Cybellum announced the latest release of its award-winning product security platform. Release version 2.13 of Cybellum enables product and device manufacturers, and suppliers, to continuously detect, manage and remediate threats and vulnerabilities.
With Cybellum, they can rapidly comply with regulations, minimize their risk posture, and get unprecedented visibility into their supply chain, more quickly and efficiently than ever before.
Powered by Cyber Digital Twins technology, Cybellum creates an exact replica of every component inside the product’s software, including SBOMs, licenses, hardware BOMs, OS configurations, encryption mechanisms and keys, control flow, API calls and more. The Digital Twin is then matched with continuously updated vulnerability databases, for ongoing monitoring and reporting of threats, every step of the way.
“We are very proud of the strides made by our research and development teams in helping market leading automotive, medical device and industrial equipment manufacturers to produce secure and compliant products,” said Eran Rosenberg, Vice President of Product and Strategy at Cybellum. “Cyber threats are growing daily as hackers work to disrupt production, hold companies and customers hostage for ransomware, and damage the brands of manufacturers with visible attacks. Cybellum provides product security teams with the continuous and automated detection and remediation of vulnerabilities needed to combat these threats.”
This release includes groundbreaking new features and capabilities for product security teams including:
Continuous assessments – security validation of new versions of products released throughout the development process, reducing threat and risk posture through validation of vulnerability fixes and identification of new security, licensing, or compliance issues.
Compliance Center – meeting regulatory requirements across multiple products is challenging. The Compliance Center enables users to speed-up compliance by automatically generating and maintaining working products and documents needed for compliance, with a click of a button.
Virtual Analyst – leverages machine learning (ML) algorithms to enable analysts to automatically triage vulnerabilities using a context-based decision support mechanism. The Virtual Analyst reduces up to 90% of detected vulnerabilities, enabling product security teams to prioritize critical threat handling.
Extended CI/CD support – advanced workflows provide integration of the Cybellum platform with CI/CD systems. This is key for the automation and policy enforcement across all assets. It enables automated security testing and security policy validation of built artifacts during the development and testing stages. Supported platforms include Azure DevOps, Bamboo, BitBucket Pipelines, CircleCI, Gitlab, Jenkin and Red Hat Ansible.
Governance dashboard – facilitates oversight over the product security and compliance status of the organization to support business decision making such as, where budgets should be allocated, and which suppliers provide the most secure software and components. It monitors metrics related to product development, assessments, vulnerabilities, supplier performance and more.
Licensing management – providing visibility into the licensing threats associated with open- source software, reducing legal risk exposure, and enabling compliance with licensing standards such as OpenChain and ISO/IEC 5230:2020.
Version comparison – enables the security teams to see changes made during the lifecycle of the products and track the security posture changes over time. It facilitates the comparison of product/component versions highlighting the differences in the bill of materials, security posture, configurations and more.
Credit: Source link