Tel-Aviv, July 10th, 2024 – Cybellum, a leader in product security, announced the release of version 3.1 of its award-winning Product Security Platform for device manufacturers. This release includes powerful AI-related capabilities and multiple sought-after features for product security managers and practitioners.
The rise of Generative-AI technologies presents both opportunities and challenges for cybersecurity professionals. GenAI’s power lies in its ability to analyze vast amounts of data, providing insights through simple conversations. This empowers product security teams to streamline tasks like SBOM analysis, vulnerability triaging, and threat modeling, leading to faster and more informed decision-making. However, the challenge lies in securing the growing number of software-driven devices incorporating AI capabilities.
Cybellum’s V3.1 release addresses both areas with several AI-related features:
- Global “Ask Roman” AI assistant for better decision making: Expanding on the success of our “Ask Roman” feature launched earlier this year, V3.1 integrates GenAI across the entire platform. This context-aware AI helps users make informed decisions quickly and efficiently by conversing with a product-security-trained model.
- SBOM CoPilot Insights for better SBOM management: To rectify and improve the management of high-quality SBOMs, “CoPilot Insights” offer valuable recommendations such as identifying duplicate packages that can be merged, managing packages with multiple licenses, or detecting packages missing from the customer repository for further action.
- AI/ML component management for risk management of new features: The platform now enables the identification and categorization of AI/ML components, allows for policy management of GenAI-specific packages, and identification of AI-related vulnerabilities. This allows manufacturers to include new AI/ML-related features in their products while minimizing risks.
Our announcement of the new “Ask Roman” AI assistant functionality from earlier this year
In addition to these AI advancements, V3.1 introduces multiple new features for product security risk management and compliance:
Asset Management
- Enhanced package management for added SBOM control and quality – enables the seamless replacement of unapproved or unrecognized packages with validated alternatives from standard or custom repositories. This feature streamlines compliance efforts and strengthens software supply chain security
- Package tags and enhanced reporting for better control of shared data: Improved tagging and exclusion options for SBOM/VEX reports enable better management of package visibility, which in turn allows for better control over the SBOM/asset data shared with 3rd parties.
Assurance & Incident Response
- Private vulnerability feed support for more comprehensive risk assessments: Users can upload private vulnerabilities through the UI or via APIs, integrating them into comprehensive assessments alongside Cybellum’s multi-source public vulnerabilities database.
- CSAF-based vulnerability management for better alignment with CISA recommendations: Our deployment services now allow the integration of the Common Security Advisory Framework (CSAF) allowing vulnerability analysis to be done according to the framework, including data on affected status, impact, and action statements.
- Advanced PSIRT capabilities for risk-based vulnerability monitoring: A revised monitoring setup and management screen facilitates ongoing tracking of new vulnerabilities. Users gain comprehensive and timely visibility into impacted products, allowing for proactive security measures to be taken.
Compliance
- Submission-ready compliance kits for quicker evidence creation: Easily package all compliance documents into a single package for migration, auditing, or internal reviews.
Michael Engstler, CTO of Cybellum said: “Cybellum’s V3.1 release marks another significant leap in product security, leveraging AI and automation to enhance compliance and risk management at every stage”.
About Cybellum
Cybellum is where teams do product security. Device manufacturers such as Jaguar Land Rover, Audi, Faurecia, Supermicro, Danaher, and Rolls Royce use Cybellum’s Product Security Platform and services to manage the main aspects of their cybersecurity operations across business units and lifecycle stages. From Software Bill of Materials (SBOM) to Vulnerability Management, Compliance Evidence Creation, and Incident Response, teams ensure their connected products are fundamentally secure and compliant – and stay that way. To learn more visit www.cybellum.com
Media Contact:
David Leichner
[email protected]
Cybellum