- Semiconductor BusinessHOME
- Products and Services of Macnica,Inc.
-
technical information
-
Events and Seminars
- Handling Manufacturer
- Support
- Inquiry
- Click here to purchase products
- Semiconductor business e-mail magazine registration
Why Vulnerability Management?
In recent years, automotive software has become increasingly complex due to increased connectivity and functionality, resulting in a sharp increase in potential vulnerabilities. This has resulted in a greater risk of cyberattacks, while also mandating compliance with international regulations (ISO/SAE 21434 and UN-R155). However, in the field, software management still relies on spreadsheets and manual methods, and it takes a significant amount of time and effort to understand software components, identify vulnerabilities, and prioritize them.
Key challenges
- Vulnerability information is scattered and difficult to grasp
- I don't know the priority of the fix
- Sharing between teams takes time
To address these issues, the introduction of CycurANALYZE can efficiently detect vulnerabilities and optimize response.
What is CycurANALYZE?
CycurANALYZE powered by ONEKEY is a vulnerability management tool by ETAS.
This tool uses binary files to automate the generation and verification of software bills of materials (SBOMs), enabling proactive vulnerability detection and prioritization. It also reduces costs by proactively dealing with issues before they become security incidents, and can be smoothly incorporated into the development process through integration with CI/CD pipelines and API connectivity. It's a next-generation vulnerability management solution that simultaneously achieves regulatory compliance, efficiency, and risk reduction.
Main function
- Automatically generate SBOM from binary files
- Validate existing SBOM and discover hidden dependencies
- Vulnerability scanning and automatic prioritization
- Integration with CI/CD pipelines for automation
1. Automatically generate a Software Bill of Materials (SBOM) using binary files to identify components and dependencies within a product.
2. The existing verification process compares the existing SBOM with the binary files to detect hidden components.
3. Automate vulnerability scanning to identify known vulnerabilities for components.
Features
| Automatic generation and validation of SBOM |
Identify software components and dependencies from binary files and automatically generate a comprehensive SBOM. Validate existing SBOMs to visualize dependencies that are often overlooked, improve SBOM accuracy, and clarify potential risks. |
| Vulnerability detection and automated scanning |
It works with vulnerability databases such as NVD to automatically scan software components included in SBOM. It also efficiently detects known vulnerabilities and classifies them based on binary context, making them visible and providing actionable results. |
| Prioritize and respond efficiently |
Going beyond simple detection, it automatically prioritizes vulnerabilities based on the situation. By combining it with existing threat analysis and risk assessment information (TARA), you can focus on the most important issues and take action quickly. |
| Automation and Integration |
It can be integrated with CI/CD pipelines via API, automating vulnerability management at an early stage of the development process, helping to ensure security without putting a strain on daily development flows. |
導入メリット
| Strengthening your security strategy |
By automating everything from SBOM generation to vulnerability detection and prioritization, you can reduce human error, strengthen your security strategy, and proactively respond before a cyber incident occurs. |
| Time and cost savings | By automating vulnerability management tasks that were previously performed manually, the time required from detection to response has been significantly reduced, shortening the lead time to remediation and contributing to reduced man-hours and costs. |
| Quality improvement and regulatory compliance | SBOM generation and management and automated vulnerability assessment help comply with international standards and regulations in the automotive industry, such as ISO/SAE 21434 and UN-R155. |
| Affinity with the development process | It is designed to be naturally incorporated into development processes such as CI/CD, allowing security governance to be integrated without being separated. It can be used as part of DevOps and SecDevOps. |
Related product
Using information from Threat Analysis and Risk Assessment (TARA) performed with ETAS CycurRISK, you can automatically prioritize the most critical vulnerabilities based on asset impact and context.
Inquiry
If you have any questions about this product, please contact us using the information below.
ETAS manufacturer information TOP
If you would like to return to the ETAS manufacturer information top page, please click below.