5.6 C
London
Tuesday, December 6, 2022

IriusRisk raises $29 million to automate threat modeling for apps • londonbusinessblog.com

Must read

Congress could soon end the military’s vaccine mandate under pressure from Republicans

WASHINGTON — Congress could soon end the military's Covid-19 vaccine mandate.Democratic leaders in both the House and Senate are considering allowing a Republican bill...

Investors sound the alarm about potential private equity technology deals • londonbusinessblog.com

Business expense management The investors of software company Coupa are sounding the alarm about a possible sale to private equity, fearing that such a...

Prediction of the top startup themes of 2023 • londonbusinessblog.com

A good way to be wrong is to predict the future. A good way to be incredibly and embarrassingly wrong is to predict the...

“How can we grow more and more unicorns?” 4 key startup trends in talent, capital and scale for 2023

At Startup Daily's recent 2023 Tech Playbook From Idea to Unicorn event, our expert panel discussed the top startup trends that tech companies should...
Shreya Christinahttps://londonbusinessblog.com
Shreya has been with londonbusinessblog.com for 3 years, writing copy for client websites, blog posts, EDMs and other mediums to engage readers and encourage action. By collaborating with clients, our SEO manager and the wider londonbusinessblog.com team, Shreya seeks to understand an audience before creating memorable, persuasive copy.

IriusRisk, a threat modeling platform, today announced it has raised $29 million in a Series B funding round led by Paladin Capital Group with participation from BrightPixel Capital, SwanLab Venture Factory, 360 Capital and Inveready. Speaking to londonbusinessblog.com, CEO Stephen de Vries said the proceeds will be spent on growing IriusRisk’s sales and marketing teams in the US and Europe, the Middle East and Africa, as the company’s total raised $ 40 million approaching.

De Vries, who previously worked at cybersecurity firm Corsaire, KPMG and ISS as chief security consultant, said he came to realize that companies are wasting resources running security tests on software developers haven’t designed with security in mind. If developers could understand the security flaws in their designs through threat modeling — that is, identifying the types of threats that harm software — that would reduce the bottleneck caused by security assessments, de Vries theorized.

Indeed, threat modeling does not seem to be the top priority for many organizations. In a Golfdale Consulting questionnaire Commissioned last year by cybersecurity vendor Security Compass, fewer than 10% of developers reported that threat modeling was performed on 90% or more of the apps they developed at their organizations. Only 25% said their organizations performed threat modeling during the early stages of software development, such as requirement gathering and design, before moving on to development.

“Threat modeling has now been established as a required activity for secure software development,” de Vries said, pointing to President Joe Biden’s recent statement. executive order establishing threat modeling as a “recommended minimum” for verifying app code. “Since threat modeling as an activity is still relatively new, there is a need for organizations to share strategies, tips, and tricks for what works when deploying a threat modeling program — and what doesn’t.”

IriusRisk uses a rules engine to “reason” about client-side and cloud codebases, and adopts a pattern-based approach to threat modeling. Users of platforms such as Amazon Web Services (AWS) CloudFormation, HashiCorp Terraform, and Microsoft Visio can tap IriusRisk to import code and automatically generate a diagram and threat model from it.

The IriusRisk Threat Modeling Dashboard. Image Credits: IriusRisk

IriusRisk also offers an analytics module with reports and logs, which can be used by data analysts and scientists to interpret threat data from within their organization. To increase the granularity and accuracy of this data, customers can add components to IriusRisks’ pattern detection library that are unique to their industry or business, including those for AWS, Google Cloud, Azure and industrial control systems.

“IriusRisk empowers technical decision makers to build in security from the beginning of the software development lifecycle, making it an easy-to-implement practice that can be applied consistently across an organization’s product portfolio, enabling security-by-design at scale. created”, de Vries said. “Organizations benefit from IriusRisk’s comprehensive libraries of security standards, including existing threat models for known components, comprehensive security standards, and compliance libraries, which help teams build secure software first and automatically meet regulatory requirements.”

When asked about competition, De Vries admitted that startups like Spectral have an approach similar to IriusRisk in some ways. But he claimed his company’s biggest competitors are lagging behind and doing threat modeling manually using “whiteboards and perhaps rudimentary tooling.”

“We are focused on solving the problem of performing threat modeling consistently and at scale, with minimal developer friction. We often talk to organizations … who want to develop their approach by taking it out of the security team and into technical teams,” added de Vries. “We are making a significant investment in the wider threat modeling community.”

IriusRisk claims to have more than quadrupled its affiliate base by 2021 and increased its free offering, IriusRisk Community Edition, by 120% in terms of active users (to just over 5,400). More than 4,000 projects ran through the free platform last year, De Vries said. security tools.

“Our customers include six of the 30 global systemically important banks and nine Fortune 100 companies… Government organizations use the tool, as well as a digital forensics company, which supports military end users,” said de Vries. “It’s very typical for application security or cybersecurity teams to adopt our software and then roll it out to the wider technical organization so they can provide a threat modeling capability of their own… We’ve grown annual recurring revenue by more than 106% per year . over the past two years and currently have a 120% annualized growth rate.”

IriusRisk has 137 employees today and plans to increase the workforce to 160 by the end of the year.

More articles

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Latest article

Congress could soon end the military’s vaccine mandate under pressure from Republicans

WASHINGTON — Congress could soon end the military's Covid-19 vaccine mandate.Democratic leaders in both the House and Senate are considering allowing a Republican bill...

Investors sound the alarm about potential private equity technology deals • londonbusinessblog.com

Business expense management The investors of software company Coupa are sounding the alarm about a possible sale to private equity, fearing that such a...

Prediction of the top startup themes of 2023 • londonbusinessblog.com

A good way to be wrong is to predict the future. A good way to be incredibly and embarrassingly wrong is to predict the...

“How can we grow more and more unicorns?” 4 key startup trends in talent, capital and scale for 2023

At Startup Daily's recent 2023 Tech Playbook From Idea to Unicorn event, our expert panel discussed the top startup trends that tech companies should...

Top tech news for Monday, December 5, 2022

"Metaverse" lost word of the year to "goblin mode".In what can only be bad news for Mark Zuckerberg's virtual reality dreams, the publisher behind...