News
Vendors

Cybellum’s Product Security Platform 3.0: Risk Edition enables threat modeling, risk and compliance management at scale 

May 17, 2024
Cybellum joins forces with M-ISAC to help Japanese MDMs improve cybersecurity

Cybellum ​has announced the release of the Product Security Platform 3.0: Risk Edition, offering teams the capability to proactively manage product cyber risks and ensure regulatory compliance with enhanced efficiency and scalability. The latest release incorporates new features such as threat modeling, SBOM (Software Bill of Materials) merging, fuzzing support, and additional functionalities. These additions provide management with a holistic perspective of product security risks through a unified governance dashboard.

The release follows the four main pillars of Product Security which include risk management, compliance, product assurance, and asset management. 

  • Risk management: Building upon the success of Cybellum’s CSMS Cockpit debut at CES (co-designed with LG), Cybellum’s Product Security Platform 3.0 enhances risk management by seamlessly integrating asset data with all security activities and findings, creating a unified product security landscape. This comprehensive view empowers device manufacturers to make informed decisions and prioritizes risk mitigation. Dashboards tailored to specific use cases and KPIs offer clear insights into risk exposure, allowing customers to guide teams toward optimal product security outcomes.
  • Compliance: The Product Security Platform 3.0 removes the burden of getting ready for regulatory compliance, with a new Product Compliance Manager for regulations and standards such as the FDA’s premarket guidelines, ISO/SAE 21434, IEC 62443, EU CRA, and others. It generates audit-ready reports based on regulation-specific report templates that can be customized to meet any regulation or standard, collects external evidence, and tracks report preparation progress – significantly reducing the burden of compliance document management.
  • Product Assurance: Threat Modeling / TARA is now integrated into the product assurance process as another source of threat data, facilitating vulnerability handling, and strengthening proactive threat models to improve product security and threat modeling ROI. The new release will also integrate security test results from third-party tools including pen-testing, fuzz testing, SAST data, and threat feeds.
  • Asset Management: Product security depends on high-fidelity SBOMs and asset definitions. The Product Security Platform streamlines asset management for better quality and reliability. It allows merging SBOMs from multiple sources (third-party scanners, SBOM files, and Cybellum’s binary analysis engine) for a complete picture of the software. Organizations can even autofix SBOMs to improve data accuracy and manage custom packages for proprietary or third-party components for complete SBOMs that meet and exceed industry standards (such as the NTIA’s Minimum Elements of an SBOM).

“Powering the implementation of the Product Security Platform, Cybellum’s Synergy Services provides customized deployment tailored to each manufacturer’s product development “Regulators have made cybersecurity a major requirement in recent compliance guidelines,” said Slava Bronfman, co-founder and CEO of Cybellum. “Cybellum’s Product Security Platform 3.0: Risk Edition enables manufacturers and suppliers to harness the power of data and automation to gain a competitive edge and continuously manage product cyber risk with threat modeling and AI-powered insights. This allows for systematic compliance with regulations at scale, all while reducing costs and resource consumption, streamlining operations, and improving efficiency processes and environment.”

Industrial Cyber News Desk
Industrial Cyber News Desk

Webinar: A Sense of Urgency - Industrial Cybersecurity and Compliance Under the NIS2 Directive

Register: June 27, 2024 2pm CET

http://industrialcyber.co

Related

Analyzing role of C-Level executives, management in enhancing cybersecurity within industrial sectors
Analyzing role of C-Level executives, management in enhancing cybersecurity within industrial sectors
DHS Secretary Mayorkas unveils strategic guidance to bolster US critical infrastructure security and resilience
DHS Secretary Mayorkas unveils strategic guidance to bolster US critical infrastructure security and resilience
House Committee urges DHS, DOE to declassify risks of Chinese-manufactured drones
House Committee urges DHS, DOE to declassify risks of Chinese-manufactured drones
US DHS partners with Indonesia to strengthen maritime cybersecurity in Indo-Pacific region
US DHS partners with Indonesia to strengthen maritime cybersecurity in Indo-Pacific region
Broadcom's Symantec solutions achieve IRAP certification, meeting Australian government standards
Broadcom’s Symantec solutions achieve IRAP certification, meeting Australian government standards
MITRE launches ACID to boost OT security with ATT&CK-based indicators using CISA's ICSNPP Parsers
MITRE launches ACID to boost OT security with ATT&CK-based indicators using CISA’s ICSNPP Parsers
Fortinet reports surge in OT system cyberattacks with phishing and email compromises leading to intrusions
Fortinet reports surge in OT system cyberattacks with phishing and email compromises leading to intrusions
US CISA issues ICS cybersecurity advisories for Emerson, Mitsubishi Electric, Johnson Controls equipment
CISA warns of path traversal vulnerability in RAD Data’s SecFlow-2 hardware
US DOE introduces supply chain cybersecurity principles to bolster global energy infrastructure security
US DOE introduces supply chain cybersecurity principles to bolster global energy infrastructure security
Global cybersecurity agencies advocate adoption of zero trust, SSE, SASE to enhance network access security
Global cybersecurity agencies advocate adoption of zero trust, SSE, SASE to enhance network access security