SOFTWARE SECURITY

Green Hills Software Expands Leadership in Automotive Cybersecurity

prnewswire | October 28, 2020

Green Hills Software, the worldwide leader in embedded safety and security, announced today it has adopted the two new international security standards and regulations for automotive cybersecurity – ISO/SAE 21434 and UNECE WP.29  for the INTEGRITY real-time operating system (RTOS) and associated products and services. For decades, Green Hills has been an industry-recognized leader helping electronics manufacturers create and deploy embedded systems at the highest levels of safety and security. By offering compliant products and associated evidence reports for these new standards, Green Hills will build upon its proven pedigree as the foundational run-time software provider trusted by OEMs and their Tier 1 suppliers for automotive electronics. Utilizing these new security standards enables manufacturers to design and deploy purpose-built, secure, software-defined systems in connected vehicles, including highly automated driving, high performance compute clusters, domain controllers, vehicle gateways, telematics, keyless entry, diagnostic connections and electric vehicle charging stations, to name a few.
As reliance on vehicle connectivity grows and demand for software-defined services rises, the risk of cyberattacks against connected vehicles continues to rise. With over 100 ECUs and hundreds of millions of lines of code, connected vehicles are a target-rich platform for cyberattacks. Multiple points of entry to modern connected vehicles provide opportunities for malicious vehicle control, fraud, and data-breaches that threaten companies, drivers, and road users. A single exploited security vulnerability could put an entire fleet of vehicles at risk, numbering in the millions. With nearly 80% of new cars connected1 to the internet, cybersecurity breaches have the potential to put billions of dollars in sales and lawsuits at risk – not to mention the damage to brand reputation.
As a result, governmental bodies and independent regulators are drafting two related measures for managing cybersecurity threats throughout a connected vehicle's lifecycle. Green Hills is collaborating with its customers and adopting cybersecurity assessment policies for the following:
The draft ISO/SAE 21434 "Road vehicles – Cybersecurity engineering" Standard was recently published by SAE International and ISO (Organization for Standardization). It is a baseline for vehicle manufacturers and suppliers to ensure cybersecurity risks are managed efficiently and effectively from both a product lifecycle and organizational perspective spanning concept, development, production, operation, maintenance, and decommissioning.
The WP.29 regulations from the United Nations Economic Commission for Europe (UNECE) make OEMs responsible for cybersecurity mitigation in four cybersecurity areas spanning the entire vehicle lifecycle: managing cyber risks; securing vehicles by design; detecting and responding to security incidents; and providing safe and secure over-the-air (OTA) software updates. While WP.29 defines concrete examples of threats and mitigations, OEMs can choose how they show the threats are addressed, such as complying with ISO/SAE 21434. The regulation is expected to be finalized in early 2021 and applied initially to many member nations including European nations, South Korea, UK, and Japan, and will likely influence vehicle homologation polices in the US, Canada and China.
WP.29 will be legally binding within adopting countries, and while the ISO/SAE 21434 standard is not a regulation, it is expected to be widely accepted in the global industry like ISO 26262 is today.
"Connected cars bring significant risks and rewards to OEMs and their suppliers," said Chris Rommel, Executive Vice President, IoT & Industrial Technology at VDC Research. "Green Hills has earned a high stature in the industry for supplying security-critical foundational software to companies building life-critical systems like aircraft avionics, vehicle ADAS and medical equipment, and its support of these new cybersecurity standards is noteworthy."

"ISO/SAE 21434 and WP.29 are valuable additional steps towards protecting connected vehicles from cybersecurity vulnerabilities," said Dan Mender, VP of Business Development at Green Hills Software. "Green Hills has decades of experience developing and delivering security-certified technologies at the highest levels. Adopting these standards expands our offerings to global automotive OEMs and their suppliers bringing the industry's leading secure software run-time environment to next-generation connected vehicle electronics."

Reference
(1) Source: VDC Research Group, Inc.: Automotive Cybersecurity Software & Services Market report, 2019 Strategic Insights Security & The Internet of Things Research Program.

About Green Hills Software
Founded in 1982, Green Hills Software is the worldwide leader in embedded safety and security. In 2008, the Green Hills INTEGRITY-178 RTOS was the first and only operating system to be certified by NIAP (National Information Assurance Partnership comprised of NSA & NIST) to EAL 6+, High Robustness, the highest level of security ever achieved for any software product. Our open architecture integrated development solutions address deeply embedded, absolute security and high-reliability applications for the military/avionics, medical, industrial, automotive, networking, consumer and other markets that demand industry-certified solutions. Green Hills Software is headquartered in Santa Barbara, CA, with European headquarters in the United Kingdom.
Green Hills, the Green Hills logo and INTEGRITY are trademarks or registered trademarks of Green Hills Software in the U.S. and/or internationally. All other trademarks are the property of their respective owners.

Spotlight

Jesse Glaesman, Cyber Security Manager of Acme Brick, explains how his company’s proactive security approach builds trust, insulates customers and protects brand reputation. A longstanding relationship with IBM, including QRadar and X-Force IRIS, ensures Acme Brick can protect the people it serves.

Spotlight

Jesse Glaesman, Cyber Security Manager of Acme Brick, explains how his company’s proactive security approach builds trust, insulates customers and protects brand reputation. A longstanding relationship with IBM, including QRadar and X-Force IRIS, ensures Acme Brick can protect the people it serves.

Related News

DATA SECURITY, PLATFORM SECURITY, SOFTWARE SECURITY

SentinelOne LABScon Security Research Conference Unifies Private and Public Sector Through Groundbreaking Cybersecurity Discoveries

SentinelOne | September 22, 2022

SentinelOne, an autonomous cybersecurity platform company, today launched the inaugural LABScon, a conference dedicated to advancing cybersecurity research for the benefit of collective digital defense. The event features novel findings from sought-after voices in cybersecurity and groundbreaking research by leading research teams. “The goal of LABScon is to provide a venue for advanced security collaboration and community building,” said Migo Kedem, VP Growth and Head of SentinelLabs, SentinelOne. “We are pleased to unite the cybersecurity community - researchers, vendors, and practitioners - to strengthen collective understanding of the security landscape. Only through shared knowledge and collaboration will cybersecurity evolve.” The conference lineup features prominent speakers and world-class researchers presenting on today's most important cyber security topics. Conference highlights include: Mark Russinovich, Microsoft Azure CTO, presents the story of his seminal malware analysis toolkit, which transformed malware analysis and forensic investigation Dmitri Alperovitch, Executive Chairman of the Silverado Policy Accelerator and CrowdStrike Co-Founder and former CTO, discusses cyberwarfare and effective policies Morgan Adamski, Director of NSA's Cyber Collaboration Center, keynotes “Operational Collaboration: The Realities of Success” Chris Krebs, the first director of the Department of Homeland Security’s (DHS) Cybersecurity and Infrastructure Security Agency (CISA) and Partner of the Krebs Stamos Group, shares in-the-trenches perspectives on cybersecurity and government M.J. Emanuel, CISA Incident Response Analyst, delves into recent cyberattacks targeting satellite communications and critical infrastructure Mauro Vignati, International Red Cross, discusses the line between combatants and digital collaborators in war Thomas Rid, Professor of Strategic Studies and founding director of the Alperovitch Institute for Cybersecurity Studies at Johns Hopkins SAIS, debuts cybersecurity discoveries Kim Zetter, world-renowned cybersecurity author, facilitates fireside chats and shares perspectives on cyberwar Kris McConkey, PwC’s Global Cyber Threat Intelligence Practice Lead, releases research detailing new activity emanating from Chinese advanced persistent threat (APT) groups Mandiant, Sophos, Volexity, BlackLotus, PwC, and Binarly drops new APT research and vulnerabilities SentinelLabs releases “Metador,” our most ambitious APT research to date LABScon is hosted by SentinelLabs, a world-class team of security researchers that identifies critical vulnerabilities, new attack vectors, malware strains, and threat actors. The event is sponsored by Stairwell, Luta Security, Cisco Talos, GreyNoise, HP Wolf Security, Aesir, Binarly, Team Cymru, and ReversingLabs. To stay updated with groundbreaking threat research and cybersecurity discoveries, visit https://www.sentinelone.com/labs/ About SentinelOne SentinelOne’s cybersecurity solution encompasses AI-powered prevention, detection, response and hunting across endpoints, containers, cloud workloads, and IoT devices in a single autonomous XDR platform.

Read More

DATA SECURITY, SOFTWARE SECURITY, WEB SECURITY TOOLS

Phosphorus Announces New Partnership with Dewpoint to Expand Its xIoT Security Solutions and Platform in US Market

Phosphorus | September 26, 2022

Phosphorus, the leading provider of advanced and full-scope security for the extended Internet of Things (xIoT), today announced a partnership with Dewpoint. The IT and security solutions provider will act as a value-added reseller (VAR) for Phosphorus in the US market. The new partnership will see the two companies jointly delivering a new generation of xIoT security solutions in the US to meet growing enterprise demand for xIoT attack surface management and remediation capabilities. “xIoT security is a critical need for today’s enterprises, and these risks are left unaddressed by traditional IT security solutions. We look forward to working with Dewpoint to help expand our US sales channels and bring the world’s most advanced xIoT security platform to more organizations.” Kal Gajera, Director of North America Channels at Phosphorus Phosphorus’s Extended Enterprise xIoT Security Platform is the world’s first and only automated security platform capable of delivering xIoT Attack Surface Management, xIoT Hardening, and Remediation, and xIoT Detection and Response across the full range of IoT, OT, and Network-connected devices—spanning both new and legacy devices. This enables large organizations to scale xIoT technologies (which can amount to millions of devices per organization) without having to add any additional employees to find, fix, and monitor them. ABOUT PHOSPHORUS Phosphorus Cybersecurity® is the leading xTended Security of Things™ platform designed to secure the rapidly growing and often unmonitored Things across the enterprise xIoT landscape. Our Extended Enterprise xIoT Security Platform delivers Attack Surface Management, Hardening & Remediation, and Detection & Response to bring enterprise xIoT security to every cyber-physical Thing in your enterprise environment. With unrivaled xIoT discovery and posture assessment, Phosphorus automates the remediation of the biggest IoT, OT, and Network device vulnerabilities—including unknown and inaccurate asset inventory, out-of-date firmware, default credentials, risky configurations, and out-of-date certificates. ABOUT DEWPOINT Dewpoint has been bringing business and technology together since 1996. We make sure technology is solving all your business problems, providing transparency of spend for executives, and enhancing collaboration and flexibility. As the IT industry and businesses continue to change, Dewpoint provides the thought leadership and industry expertise to offer a new level of services in project management, digital innovation, infrastructure, security, cloud, and a range of tailored professional and managed service solutions for all our clients.

Read More

DATA SECURITY, PLATFORM SECURITY, SOFTWARE SECURITY

Cymulate Raises $70M Series D Funding for Continuous Security Posture Testing

Cymulate | September 07, 2022

Cymulate, the market leader in Extended Security Posture Management (XSPM), today announced a $70 million Series D investment led by existing investors One Peak, together with Susquehanna Growth Equity (SGE), Vertex Ventures Israel, Vertex Growth and Dell Technologies Capital. Cymulate has raised $141M to date. The latest investment, which is among the largest for continuous security testing vendors, doubles Cymulate's funding raised to date and accelerates the Company's global expansion and pace of innovation. In a recent report on Continuous Threat Exposure Management (CTEM) GartnerⓇ analysts observed, "Previous approaches to managing the attack surface are no longer keeping up with digital velocity — in an age where organizations can't fix everything, nor can they be completely sure what vulnerability remediation can be safely postponed. CTEM is a pragmatic and effective systemic approach to continuously refine priorities, walking the tightrope between those two impossible extremes."* The global shortage of 2.72 million cybersecurity professionals, and overstretched in-house security resources further exacerbates the need for Cymulate's real-world solutions which closes security gaps quickly and efficiently, rationalizes technology, helps upskill staff and improves processes. "We are thrilled to lead this round of investment in Cymulate," said David Klein, Managing Partner of One Peak. "Cyber posture management and continuous security validation have dramatically increased in popularity in response to the onslaught of ransomware and cyber warfare for businesses across all size ranges. Cymulate is the clear leader in the sector, and we look forward to continuing to support the Company in further accelerating its already strong growth trajectory." Cymulate sets the industry standard for organizations to use automation to continuously validate their threat exposure and cyber posture, by testing their cloud and on-premise networks against the latest threats in the wild. The Company's Extended Security Posture Management platform leverages its native offensive security technology and capabilities to widely support customers' security and business needs. XSPM incorporates four fundamental pillars tied together with analytics to provide actionable security posture insights: Attack Surface Management, Continuous Automated Red Teaming, Breach & Attack Simulation, and Advanced Purple Teaming. Cymulate's customers see their cyber risk reduced by nearly 50% during the first three months of use. Running daily risk assessments, the cyber risk of Cymulate's customers continues to decrease in the first year without any security drift. The Series D funding will be used to extend Cymulate's technological capabilities and further accelerate its global growth. The Company more than doubled its ARR in 2021 and grew more than 200% in North America alone. Cymulate has more than 500 customers globally, including Fortune 500 companies and strategic partners such as Optiv and Wipro. By the end of this year, Cymulate plans to further expand its staff by 75% to continue supporting its go-to-market efforts. "In a market where every business must be prepared to fight advanced threats, I am proud of our team's ability to innovate and respond quickly to the constant turbulence of cybersecurity. "Our funding from existing investors is a further testament to their confidence in our company, direction, and continued vision. We look forward to reaching our next innovation milestones and expanding into new markets across the globe." Eyal Wachsman, CEO and Co-Founder of Cymulate Alongside their Series D funding, Cymulate also recently announced two C-level executive appointments to bolster the company's leadership, namely the appointment of Maria Mastakas as Chief Operating Officer and Carolyn Crandall as Chief Marketing Officer and Chief Security Advocate of Cymulate. *Gartner, Implement a Continuous Threat Exposure Management (CTEM) Program, July 2022. GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved. About Cymulate Cymulate's SaaS-based Extended Security Posture Management (XSPM) provides security professionals with the ability to continuously challenge, validate and optimize their on-premises and cloud cyber-security posture with visualization end-to-end across the MITRE ATT&CK® framework. The platform provides automated, expert and threat intelligence led risk assessments that are simple to deploy and use for organizations of all cybersecurity maturity levels. It also provides an open framework to create and automate red and purple teaming by generating penetration scenarios and advanced attack campaigns tailored to their unique environments and security policies.

Read More