CPS security menu
CPS security business
HOME
Handling Manufacturer
solution·
service
column·
example
Document
event·
seminar
Inquiry
Factory (OT) Security
Product (IoT) Security
consulting

Key points for security measures during development

In terms of security measures during development, it is extremely important to eliminate vulnerabilities during the development stage before product release. As shown in the figure below, it is necessary to cover the latest vulnerabilities and attack trends through the three steps of "goal setting", "measures", and "confirmation". In order to realize these three steps, it is necessary to ensure the comprehensiveness and sufficiency of the latest vulnerabilities, which are increasing day by day, and to improve the efficiency of countermeasures. , the realization of these is a challenge.

Macnica offers the particularly important services of "risk assessment," "firmware diagnosis," and "penetration testing."

risk assessment

Risk assessment has the following three effects: (1) Grasping risks without omissions (2) Reflecting countermeasures in the upstream design stage (3) Separating the scope of responsibility between creators and users is. Through reviewing the specifications of the customer's product and interviewing relevant parties, we grasp the assets to be protected and the situation in which the target product is placed. Based on this information, we list attackers, attack scenarios, threats, and vulnerabilities, and rank them according to the degree of impact if left unattended. The final report will also include recommended actions.

Firmware diagnostic

Firmware is an important point in security measures for IoT devices. The firmware diagnostic service provided by Macnica collects important security checkpoints in a database, focusing on open sources, which have a particularly large number of disclosed vulnerabilities, and checks the firmware to be diagnosed to detect vulnerabilities. Visualize.

Since it can be diagnosed in a short time using only firmware, it can be used not only in daily development work, but also in the upstream stage of design, reducing rework associated with countermeasures. In addition, since it can be diagnosed in binary, it is also effective for supply chain risk countermeasures by diagnosing externally procured components.

Penetration test

Penetration tests are conducted to confirm that the goals set are sufficient and that the security measures implemented are working effectively. Penetration testing provided by Macnica and its partners can be applied to a wide range of products and systems.

 

We will create a proposal based on the information you provide, and after consultation with the customer, we will conduct a test that meets your request. We also offer retesting after fixing vulnerabilities, so you can check if the vulnerabilities found in the first test have been fixed.

Improving the comprehensiveness and efficiency of security measures when developing IoT devices

The "Risk Assessment," "Firmware Diagnosis," and "Penetration Test" provided by Macnica can be implemented in conjunction with each other to help improve the comprehensiveness and efficiency of security measures.

 

 

Please feel free to contact us as we will support the most suitable IoT security measures for our customers.

Contact Us