SOFTWARE SECURITY

Green Hills Software Expands Leadership in Automotive Cybersecurity

prnewswire | October 28, 2020

Green Hills Software, the worldwide leader in embedded safety and security, announced today it has adopted the two new international security standards and regulations for automotive cybersecurity – ISO/SAE 21434 and UNECE WP.29  for the INTEGRITY real-time operating system (RTOS) and associated products and services. For decades, Green Hills has been an industry-recognized leader helping electronics manufacturers create and deploy embedded systems at the highest levels of safety and security. By offering compliant products and associated evidence reports for these new standards, Green Hills will build upon its proven pedigree as the foundational run-time software provider trusted by OEMs and their Tier 1 suppliers for automotive electronics. Utilizing these new security standards enables manufacturers to design and deploy purpose-built, secure, software-defined systems in connected vehicles, including highly automated driving, high performance compute clusters, domain controllers, vehicle gateways, telematics, keyless entry, diagnostic connections and electric vehicle charging stations, to name a few.
As reliance on vehicle connectivity grows and demand for software-defined services rises, the risk of cyberattacks against connected vehicles continues to rise. With over 100 ECUs and hundreds of millions of lines of code, connected vehicles are a target-rich platform for cyberattacks. Multiple points of entry to modern connected vehicles provide opportunities for malicious vehicle control, fraud, and data-breaches that threaten companies, drivers, and road users. A single exploited security vulnerability could put an entire fleet of vehicles at risk, numbering in the millions. With nearly 80% of new cars connected1 to the internet, cybersecurity breaches have the potential to put billions of dollars in sales and lawsuits at risk – not to mention the damage to brand reputation.
As a result, governmental bodies and independent regulators are drafting two related measures for managing cybersecurity threats throughout a connected vehicle's lifecycle. Green Hills is collaborating with its customers and adopting cybersecurity assessment policies for the following:
The draft ISO/SAE 21434 "Road vehicles – Cybersecurity engineering" Standard was recently published by SAE International and ISO (Organization for Standardization). It is a baseline for vehicle manufacturers and suppliers to ensure cybersecurity risks are managed efficiently and effectively from both a product lifecycle and organizational perspective spanning concept, development, production, operation, maintenance, and decommissioning.
The WP.29 regulations from the United Nations Economic Commission for Europe (UNECE) make OEMs responsible for cybersecurity mitigation in four cybersecurity areas spanning the entire vehicle lifecycle: managing cyber risks; securing vehicles by design; detecting and responding to security incidents; and providing safe and secure over-the-air (OTA) software updates. While WP.29 defines concrete examples of threats and mitigations, OEMs can choose how they show the threats are addressed, such as complying with ISO/SAE 21434. The regulation is expected to be finalized in early 2021 and applied initially to many member nations including European nations, South Korea, UK, and Japan, and will likely influence vehicle homologation polices in the US, Canada and China.
WP.29 will be legally binding within adopting countries, and while the ISO/SAE 21434 standard is not a regulation, it is expected to be widely accepted in the global industry like ISO 26262 is today.
"Connected cars bring significant risks and rewards to OEMs and their suppliers," said Chris Rommel, Executive Vice President, IoT & Industrial Technology at VDC Research. "Green Hills has earned a high stature in the industry for supplying security-critical foundational software to companies building life-critical systems like aircraft avionics, vehicle ADAS and medical equipment, and its support of these new cybersecurity standards is noteworthy."

"ISO/SAE 21434 and WP.29 are valuable additional steps towards protecting connected vehicles from cybersecurity vulnerabilities," said Dan Mender, VP of Business Development at Green Hills Software. "Green Hills has decades of experience developing and delivering security-certified technologies at the highest levels. Adopting these standards expands our offerings to global automotive OEMs and their suppliers bringing the industry's leading secure software run-time environment to next-generation connected vehicle electronics."

Reference
(1) Source: VDC Research Group, Inc.: Automotive Cybersecurity Software & Services Market report, 2019 Strategic Insights Security & The Internet of Things Research Program.

About Green Hills Software
Founded in 1982, Green Hills Software is the worldwide leader in embedded safety and security. In 2008, the Green Hills INTEGRITY-178 RTOS was the first and only operating system to be certified by NIAP (National Information Assurance Partnership comprised of NSA & NIST) to EAL 6+, High Robustness, the highest level of security ever achieved for any software product. Our open architecture integrated development solutions address deeply embedded, absolute security and high-reliability applications for the military/avionics, medical, industrial, automotive, networking, consumer and other markets that demand industry-certified solutions. Green Hills Software is headquartered in Santa Barbara, CA, with European headquarters in the United Kingdom.
Green Hills, the Green Hills logo and INTEGRITY are trademarks or registered trademarks of Green Hills Software in the U.S. and/or internationally. All other trademarks are the property of their respective owners.

Spotlight

Moving forward, leaders will need to see measurable data to justify cyber security purchases. Frank Dickson, Group Vice President of IDC’s Security and Trust practice, discusses why measuring ROI of your cyber security investments is crucial.

Spotlight

Moving forward, leaders will need to see measurable data to justify cyber security purchases. Frank Dickson, Group Vice President of IDC’s Security and Trust practice, discusses why measuring ROI of your cyber security investments is crucial.

Related News

DATA SECURITY

Orca Security Expands Cloud Security Offerings with ThreatOptix Integration

Orca Security | February 22, 2023

On February 21, 2023, Orca Security, a leader in agentless cloud security, announced the addition of ThreatOptix's agent-based runtime protection and enforcement to its Orca Cloud Security Platform. The new capability expands Orca's industry leadership by offering customers a choice in how they secure their cloud-native applications, including virtual machines, containers, and Kubernetes applications. While remaining committed to agentless security, Orca's latest offering strengthens its comprehensive coverage and visibility across the cloud estate. Cloud Security Platform's runtime detection and enforcement will be enhanced by new capabilities from ThreatOptix, which provides comprehensive Linux security focusing on cloud workload protection with its technology. Through a strategic partnership with ThreatOptix, all agent deployments, policy management, and data will be seamlessly integrated into the Orca Platform and offered as a single platform. When it comes to securing modern workloads, security teams face numerous obstacles, such as compliance monitoring, vulnerability management, and advanced threat detection and prevention. Orca's sole focus has been delivering superior agentless capabilities to tackle these problems. However, there are specific mission-critical applications for which enterprises may need an agent for advanced runtime protection and enforcement. With the completion of this integration, Orca Cloud Security Platform users will be able to quickly manage and deploy the ThreatOptix agent as well as customize policies from the Orca UI. In addition, all agent-based runtime telemetry will be completely accessible within the Orca Unified Data Model to facilitate usability. The integrated solution will be accessible in this year's second half. Avi Shua, Orca Security's CEO and Co-Founder said, "At Orca Security, we have a mission to continually innovate cloud security and push the limits of what's possible to be your key partner for securing the entirety of your cloud environments now and in the future." He added, "As we expand our Cloud Security Platform, we are strategically partnering with ThreatOptix due to their core focus on delivering runtime protection and enforcement for cloud-native applications." (Source – Business Wire) About Orca Security Oregon-based Orca Security is a globally trusted enterprise specializing in agentless cloud security solutions. Its Unified Data Model and patented SideScanning™ technology enable enterprises to move and scale confidently in the cloud. The Orca Cloud Security Platform provides comprehensive coverage and visibility of all cloud-related risks, making it the industry leader in identifying, prioritizing, and remediating security risks and compliance issues across AWS, Azure, Google Cloud, and Kubernetes. With continuous first-to-market innovations and expertise, Orca ensures security teams can quickly identify and mitigate risks to keep businesses secure.

Read More

ENTERPRISE SECURITY, PLATFORM SECURITY, SOFTWARE SECURITY

WatchGuard Announce Unveiling New Line of Firewall Products

WatchGuard Technologies | February 20, 2023

WatchGuard® Technologies, an industry leader in unified cybersecurity, has recently announced the launching of new tabletop firewall appliances: Firebox T25/T25-W, Firebox T45/T45-POE/T45-W-POE, and Firebox T85/T85-POE. By leveraging WatchGuard's Unified Security Platform® architecture to provide comprehensive security and streamlined management through WatchGuard Cloud, these new firewalls are built to give the performance that distributed, and remote business environments require to protect themselves against the latest network security threats. WatchGuard's new Firebox product line, which features increased memory and processing speeds for improved throughput, enables WatchGuard partners, MSPs and IT administrators to protect branch offices, office equipment, retail point-of-sale (POS) software, remote devices, and remote users from complex and emerging threats with minimal network configuration and management overhead. "This new generation of Fireboxes takes full advantage of our Unified Security Platform architecture, enabling MSPs to provide the robust solutions and simplified management they require to meet the needs of a wide range of customers and deployment scenarios," said Ryan Poutre, Product Manager at WatchGuard Technologies. (Source - GlobeNewswire) Key features for the new Firebox products include as follows: WatchGuard Firebox T25/T25-W: Offer small offices, home offices, and retail environments with stand-alone or centrally managed protection with complete enterprise-level network security. WatchGuard Cloud's zero-touch deployment enables speedy setup at remote sites to ensure a secure connection. WatchGuard Firebox T45/T45-POE/T45-W-POE: Provides stand-alone or centrally managed enterprise-level protection to small and medium-sized businesses. Improves visibility into network activity and security events. Offers flexible management tools that facilitate faster and more secure business connection setup at remote locations. WatchGuard Firebox T85-POE: Provides enterprise-level security with high performance that evolves with the network requirements. It offers users with two Power-over-Ethernet (PoE+) ports that enable power to peripheral devices. About WatchGuard Technologies, Inc. WatchGuard® Technologies, Inc. is one of the leading companies in unified cybersecurity. The company's Unified Security Platform® is a unique way for managed service providers to get world-class security that helps their businesses grow and move faster while making their operations more efficient. Its award-winning products and services include network security and intelligence, multi-factor authentication, advanced endpoint protection, and secure Wi-Fi. They are used by more than 17,000 security service providers and resellers to shield more than 250,000 customers. The company's headquarters are in Seattle, Washington, and it has offices all over North America, Europe, Asia-Pacific, and Latin America.

Read More

ENTERPRISE SECURITY, PLATFORM SECURITY, SOFTWARE SECURITY

Tenable Enhances Tenable OT Security to Provide the Broadest Coverage

Tenable | March 13, 2023

Tenable®, the Exposure Management company, announced unveiling new features within Tenable OT Security, delivering greater protection for operational technology (OT), industrial control systems and critical infrastructure, regardless of deployment size or environment configuration. The new feature keeps the CISO's organization front and center, making it easier to protect and maintain governance of the whole attack surface using the same tools and processes throughout their infrastructure, whether IT, OT, IoT, the cloud, or other platforms. Tenable is ideally positioned to assist its customers in meeting their security needs by offering an all-encompassing solution for securing mixed environments. This latest update enhances Tenable OT Security's vulnerability detection capabilities with an improvement to the OT active scanner and a tighter integration with Tenable's Nessus, the market-leading vulnerability scanning solution. Tenable OT Security now provides companies with unparalleled scanning capabilities by leveraging the technology relied upon by over 40,000 security teams worldwide. Key new capabilities include: Increased Asset Discovery and Visibility Advanced Vulnerability and Threat Detection Enhanced Dashboards and Reporting Amir Hirsh, General Manager of OT Security, Tenable, said, "We consistently hear from CISOs that they have been tasked with security for mixed environments that include both OT and IT technologies, but they don't have the requisite visibility to secure either well. The new capabilities added to Tenable OT Security provide our customers with full visibility, security and control of all their environments and assets, in one consolidated view." He added, "Now, our customers can leverage the full strength of Tenable OT active scanning, tightly integrated with embedded Nessus scans for IT assets, to create a clear view of all assets, their vulnerabilities, risk score, attack path analysis and more." (Source – Globe Newswire) This most recent upgrade also includes product localization abilities for Japanese, Chinese, French, and German, reducing training and support expenses for businesses operating in non-English speaking regions. About Tenable Headquartered in Columbia, MD, Tenable® is a leading company for Exposure Management. Tenable is relied upon by about 43,000 enterprises worldwide to comprehend and mitigate cyber risk. As the originator of Nessus®, Tenable leveraged its experience in vulnerabilities to provide the world's first platform capable of identifying and securing any digital asset on any computer platform. Over sixty percent of the Fortune 500, forty percent of the Global 2000, and significant government bodies are prospective clients of Tenable.

Read More