Cybellum adds features to its product security platform in support of its Cybersecurity Management System

February 16, 2024

Cybellum joins forces with M-ISAC to help Japanese MDMs improve cybersecurity

Cybellum announced the latest major release, V2.38 of their Product Security Platform. Following the joint announcement with LG Electronics at CES 2024, this release introduces the CSMS Cockpit, enabling automotive OEMs and device manufacturers to significantly improve their cybersecurity management capabilities with a comprehensive view of product risk, security activities, and requirement validation status.

The new release offers advanced asset management capabilities, including SBOM Auto-Fix, which provides automatic error detection and correction when uploading CycloneDX or SPDX SBOM files. It also includes custom package management for including custom, in-house developed packages, and commercially sourced ones.

Cybellum V2.38 also includes the automatic correction of non-authoritative CPEs for improving SBOM accuracy and vulnerability management by automatically identifying and suggesting alternative, authoritative CPEs for unidentified/faulty ones.

In addition, the new release provides role-based approvals, enabling manufacturers to manage complete and accurate SBOMs that can be reliably shared and used for vulnerability management and incident response as required for existing and emerging regulations.

\”The latest update to Cybellum’s Product Security Platform doesn’t just enhance features, it empowers a paradigm shift in how organizations manage product security,” Asaf Atzmon, chief product officer at Cybellum, said in a media statement. “With capabilities like AI-powered vulnerability filtering and automated SBOM repair, we are reducing resources required, streamlining compliance, accelerating response times, and ultimately making connected devices safer for everyone.”

The rollout includes the Ask Roman AI co-pilot that reduces the time and resources required for vulnerability triaging and remediation. Together with the VM Co-pilot, this new capability allows teams to quickly filter out irrelevant vulnerabilities and pinpoint the ones that could have an impact on their products. It provides detailed mitigation recommendations and helps to identify which vulnerabilities can be found in products that have already been deployed in the market.

In addition, the new release includes support for the CISA KEV Catalog, to address regulatory requirements such as FDA PMA by leveraging CISA’s Known Exploited Vulnerabilities data within the platform.