Corporate

Product security at every step of the lifecycle

By Guy Gilam

Cybellum recently signed a technology partnership agreement with Siemens Digital Industries Software to integrate Siemens’ Polarion Application Lifecycle Management solution (ALM) with its product security platform. The combined offering enables users to quickly pinpoint vulnerabilities and risks and remediate them across the product security lifecycle management.

Partnerships that work

Polarion & Cybellum
Polarion & Cybellum

Polarion automates the management of systems engineering projects and enables quality embedded software development with the industry’s highest efficiency and ROI. Cybellum continuously monitors the software for vulnerabilities and cybersecurity threats, mitigating software risks from design to postproduction.

The integration of these best-of-breed solutions provides development organizations with a comprehensive ecosystem, encompassing advanced development management with the ability to identify, manage, prioritize, and mitigate cybersecurity and safety threats throughout the engineering cycle. This will enable the production and maintenance of secure products for automotive, medical devices, and industrial IoT (IIoT) industries. It will also allow faster compliance with emerging and growing regulatory complexities.

With software developed and integrated with open-source code, and endless supply chain components upon which we have limited control, we are encountering security threat levels never before encountered. Throughout the product’s life, from design to development and postproduction, the security risk posture changes countless times with every software component added, open-source threat discovered, or Common Vulnerabilities and Exposures (CVE) exposed.

The product security practices we rely on are simply not built for today’s devices, and for the most part, they are static and limited. They are either too limited or applied way too late in the product life cycle, often leading to costly recalls, device re-architecture, and a direct hit on the organization’s brand and reputation.

Securing the product lifecycle

Cybellum’s Product Security Lifecycle Platform enables device manufacturers to secure their products throughout their entire life – from first design to operational use and years after.

Powered by Cyber Digital Twins™ technology, a real-time, highly-detailed digital replica of every software component inside the device, Cybellum continuously and automatically scans the device system for risks, with every firmware change or vulnerability discovered. In addition, the Cybellum platform provides the infrastructure and means needed to develop and maintain secure products at scale using  Cybellum Product Security Assessment and Product Security Operations.

Product Security Lifecycle Management Platform Cybellum
Product Security Lifecycle Management Platform Cybellum

Expose cyber risk without source code

Cybellum Product Security Assessment enables automatic cyber risk exposure in binary code throughout the product design and development phase and in mission-critical microcontroller-based components. No source code is needed.

InfoPlaySys 700 Vuln Assessment
InfoPlaySys 700 Vuln Assessment

The solution helps reveal all product characteristics (hardware architecture, operating systems, SBOM, licenses, configurations, control flow, APIs, and more), enabling SBOM management and supply-chain oversight, automated vulnerability management, and compliance with regulations and policies.

Product Security Assessment analyzes proprietary code exposing zero-day weaknesses that may introduce significant cyber risks. In addition, it validates compliance with software licensing and security policies, including industry regulations and standards, secure coding best practices, cryptography-related issues, privacy violations, and more.

It includes governance dashboards for managerial oversight over security, licensing, and compliance operations, enabling continuous risk reduction and improving the organization’s security posture.

Cybellum dashboard
Cybellum dashboard

Automate threat intelligence

Cybellum Product Security Operations continuously monitors all components and product postproduction for new vulnerabilities and threats across public, private, and dark-web sources and tracks changes in the severity of previously known vulnerabilities. In addition, it automates threat intelligence gathering and impacts assessments, facilitating prioritization of security issues based on the actual risk they pose to your devices.

Cybellum threat feeds
Cybellum threat feeds

Product Security Operations cuts down incident response times by providing mitigation recommendations and integrating with remote software update systems, keeping products and users safe and secure. Deployed on-prem or in the cloud, it is an agentless solution that integrates seamlessly with existing SDLC, asset-management, SOC, and PSIRT systems.

Supported uses cases

The combined offering of Cybellum and Siemens Polarion ALM supports numerous use cases, including Cyber BOM Management, Automated Continuous Vulnerability Management, Red Team Automation, License Policy Enforcement, Threat Hunting and Governance, and Compliance. 

Learn more about these use cases and how Cybellum can help significantly improve product security posture.

The Future Car: A Siemens Podcast: Cyber security startup Cybellum defends against automotive cyber security attacks.

Guy Gilam is the head of product marketing at Cybellum. He enjoys cultivating the connection between innovation and market value, aided by 15 years of product management and marketing experience at start-ups and tech giants in domains ranging from cyber security to TV services to IoT platforms.

Cybellum enables manufacturers to mitigate software risks throughout their entire lifecycle from design to end-of-life. Cybellum’s Product Security Lifecycle Management platform, powered by its Cyber Digital Twins™ technology, enables OEMs and suppliers to automatically detect, manage, and remediate vulnerabilities at scale. In addition, it can rapidly comply with existing and emerging regulations quickly and efficiently. Cybellum’s customers include leading product and device manufacturers in the automotive, medical, and industrial device industries.

Cybellum is a Siemens Digital Industries Software Software and Technology Partner. Software and Technology partners are leaders in their domain and leverage the open Xcelerator portfolio to provide customers with a comprehensive set of integrated solutions.

Leave a Reply

This article first appeared on the Siemens Digital Industries Software blog at https://blogs.sw.siemens.com/partners/product-security-lifecycle-management-siemens/