SOFTWARE SECURITY

Green Hills Software Expands Leadership in Automotive Cybersecurity

prnewswire | October 28, 2020

Green Hills Software, the worldwide leader in embedded safety and security, announced today it has adopted the two new international security standards and regulations for automotive cybersecurity – ISO/SAE 21434 and UNECE WP.29  for the INTEGRITY real-time operating system (RTOS) and associated products and services. For decades, Green Hills has been an industry-recognized leader helping electronics manufacturers create and deploy embedded systems at the highest levels of safety and security. By offering compliant products and associated evidence reports for these new standards, Green Hills will build upon its proven pedigree as the foundational run-time software provider trusted by OEMs and their Tier 1 suppliers for automotive electronics. Utilizing these new security standards enables manufacturers to design and deploy purpose-built, secure, software-defined systems in connected vehicles, including highly automated driving, high performance compute clusters, domain controllers, vehicle gateways, telematics, keyless entry, diagnostic connections and electric vehicle charging stations, to name a few.
As reliance on vehicle connectivity grows and demand for software-defined services rises, the risk of cyberattacks against connected vehicles continues to rise. With over 100 ECUs and hundreds of millions of lines of code, connected vehicles are a target-rich platform for cyberattacks. Multiple points of entry to modern connected vehicles provide opportunities for malicious vehicle control, fraud, and data-breaches that threaten companies, drivers, and road users. A single exploited security vulnerability could put an entire fleet of vehicles at risk, numbering in the millions. With nearly 80% of new cars connected1 to the internet, cybersecurity breaches have the potential to put billions of dollars in sales and lawsuits at risk – not to mention the damage to brand reputation.
As a result, governmental bodies and independent regulators are drafting two related measures for managing cybersecurity threats throughout a connected vehicle's lifecycle. Green Hills is collaborating with its customers and adopting cybersecurity assessment policies for the following:
The draft ISO/SAE 21434 "Road vehicles – Cybersecurity engineering" Standard was recently published by SAE International and ISO (Organization for Standardization). It is a baseline for vehicle manufacturers and suppliers to ensure cybersecurity risks are managed efficiently and effectively from both a product lifecycle and organizational perspective spanning concept, development, production, operation, maintenance, and decommissioning.
The WP.29 regulations from the United Nations Economic Commission for Europe (UNECE) make OEMs responsible for cybersecurity mitigation in four cybersecurity areas spanning the entire vehicle lifecycle: managing cyber risks; securing vehicles by design; detecting and responding to security incidents; and providing safe and secure over-the-air (OTA) software updates. While WP.29 defines concrete examples of threats and mitigations, OEMs can choose how they show the threats are addressed, such as complying with ISO/SAE 21434. The regulation is expected to be finalized in early 2021 and applied initially to many member nations including European nations, South Korea, UK, and Japan, and will likely influence vehicle homologation polices in the US, Canada and China.
WP.29 will be legally binding within adopting countries, and while the ISO/SAE 21434 standard is not a regulation, it is expected to be widely accepted in the global industry like ISO 26262 is today.
"Connected cars bring significant risks and rewards to OEMs and their suppliers," said Chris Rommel, Executive Vice President, IoT & Industrial Technology at VDC Research. "Green Hills has earned a high stature in the industry for supplying security-critical foundational software to companies building life-critical systems like aircraft avionics, vehicle ADAS and medical equipment, and its support of these new cybersecurity standards is noteworthy."

"ISO/SAE 21434 and WP.29 are valuable additional steps towards protecting connected vehicles from cybersecurity vulnerabilities," said Dan Mender, VP of Business Development at Green Hills Software. "Green Hills has decades of experience developing and delivering security-certified technologies at the highest levels. Adopting these standards expands our offerings to global automotive OEMs and their suppliers bringing the industry's leading secure software run-time environment to next-generation connected vehicle electronics."

Reference
(1) Source: VDC Research Group, Inc.: Automotive Cybersecurity Software & Services Market report, 2019 Strategic Insights Security & The Internet of Things Research Program.

About Green Hills Software
Founded in 1982, Green Hills Software is the worldwide leader in embedded safety and security. In 2008, the Green Hills INTEGRITY-178 RTOS was the first and only operating system to be certified by NIAP (National Information Assurance Partnership comprised of NSA & NIST) to EAL 6+, High Robustness, the highest level of security ever achieved for any software product. Our open architecture integrated development solutions address deeply embedded, absolute security and high-reliability applications for the military/avionics, medical, industrial, automotive, networking, consumer and other markets that demand industry-certified solutions. Green Hills Software is headquartered in Santa Barbara, CA, with European headquarters in the United Kingdom.
Green Hills, the Green Hills logo and INTEGRITY are trademarks or registered trademarks of Green Hills Software in the U.S. and/or internationally. All other trademarks are the property of their respective owners.

Spotlight

Network Access Control (NAC) solutions have come of age, driven by the need for dynamic network visibility and automated threat reduction, wide-scale use of mobile device for Bring-Your-Own Device (BYOD) and guest networking, and the rise of the Internet of Things (IoT). IT organizations are rapidly implementing NAC as an integral piece of their business compliance measures and overall security strategy. However, confusion continues to surround the best practices on why, where, and how to best apply a next-generation NAC solution.

Spotlight

Network Access Control (NAC) solutions have come of age, driven by the need for dynamic network visibility and automated threat reduction, wide-scale use of mobile device for Bring-Your-Own Device (BYOD) and guest networking, and the rise of the Internet of Things (IoT). IT organizations are rapidly implementing NAC as an integral piece of their business compliance measures and overall security strategy. However, confusion continues to surround the best practices on why, where, and how to best apply a next-generation NAC solution.

Related News

DATA SECURITY

Stellar Cyber's Open XDR strengthens security operations for Barracuda users

Stellar Cyber | November 10, 2021

Stellar Cyber, the innovators of Open XDR and the leading next-gen security operations platform, announced today that it has integrated its industry-leading security platform with Barracuda CloudGen Firewall, Barracuda Web Application Firewall, and Barracuda Total Email Protection, bringing enhanced visibility, automated incident correlation, threat hunting, and remediation to managed security service provider (MSSP) customers and prospects. "Our customers know that Barracuda delivers best-of-class email, network, and web application security solutions. When it comes to defending against today's sophisticated cyber threats like ransomware and data breaches, they are looking for full visibility and automation," said Fleming Shi, CTO at Barracuda Networks. "We already offer Barracuda SKOUT Managed XDR optimized for our MSP customers. This new integration with Stellar Cyber gives our enterprise customers a holistic view of their infrastructure and the capabilities to coordinate incident response to attacks in real time." The Stellar Cyber platform incorporates the XDR Kill Chain and AI-driven correlation of detections and alerts into automatically generated incidents in an easy-to-use dashboard with visibility across the entire attack surface, so analysts know exactly what and how to investigate. In addition, Stellar Cyber's built-in multi-tenant features make it easier than ever for Barracuda's MSSP partners to provide SOC-as-a-service offerings to their end-user clients. "The Stellar Cyber Open XDR platform brings additional value to existing Barracuda product investments by ingesting their logs, enriching the captured data, analyzing that data for threats, and then automatically remediating attacks through the firewall as well as other systems," said Zeus Kerravala, principal analyst at ZK Research. "It's great to see this level of integration to protect customers." "By integrating our Open XDR AI-powered cybersecurity platform with Barracuda's popular solutions, we deliver a new level of visibility and SOC capabilities, such as correlated threat analysis, threat hunting, and automated remediation, to Barracuda customers,Our purpose-built platform collects and ingests data from all existing security tools and presents a single dashboard that clearly identifies and prioritizes security threats, all the way from individual alerts to sophisticated incidents or attack stories, in a way that maximizes efficiency in SOC operations." Paul Jespersen, Senior Vice President of Global Business Development at Stellar Cyber Using ransomware protection as an example, customer benefits of the integration include: Barracuda Total Email Protection signals and alerts will be available in Stellar Cyber to provide visibility into phishing and brand-hijacking attacks designed to harvest credentials. In an event where a phishing link is clicked, Barracuda CloudGen Firewall stops the traffic to the attacker's site and flags the target for all other attempts. Network and application infrastructure are constantly bombarded with intrusion and access attempts, especially with stolen credentials. Provided with signals from Barracuda CloudGen Firewall and Barracuda Web Application Firewall, these attempts will be immediately flagged and prevented. Barracuda is working on deeper and broader integrations with Open XDR platforms like Stellar Cyber. Barracuda customers will be able to stop ransomware more efficiently and get ahead of attackers using credential theft and account takeover in email security and prevent further penetration. At Barracuda we strive to make the world a safer place. We believe every business deserves access to cloud-enabled, enterprise-grade security solutions that are easy to buy, deploy, and use. We protect email, networks, data, and applications with innovative solutions that grow and adapt with our customers' journey. More than 200,000 organizations worldwide trust Barracuda to protect them – in ways they may not even know they are at risk — so they can focus on taking their business to the next level. For more information, visit barracuda.com. Barracuda Networks, Barracuda, and the Barracuda Networks logo are registered trademarks of Barracuda Networks, Inc. in the US and other countries. SKOUT Cybersecurity and the SKOUT logo are registered trademarks of SKOUT Cybersecurity Holdings, Inc. and its affiliates in the US and other countries. About Stellar Cyber Stellar Cyber's Open XDR platform delivers Everything Detection and Response by ingesting data from all tools, automatically correlating alerts into incidents across the entire attack surface, delivering fewer and higher-fidelity incidents, and responding to threats automatically through AI and machine learning. Our XDR Kill Chain™, fully compatible with the MITRE ATT&CK framework, is designed to characterize every aspect of modern attacks while remaining intuitive to understand. This reduces enterprise risk through early and precise identification and remediation of all attack activities while slashing costs, retaining investments in existing tools and accelerating analyst productivity. Typically, our platform delivers an 8X improvement in MTTD and a 20X improvement in MTTR. The company is based in Silicon Valley.

Read More

DATA SECURITY

Through Security Innovation Collaboration and Terranova Security, Organizations Can Create Unified Culture of Cyber Security

Terranova Security | July 28, 2021

The global partner of choice in security awareness training, Terranova Security, has announced a partnership with IT professionals' authority in software security training, Security Innovation. The partnership addresses creating a unified cybersecurity culture through role-based security awareness training, a critical business need for many organizations today. A unique challenge in creating a robust cybersecurity culture is faced by those managing cybersecurity-related training at organizations. Specific to their roles and responsibilities, Different departments and individuals need security awareness training. This actuality can lead to establishments often using numerous cybersecurity training programs to train their employees, which can upsurge the resources and cost of these efforts and blind spots when it comes to numerous cyber threats. Around topics such as phishing attempts, email safety, and strong password best practices, knowledge workers naturally need more comprehensive training. Conversely, around what can be done to nullify threats and how technology assets can be targeted, IT staff may require more focused training. However, technical teams like developers can require training in both areas to ensure that they're not only securing software and data but that they're not falling victim to an email phishing attempt. By asking users to toggle between numerous training programs to receive the essential training, establishments may complicate and discourage employees, leading to a feebler overall cybersecurity culture. With Terranova Security and Security Innovation, each organization's offering will be bolstered by more comprehensive content. The first one is recognized for providing best-in-class security awareness training for non-IT staff. The second one is recognized for providing outstanding security awareness training for IT staff. So, the result will be a seamless experience for the customer, both from a platform and a learning perspective. The partnership will deliver customers and their employee's access to an extensive array of security awareness training. Courses will include: • Methodologies backed by science • Hands-on simulations • The removal of complexity About Terranova Security The global security awareness training leader, Terranova Security, was selected by Microsoft as their partner of choice to bring the best in security awareness training content to customers. Successful Terranova Security awareness programs and phishing simulations have provided organizations worldwide with the most multilingual security awareness platform, the highest-quality content, intuitive phishing simulator, and training and communications portfolio in the industry. In addition, organizations continue to leverage the Terranova Security awareness 5-step framework, which provides an evidence-based, step-by-step approach to a successful security awareness program. About Security Innovation A pioneer in software security, Security Innovation, has literally written the book on How to Break Software Security. Organizations, since 2002, have relied on the company's training and assessment solutions to protect software wherever it runs.

Read More

DATA SECURITY

Pondurance Partnered with GuidePoint Security, a Cybersecurity Solutions Leader

Pondurance | February 15, 2022

Pondurance, a provider of Managed Detection and Response (MDR) services, has announced its partnership with GuidePoint Security, a provider of cybersecurity solutions that helps businesses make better decisions and reduce risk. In the Pondurance Channel Partner Program, GuidePoint Security joins a prestigious group of solution providers, managed service providers, and systems integrators. Thousands of businesses around the country trust GuidePoint Security as a top cybersecurity expert and solution provider. The firm offers organizations proven experience, customized solutions, and services to assist them in making smarter cybersecurity decisions that reduce risk. In addition, GuidePoint Security will be able to offer Pondurance's award-winning Managed Detection and Response solution as a result of this relationship, increasing Pondurance's reach into the multi-billion dollar cybersecurity consulting and managed services sector. “Our partners are central to our mission to give every organization the ability to detect and respond to cyber threats, regardless of size, industry, or current in-house capabilities,GuidePoint shares our vision, and we are excited to partner with them to make our proactive MDR service available to the thousands of organizations that count on them for their renowned security expertise.” Lyndon Brown, Chief Strategy Officer at Pondurance GuidePoint Security can provide its customers with the world-class security operations center (SOC) they deserve by adding Pondurance's best-in-class MDR services to its offering. Pondurance's innovative cloud-native technology, backed by a 24/7 staff of analysts, threat hunters, and incident responders, provides clients with continuous cyber risk reduction. In addition, Pondurance, unlike other MDR providers, provides 360-degree detection across cloud, network, endpoint, and logs, containing threats before they propagate and providing the personalized experience that every enterprise needs. Members of the Pondurance Channel Partner Program, such as GuidePoint Security, can use a holistic approach to MDR services to grow their company's capabilities and generate annual recurring income streams. When you join the Channel Partner Program, you get access to training and certification, sales and marketing collaboration, dedicated partner managers, and much more.

Read More