for any new architecture.
Automated threat modelling reports for development team to work on and securing the architecture at the very early stages. Further reducing the manual exercises of brainstorming to come up with a threat model for any new architecture.
Ajith K.
Good
Reviewed on Oct 18, 2022
Review provided by G2
What do you like best about the product?
Generate a threat model
Identify threats and countermeasures
Avoid delays to deployment and speed up time-to-production
Identify threats and countermeasures
Avoid delays to deployment and speed up time-to-production
What do you dislike about the product?
No dislikes in IriusRisk. I like Iriusrisk very much,
What problems is the product solving and how is that benefiting you?
Threats are a major problem for today's business. IriusRisk helps to reduce the risk. Vulnerability management is ver efficetive