EAR / Tools / versions
Risk Analysis Tools

PILAR & RMAT versions

[ beta ]

PILAR : 7.3.2 - 8.7.2019

bug fixing

PILAR : 7.3.1 - 24.6.2019

bug fixing

PILAR : 7.3.0 - 17.6.2019

pd risk mitigation revised
gdpr data
incidents
associate a date to phases
cvss v3
attack paths revised to count direct impact on perimeter
applicability map
comments report (csv)
questions report
bug fixing

PILAR : 7.2.7 - 25.3.2019

bug fixing

PILAR : 7.2.6 - 8.3.2019

bug fixing

PILAR : 7.2.5 - 25.2.2019

bug fixing

PILAR : 7.2.4 - 18.2.2019

bug fixing

PILAR : 7.2.3 - 4.2.2019

bug fixing

PILAR : 7.2.2 - 24.1.2019

bug fixing

PILAR : 7.2.1 - 31.12.2018

bug fixing

PILAR : 7.2.0 - 12.12.2018

merge in 1 screen safeguards applicability and valuation
comments: integrated view and edition
TSV: revised & cleaned; see doc
EVL for dimensions: selectable
SQL module: prefix, bugs
threats mix mode revised: optional threats
ad-hoc CVEs for pentesting management
safeguards tree refinement: adequacy for threats
speed up calculations
general bug fixing

PILAR : 7.1.9 - 31.5.2018

mark where there are comments below
skip dependencies between groups of assets
bug fixing

PILAR : 7.1.8 - 16.4.2018

bug fixing

PILAR : 7.1.7 - 19.2.2018

EVL: control percents
bug fixing

PILAR : 7.1.6 - 29.1.2018

GDPR: threats, reports
bug fixing

PILAR : 7.1.5 - 15.1.2018

bug fixing

PILAR : 7.1.4 - 23.12.2017

bug fixing

PILAR : 6.3.4 - 23.12.2017

bug fixing

PILAR : 7.1.3 - 18.12.2017

mix mode: domains and dependencies
bug fixing

PILAR : 6.3.3 - 18.12.2017

bug fixing

PILAR : 7.1.1 - 4.12.2017

bug fixing

PILAR : 6.3.2 - 4.12.2017

bug fixing

PILAR : 7.1.1 - 30.11.2017

personal data processing
security actions
risk scenarios

PILAR : 6.3.1 - 30.11.2017

drag & drop for asset moving between zones
bug fixing

PILAR : 6.3.0 - 26.10.2017

drag & drop for asset moving between zones
bug fixing

PILAR : 6.2.6 - 24.4.2017

bug fixing

PILAR : 6.2.5 - 15.3.2017

bug fixing

PILAR : 6.2.4 - 13.2.2017

bug fixing

PILAR : 6.2.3 - 10.1.2017

bug fixing

RMAT : 5.5.0 - 10.1.2017

bug fixing

download

PILAR : 5.4.12 - 23.12.2016

bug fixing

PILAR : 6.2.2 - 19.12.2016

bug fixing

PILAR : 6.2.1 - 7.12.2016

bug fixing

PILAR : 6.2.0 - 26.11.2016

default TSV simplified
safeguards reorganized
TSV uses excel files
EVL: non aplicability of controls integrated in valuation screen
EVL: maturity of controls separated from maturity of safeguards
EVL: aggregate by domain sets
attack graphs: physical, logical and tempest zones
physical security: delays in excel
help to select perimeter protection components
textual reports revised
pattern-based reports revised
suggest evl items in evl views

PILAR : 5.4.11 - 10.9.2016

bug fixing

PILAR Basic : 5.4.11 - 10.9.2016

bug fixing

microPILAR : 5.4.11 - 10.9.2016

bug fixing

PILAR : 5.4.10 - 14.9.2016

bug fixing

PILAR Basic : 5.4.10 - 14.9.2016

bug fixing

microPILAR : 5.4.10 - 14.9.2016

bug fixing

PILAR : 5.4.9 - 18.7.2015

bug fixing

PILAR Basic : 5.4.9 - 18.7.2015

bug fixing

microPILAR : 5.4.9 - 18.7.2015

bug fixing

PILAR : 5.4.8 - 9.3.2015

bug fixing

PILAR Basic : 5.4.8 - 9.3.2015

bug fixing

microPILAR : 5.4.8 - 9.3.2015

bug fixing

PILAR : 5.4.7 - 12.11.2015

bug fixing

PILAR Basic : 5.4.7 - 12.11.2015

bug fixing

microPILAR : 5.4.7 - 12.11.2015

bug fixing

PILAR : 5.4.6 - 26.10.2015

bug fixing

PILAR Basic : 5.4.6 - 26.10.2015

bug fixing

microPILAR : 5.4.6 - 26.10.2015

bug fixing

PILAR : 5.4.5 - 13.3.2015

bug fixing

PILAR Basic : 5.4.5 - 13.3.2015

bug fixing

microPILAR : 5.4.5 - 13.3.2015

bug fixing

PILAR : 5.4.4 - 3.12.2014

bug fixing

PILAR Basic : 5.4.4 - 3.12.2014

bug fixing

microPILAR : 5.4.4 - 3.12.2014

bug fixing

RMAT : 5.4.1 - 31.7.2014

perimeters for security profiles
bug fixing

PILAR : 5.4.3 - 18.7.2014

bug fixing

PILAR Basic : 5.4.3 - 18.7.2014

bug fixing

microPILAR : 5.4.3 - 18.7.2014

bug fixing

PILAR : 5.4.2 - 30.6.2014

bug fixing

PILAR Basic : 5.4.2 - 30.6.2014

bug fixing

microPILAR : 5.4.2 - 30.6.2014

bug fixing

PILAR : 5.4.1 - 8.4.2014

bug fixing

PILAR Basic : 5.4.1 - 8.4.2014

bug fixing

microPILAR : 5.4.1 - 8.4.2014

bug fixing

PILAR : 5.4.0 - 12.2.2014

perimeters for safeguards and security profiles
new templates in document generation
level to value mapping is loaded from configuration file
bug fixing

PILAR Basic : 5.4.0 - 12.2.2014

perimeters for safeguards and security profiles
new templates in document generation
bug fixing

microPILAR : 5.4.0 - 12.2.2014

perimeters for safeguards and security profiles
new templates in document generation
bug fixing

RMAT : 5.4.0 - 31.1.2014

perimeters for security profiles
bug fixing

PILAR : 5.3.2 - 14.1.2014

bug fixing

PILAR Basic : 5.3.2 - 14.1.2014

bug fixing

microPILAR : 5.3.2 - 14.1.2014

bug fixing

RMAT : 5.3.0 - 3.1.2014

EVL profiles
- new safeguards
- selection criteria
- history
EVL+ profiles
- new funcionality
TSV - standard threat values
- new views to edit
- differences between TSV's

PILAR : 5.3.1 - 9.12.2013

bug fixing

PILAR Basic : 5.3.1 - 9.12.2013

bug fixing

microPILAR : 5.3.1 - 9.12.2013

bug fixing

PILAR : 5.3.0 - 12.11.2013

safeguard library updated, revised and reordered
- authentication mechanisms
- interconnection architectures
- protection for 3rd party services (e.g. cloud)
3rd party sevices: asset classes and safeguards

threats: mix mode: some threats may be manual
identify risks mitigated by safeguards
remove/retain risks

safeguard valuation by security domains
separate applicability and valuation of security profiles
EVL: filtering of phases and domains
EVL: export to CSV

ENS: compliance report
27002:2013 - draft

bug fixing
bug: asset specific safeguards

PILAR Basic : 5.3.0 - 12.11.2013

safeguard library updated, revised and reordered
- authentication mechanisms
- interconnection architectures
- protection for 3rd party services (e.g. cloud)
3rd party sevices: asset classes and safeguards

ENS: compliance report
27002:2013 - draft

bug fixing

microPILAR : 5.3.0 - 12.11.2013

safeguard library updated, revised and reordered
- authentication mechanisms
- interconnection architectures
- protection for 3rd party services (e.g. cloud)
3rd party sevices: asset classes and safeguards

ENS: compliance report
27002:2013 - draft

bug fixing

RMAT : 5.2 - 16.12.2012

visibility on/off [publishes, or not]
associate controls to safeguards (dynamic safeguards tree extension)
bug fixing

PILAR : 5.2.9 - 26.12.2012

warnings
bug fixing

PILAR : 5.2.8 - 17.12.2012

bug fixing

PILAR : 5.2.7 - 10.12.2012

project diff's
evl: selection: mandatory controls
graphs to excel
bug fixing

PILAR : 5.2.6 - 12.11.2012

subset of asset classes
saving of subsets to be referenced from .car
dependencies between groups of assets
import & merge safeguards and security profiles (evl)
bug in dependencies around OR-nodes
trace of sql writing
option not to save threats in automatic mode
new "project import" different from "project merge"
backwards compatibility with 4.4 and 5.1
three-state boxes in asset selection
selection of duplicated security profiles
revise allowed actions in presentation and blocked modes
ENS annual report
speed up of tsv application
bug fixing

PILAR : 5.2.5 - 28.9.2012

ENS annual report (experimental)
bug fixing

PILAR : 5.2.4 - 18.9.2012

sources for layers
separate marking labels
variable length varchars in db
ENS annual report (experimental)
bug fixing

PILAR : 5.2.3 - 28.8.2012

Bug: value propagation in valuation by domain
Assets & classes
Bug: Microsoft SQL Server
Bug: Oracle

PILAR : 5.2.2 - 6.8.2012

speed up
bugs in templates

PILAR : 5.2.1 - 31.7.2012

speed up
bugs in templates

PILAR : 5.2 - 23.7.2012

main screen reordered
essential info includes personal data
essential info includes classified information
extended interface to associate TSV to security domains
batch mode updated
database tables updated
manual addition of cve vulnerabilities
itemised presentation of deflected risk
risl filtering by top impact and risk
classification marking
report on previously used library and tool
bulk copy + paste of safeguards' maturity between phases and projects
bulk copy + paste of evl' maturity between phases and projects
inform why a safeguard is recommended
splash is disminished after 5 seconds
security domains have separate TSV files
speed up risk calculation
comments for each phase
safeguard effectiveness revisited
pseudo-phase with PILAR recommended maturity levels
metrics of profile fulfillment w.r.t. PILAR recommendation
new safeguards
ens profile revisited
new patterns for report generation (see documentation)
optional xdvp (cross-domain value propagation)
bug fixing

PILAR : 5.1.7 - 26.4.2011

fixes bugs

PILAR : 5.1.6 - 3.11.2011

fixes bugs in project merging

PILAR : 4.4.6 - 3.11.2011

fixes bugs in project merging

PILAR : 5.1.5 - 17.10.2011

fixes bugs in report generation
fixes bugs in business continuity: recommendations, and DRP

PILAR : 5.1.4 - 26.9.2011

bug fixing: report generation

RMAT : 5.1 - 12.8.2011

EVL revisited
- new panel to edit controls and questions
- detection of loops in links
- url to external information on controls
TSV revisited
KB revisited
- new panel to edit measures
bug fixing

PILAR : 5.1.3 - 13.7.2011

batch mode: better reporting of configuration errors
bug fixing: postgresql database
bug fixing: batch mode

PILAR Basic: 5.1.3 - 13.7.2011

bug fixing

microPILAR : 5.1.3 - 13.7.2011

bug fixing

PILAR : 5.1.2 - 1.6.2011

bug fixing

PILAR Basic: 5.1.2 - 1.6.2011

bug fixing

microPILAR : 5.1.2 - 1.6.2011

bug fixing

PILAR : 5.1.1 - 23.5.2011

bug fixing
multiline safeguards and controls
n.a. does not propagate from controls to safeguards
reports improved

PILAR Basic: 5.1.1 - 23.5.2011

bug fixing
multiline safeguards and controls

microPILAR : 5.1.1 - 23.5.2011

bug fixing
multiline safeguards and controls
better reports

PILAR : 5.1 - 28.3.2011

esquema nacional de seguridad (rd 3/2010)
families: OR-nodes, essential assets
domain valuation based on essential assets
transforms domain values into essential assets
vulnerabilities
extended valuation criteria (always 0-10)
n.a. as valoration criteria
mark values to trace propagation
cross-dimension value propagation (e.g. keys)
one extra decimal in risk below {1}
policies integrated with safeguards
procedures integrated with safeguards
AES 256

PILAR Basic: 5.1 - 28.3.2011

esquema nacional de seguridad (rd 3/2010)
domain valuation based on essential assets
transforms domain values into essential assets
extended valuation criteria (always 0-10)
n.a. as valoration criteria
mark values to trace propagation
cross-dimension value propagation (e.g. keys)
one extra decimal in risk below {1}
policies integrated with safeguards
procedures integrated with safeguards
AES 256

microPILAR : 5.1 - 28.3.2011

esquema nacional de seguridad (rd 3/2010)
ISO/IEC 27000 (2005)
Canned reports
AES 256
one extra decimal in risk below {1}

PILAR : 4.4.5 - 1.12.2010

MS SQL Server access

PILAR : 4.4.4 - 16.10.2010

automatic threats and BCM

RMAT : 4.4 - 16.10.2010

aligned with PILAR 4.4

PILAR : 4.4.3 - 1.7.2010

remember node position in dependency graphs
use ".pilar" to store preferences
"reset" graphs
save node position in .mgr (in dependency graphs)
error fixing

PILAR : 4.4.2 - 24.2.2010

error fixing
- locking new models
- qualitative / quantitative values
- reoirdering of security domains

PILAR & Pilar Basic: 4.4.1 - 8.2.2010

error fixing
- locking of read only executions
- icons dor security domains
- reading of threat frequencies
- cost values in DRP

PILAR & Pilar Basic: 4.4 - 1.2.2010

assets to classes
tree maps
labelled safeguards
applicability revised
dependency diagrams: buses and blocks
sliders in refined dependencies
block movement of assets, domains, sources and phases: using SHIFT + { UP, DOWN, LEFT, RIGHT }
safeguard (branches) linked to sources of information
revision of reports for using sources of information as filters
import / export : SQL DBMS
export library to database
splash screen
licensee logo
threats: automatic identification and evaluation
revise reports driven by template
panel for security domains
filtering of safeguards by source of information
alternative presentation of safeguard maturity
filtering of controls (in evaluation profiles) by source of information
DRP revised
smart deletion of domains
safeguard inheritance: domains first / phases first
show maturity range
bug fixing

PILAR & Pilar Basic 4.3 - 22.1.2009

Version 4.3
independent domains
look for maturity changes
look for maturity below threshold
simplify safeguards
safeguard selection follows recommendation
find decreasing maturity in safeguards
every safeguard may be specific for every asset
graphs revisited
new graphs: per aspect / per strategy / per type of protection
new risk mitigation heuristics
quantitative impact and risk presented as relative values
annotations in external file (file-based DB)
reports from template
reports revised
policies into security profiles
Pilar Basic: valuation criteria
Pilar Basic: risk graph
Pilar Basic: reports from template
security profiles: controls may become safeguards on the fly

RMAT 4.3 - 22.1.2009

Version 4.3

PILAR & Pilar Basic 4.2 - 8.7.2008

qualitative risk with one decimal
dependency degree per dimension
threat models
independent phases
safeguard improvement suggestions
updated library

PILAR & Pilar Basic 4.1.4 - 4.4.2008

en / English
br / Brazilian
es / Spanish
fr / French
it / Italian
pt / Portuguese

PILAR 4.1.3 - 31.3.2008

+ Brasileiro
+ Portuguese

PILAR 4.1.3 - 31.3.2008: bugs
RMAT 4.1 - 24.3.2008: stable version
PILAR 4.1.2 - 14.3.2008: bugs
PILAR & Pilar Basic 4.1.1 - 25.2.2008: bugs and enhancements
PILAR & Pilar Basic 4.1 - 27.12.2007: stable release
PILAR 3.3 - 10.3.2007: stable release
PILAR 3.2 - 5.12.2006: stable release
PILAR 3.1 - 20.5.2006: stable release
PILAR 2.2.10 - 12.12.2005: stable release
PILAR 2.2.9 - 30.11.2005: stable release
PILAR 2.2.6 - 11.10.2005: stable release
PILAR 2.2.5 - 4.10.2005: stable release
PILAR 2.2 - 31.10.2005: stable release
PILAR 1.2 - 29.11.2004: stable release