SOFTWARE SECURITY

Green Hills Software Expands Leadership in Automotive Cybersecurity

prnewswire | October 28, 2020

Green Hills Software, the worldwide leader in embedded safety and security, announced today it has adopted the two new international security standards and regulations for automotive cybersecurity – ISO/SAE 21434 and UNECE WP.29  for the INTEGRITY real-time operating system (RTOS) and associated products and services. For decades, Green Hills has been an industry-recognized leader helping electronics manufacturers create and deploy embedded systems at the highest levels of safety and security. By offering compliant products and associated evidence reports for these new standards, Green Hills will build upon its proven pedigree as the foundational run-time software provider trusted by OEMs and their Tier 1 suppliers for automotive electronics. Utilizing these new security standards enables manufacturers to design and deploy purpose-built, secure, software-defined systems in connected vehicles, including highly automated driving, high performance compute clusters, domain controllers, vehicle gateways, telematics, keyless entry, diagnostic connections and electric vehicle charging stations, to name a few.
As reliance on vehicle connectivity grows and demand for software-defined services rises, the risk of cyberattacks against connected vehicles continues to rise. With over 100 ECUs and hundreds of millions of lines of code, connected vehicles are a target-rich platform for cyberattacks. Multiple points of entry to modern connected vehicles provide opportunities for malicious vehicle control, fraud, and data-breaches that threaten companies, drivers, and road users. A single exploited security vulnerability could put an entire fleet of vehicles at risk, numbering in the millions. With nearly 80% of new cars connected1 to the internet, cybersecurity breaches have the potential to put billions of dollars in sales and lawsuits at risk – not to mention the damage to brand reputation.
As a result, governmental bodies and independent regulators are drafting two related measures for managing cybersecurity threats throughout a connected vehicle's lifecycle. Green Hills is collaborating with its customers and adopting cybersecurity assessment policies for the following:
The draft ISO/SAE 21434 "Road vehicles – Cybersecurity engineering" Standard was recently published by SAE International and ISO (Organization for Standardization). It is a baseline for vehicle manufacturers and suppliers to ensure cybersecurity risks are managed efficiently and effectively from both a product lifecycle and organizational perspective spanning concept, development, production, operation, maintenance, and decommissioning.
The WP.29 regulations from the United Nations Economic Commission for Europe (UNECE) make OEMs responsible for cybersecurity mitigation in four cybersecurity areas spanning the entire vehicle lifecycle: managing cyber risks; securing vehicles by design; detecting and responding to security incidents; and providing safe and secure over-the-air (OTA) software updates. While WP.29 defines concrete examples of threats and mitigations, OEMs can choose how they show the threats are addressed, such as complying with ISO/SAE 21434. The regulation is expected to be finalized in early 2021 and applied initially to many member nations including European nations, South Korea, UK, and Japan, and will likely influence vehicle homologation polices in the US, Canada and China.
WP.29 will be legally binding within adopting countries, and while the ISO/SAE 21434 standard is not a regulation, it is expected to be widely accepted in the global industry like ISO 26262 is today.
"Connected cars bring significant risks and rewards to OEMs and their suppliers," said Chris Rommel, Executive Vice President, IoT & Industrial Technology at VDC Research. "Green Hills has earned a high stature in the industry for supplying security-critical foundational software to companies building life-critical systems like aircraft avionics, vehicle ADAS and medical equipment, and its support of these new cybersecurity standards is noteworthy."

"ISO/SAE 21434 and WP.29 are valuable additional steps towards protecting connected vehicles from cybersecurity vulnerabilities," said Dan Mender, VP of Business Development at Green Hills Software. "Green Hills has decades of experience developing and delivering security-certified technologies at the highest levels. Adopting these standards expands our offerings to global automotive OEMs and their suppliers bringing the industry's leading secure software run-time environment to next-generation connected vehicle electronics."

Reference
(1) Source: VDC Research Group, Inc.: Automotive Cybersecurity Software & Services Market report, 2019 Strategic Insights Security & The Internet of Things Research Program.

About Green Hills Software
Founded in 1982, Green Hills Software is the worldwide leader in embedded safety and security. In 2008, the Green Hills INTEGRITY-178 RTOS was the first and only operating system to be certified by NIAP (National Information Assurance Partnership comprised of NSA & NIST) to EAL 6+, High Robustness, the highest level of security ever achieved for any software product. Our open architecture integrated development solutions address deeply embedded, absolute security and high-reliability applications for the military/avionics, medical, industrial, automotive, networking, consumer and other markets that demand industry-certified solutions. Green Hills Software is headquartered in Santa Barbara, CA, with European headquarters in the United Kingdom.
Green Hills, the Green Hills logo and INTEGRITY are trademarks or registered trademarks of Green Hills Software in the U.S. and/or internationally. All other trademarks are the property of their respective owners.

Spotlight

2015 was a year that, as predicted, saw an unsettling escalation in both cyberattacks and diversification in attack methodology. Since the cybersecurity landscape is constantly evolving, protection solutions must constantly shift to match, if not anticipate, attackers' modus operandi. Long story short: cyberattacks show no sign of slowing down. With this in mind, we look ahead to what's in store for 2016, examining some emerging trends that are likely to affect security requirements.


Other News
SOFTWARE SECURITY

Guidepost Solutions Acquires Significant Equity Interest in Cybersecurity Solutions Firm Truvantis, Inc.

Guidepost Solutions LLC | March 29, 2022

Guidepost Solutions LLC, a global leader in domestic and international investigations, compliance solutions, monitoring, and security and technology consulting, announced that it has acquired a significant equity stake in Truvantis, Inc., a cybersecurity company formed in 2010. Truvantis provides best-in-class cyber and privacy services to secure infrastructure, data, operations, and products. This strategic partnership allows both Guidepost and Truvantis to offer a wide-ranging suite of cybersecurity solutions and consulting services, at a time when cybersecurity risks are evolving and affecting all business operations. Truvantis is led by its founder and CEO, Andy Cottrell. With more than 25 years of experience in IT and cybersecurity, Cottrell has designed and implemented security solutions, launched innovative security products to market, and helped countless small and large companies improve their security posture. “I am pleased to announce this partnership with Truvantis, as part of our firm’s continued efforts to grow its capabilities and footprint in the cybersecurity arena. We are committed to providing our clients with unique solutions to defend against one of the greatest risks facing their companies – cyber threats. This partnership significantly expands our ability to fulfill that commitment.” Julie Myers Wood, Guidepost Solutions CEO This new alliance enables clients to leverage comprehensive threat, risk, vulnerability management, privacy, and assessment services to protect against a full spectrum of cyber and physical security issues and address a variety of regulatory and business-critical requirements. Today’s companies are faced with an increasing number of requests for independent verification of their cybersecurity and privacy policies and practices. Whether it’s an assessment against a security framework like the NIST CSF, ISO 27001, or CIS Controls, addressing compliance with privacy laws and requirements like the PCI DSS, or preparing for a SOC2 or HITRUST audit, companies are seeking help from highly qualified, credentialed consultants who can help address these complex cybersecurity and privacy challenges. The Guidepost/Truvantis team will afford clients a depth of expertise as well as a breadth of services to address a broad range of risk mitigation needs. “Guidepost Solutions is a leader in investigations, compliance, and physical security consulting and we’re excited to bring these capabilities to our clients to provide comprehensive risk management solutions,” said Andy Cottrell, CEO, Truvantis. “As the market continues to evolve toward consolidated physical, personnel, and cybersecurity management, this partnership enables us to provide the most comprehensive solutions in the market.” Through this investment and partnership, Guidepost Solutions and Truvantis are positioned to enhance cyber and physical security defenses for clients and provide resiliency for their critical systems. Specific security services include risk assessments, security testing, cyber investigations, cybersecurity governance, data protection, privacy consulting, operational security design and project management, vCISO, and remediation services. About Guidepost Solutions LLC Guidepost Solutions is a leader in domestic and international investigations, compliance solutions, monitoring, and security and technology consulting. We work wherever your needs take us – whether on the ground around the globe – or from one of our offices located in Bogotá, Boston, Chicago, Dallas, Honolulu, London, Los Angeles, Miami, New York, Palm Beach, Philadelphia, Phoenix, San Francisco, Seattle, Singapore, Walnut Creek, and Washington, DC. About Truvantis Inc. Truvantis® is a cybersecurity consulting organization providing best-in-class privacy and cybersecurity services to secure your organization’s infrastructure, data, operations, and products. We specialize in helping our customers improve their cybersecurity posture by implementing, testing, auditing, and operating information security programs.

Read More

DATA SECURITY

SentinelOne Expands Partner Ecosystem with New Zero Trust, CNAPP, Patch Management, and Threat Simulation Integrations

SentinelOne | January 15, 2022

SentinelOne an autonomous cybersecurity platform company, today announced integrations with Remediant, Blue Hexagon, Keysight, and Automox, expanding the set of capabilities available via SentinelOne’s Singularity Marketplace. With comprehensive integrations across enterprise use cases, the Singularity Marketplace enables customers to unify leading technologies to autonomously protect against threats at machine speed. Enable Zero Trust with Remediant SentinelOne’s joint solution with Remediant enables organizations to enforce Zero Trust solutions across cloud, hybrid, and on-premises infrastructure with a single agent. With the rise of credential stuffing attacks and ransomware, endpoints and identities are two of the most exploited attack vectors today. SentinelOne captures behavioral telemetry across user endpoints, cloud workloads and IoT, feeding process and file activities to Remediant. This enables administrators, auditors, and incident responders to identify malicious sessions and activity in a single workflow. “This partnership with SentinelOne marks one of the first, and best, examples of what becomes possible when leading identity and endpoint security solution providers align their capabilities,” said Paul Lanzi, Co-founder, Remediant. “As partners, we are both aware that today's remote workforce has to be secured by a new generation of tools that secure endpoints and privileged access. We're launching this partnership because EDR and identity vendors working together is one of the most powerful things we can do for our customers to ensure they can defend against attacks." Strengthens Cloud Ransomware Security with Blue Hexagon SentinelOne’s integration with Blue Hexagon enables the rapid detection and prevention of malware and ransomware in the cloud. As the first line of defense, SentinelOne secures endpoints, cloud workloads and IoT devices with AI powered protection, detection and response. The integration shares Blue Hexagon’s awareness of malware and ransomware reducing the time to respond through automated remediation. In addition, cloud misconfigurations are shared with SentinelOne. “We are excited to partner with SentinelOne, a leader in XDR, to provide a threat detection and response solution that unifies endpoint, cloud, and network security.With Singularity XDR and Blue Hexagon, joint customers can use leading solutions to seamlessly share ransomware intelligence and automate response across cloud environments.” Nayeem Islam, CEO and Cofounder, Blue Hexagon Proactive Threat Simulation with Keysight SentinelOne’s integration with Keysight allows joint customers to safely simulate threats in order to validate threat detection and remediation. Keysight’s Threat Simulator attacks both network and endpoints from a ‘Dark Web’ environment. Attacks are validated against Singularity XDR’s protection and detection models using SentinelOne’s rich API functionality, identifying gaps in the cyber kill chain and suggesting updates to organizational security infrastructure. “The integration of Keysight Threat Simulator with SentinelOne is exciting because it allows our joint customers to automate validation of their security processes and defenses before actual threats occur,” said Greg Copeland, Director of Technical Alliances, Keysight. “Cyber defense groups can test and train their operations teams using realistic scenarios, to sharpen their skills and procedures proactively.” Automate Vulnerability Management with Automox SentinelOne and Automox’s joint solution delivers end-to-end vulnerability discovery and remediation. As corporate networks become more technically diverse, organizations often struggle to keep up with patch management and cyber hygiene, forcing security teams to adopt multiple tools that require heavy training, dedicated on-site resources, and multiple dashboards. SentinelOne and Automox provide the visibility and workflows needed to significantly reduce the time to remediation and the burden on in-house resources. “As corporate IT environments become more distributed and overwhelmed with multiple operating systems and a vast inventory of third-party software, organizations are left wide open to cyber attacks,” said Jay Prassl, founder and CEO at Automox. “SentinelOne mirrors our mission to proactively reduce security exposure. Through our partnership, enterprise and government organizations benefit from a powerful, cloud-enabled solution to detect and remediate vulnerabilities, seamlessly and at scale.” About SentinelOne SentinelOne’s cybersecurity solution encompasses AI-powered prevention, detection, response and hunting across endpoints, containers, cloud workloads, and IoT devices in a single autonomous XDR platform.

Read More

ENTERPRISE SECURITY

SecurityScorecard and Marsh McLennan Collaborate to Elevate Cybersecurity in Challenging Risk Landscape

SecurityScorecard | January 28, 2022

SecurityScorecard, the global leader in cybersecurity ratings, today announced a collaboration with Marsh McLennan, the world's leading professional services firm in the areas of risk, strategy and people, to enable organizations around the world to improve their cyber resilience. As part of the collaboration, Marsh McLennan's Cyber Risk Analytics Center will leverage SecurityScorecard's data and analytics to gain real-time cyber risk insights and define risk mitigation strategies for the Company's global client base. The companies will also collaborate on joint research aimed at increasing awareness of cyber risk and educating the market on risk management strategies. "We are excited to work with Marsh McLennan, which understands that to stay competitive, you must stay innovative," said Prashant Pai, Senior Vice President and General Manager of Strategic Initiatives at SecurityScorecard. "Given how fast the cyber risk landscape evolves, it's essential that business leaders have access to the most up-to-date and complete view of a client's cybersecurity posture." "Cyber risk evolves minute-to-minute, making it challenging to build data-driven risk management strategies,SecurityScorecard's data and analytics are a valuable addition to our proprietary insights, furthering our ability to help our clients stay on top of emerging vulnerabilities and threats that may impact their businesses." Scott Stransky, Managing Director, Marsh McLennan Cyber Risk Analytics Center SecurityScorecard continuously monitors millions of entities worldwide and non-intrusively assesses their security posture across 10 risk categories including DNS health, IP reputation, web application security, network security, leaked information, hacker chatter, endpoint security and patching cadence. About SecurityScorecard Funded by world-class investors including Evolution Equity Partners, Silver Lake Partners, Sequoia Capital, GV, Riverwood Capital, and others, SecurityScorecard is the global leader in cybersecurity ratings with more than 12 million companies continuously rated. Founded in 2013 by security and risk experts Dr. Aleksandr Yampolskiy and Sam Kassoumeh, SecurityScorecard's patented rating technology is used by over 25,000 organizations for enterprise risk management, third-party risk management, board reporting, due diligence, cyber insurance underwriting, and regulatory oversight. SecurityScorecard continues to make the world a safer place by transforming the way companies understand, improve and communicate cybersecurity risk to their boards, employees and vendors. Every organization has the universal right to their trusted and transparent Instant SecurityScorecard rating.

Read More

DATA SECURITY

Axonius Unveils SaaS Management Solution to Combat Complexity, Cost, and Risk

Axonius | January 20, 2022

Axonius, the leader in cybersecurity asset management, today unveiled Axonius SaaS Management, a new comprehensive solution that helps security, IT, finance, and risk teams control the complexity, cost, and risk of software as a service (SaaS) with a single source of truth into their SaaS application landscape. As businesses rapidly increase consumption of SaaS applications, they face acute IT, security, and business challenges. The rate of SaaS adoption makes manual approaches to gaining a credible SaaS asset inventory woefully inadequate and exposes extremely difficult visibility challenges into both known and unknown SaaS applications. Compounding these visibility challenges, companies struggle to identify how data flows between apps, manage a myriad of configurations, and close security gaps, as well as track licensing and spend, across hundreds sometimes thousands of SaaS applications. Axonius SaaS Management lets customers address the operational and financial challenges of SaaS asset management, as well as the security and risk gaps, all via a seamless, nonintrusive deployment that delivers actionable insights from day one. This is the first product delivered by AxoniusX, the company’s innovation-focused business unit that launched in June 2021. “Over the past few years, we’ve seen tools emerge that address some aspects of SaaS management from either the business side or SaaS security posture management, but these approaches still leave companies with gaps in visibility and siloed information,We’ve built on our unique approach to cybersecurity asset management to deliver the same results for SaaS applications. With our rich history in building and maintaining API integrations with SaaS solutions, Axonius has the expertise and market traction to bring massive value to organizations struggling with the complexity of modern apps and infrastructure.” Amir Ofek, CEO and co-founder of AxoniusX Axonius SaaS Management uses adapters (API connections to data sources) and proprietary SaaS discovery tools to create a detailed inventory of all SaaS applications, permissions, and data flows. By connecting to all layers of the SaaS application stack, the solution discovers both the SaaS applications known to and sanctioned by organizations as well as shadow and unmanaged apps. This approach provides comprehensive visibility into all data types and interconnectivity flows, identifies misconfigurations and data security risks, and delivers actionable insights for better IT management and cost optimization. Axonius SaaS Management integrates with Axonius Cybersecurity Asset Management to provide a comprehensive platform that unifies all digital assets from SaaS apps to devices, user accounts, cloud assets, and more so customers can easily and effectively control complexity across the entire IT environment. About Axonius Axonius gives customers the confidence to control complexity by mitigating threats, navigating risk, automating response actions, and informing business-level strategy. With solutions for both cyber asset attack surface management (CAASM) and SaaS management, Axonius is deployed in minutes and integrates with hundreds of data sources to provide a comprehensive asset inventory, uncover gaps, and automatically validate and enforce policies. Cited as one of the fastest-growing cybersecurity startups, with accolades from CNBC, Forbes, and Fortune, Axonius covers millions of assets, including devices and cloud assets, user accounts, and SaaS applications, for customers around the world.

Read More

Spotlight

2015 was a year that, as predicted, saw an unsettling escalation in both cyberattacks and diversification in attack methodology. Since the cybersecurity landscape is constantly evolving, protection solutions must constantly shift to match, if not anticipate, attackers' modus operandi. Long story short: cyberattacks show no sign of slowing down. With this in mind, we look ahead to what's in store for 2016, examining some emerging trends that are likely to affect security requirements.

Resources