Adoption of the platform allows CATARC to scale their vulnerability management line of business with unprecedented levels of accuracy and speed.
Tel Aviv, Israel, May 3, 2022. Cybellum, the leading provider of the Product Security Platform that enables manufacturers and suppliers to continuously detect, manage, and remediate cyber threats and security vulnerabilities, announced today that it has teamed up with China Automotive Technology and Research Center, CATARC, to deploy an automated vulnerability management solution on CATARC Data Center.f
China Automotive Technology and Research Center (CATARC) is a science research institute established in 1985 to meet China’s need to manage the automotive industry and now belongs to SASAC (State-owned Assets Supervision and Administration Commission of the State Council). Following a detailed evaluation process, CATARC chose Cybellum’s solution to allow for the business to scale quickly to address local industry growth. The deployment has been done by GY Security, Cybellum’s partner in China. The goal was to shorten the CATARC’s certification process time-to-market while ensuring the highest security standards CATARC has always been committed to.
CATARC uses Cybellum’s platform to scan their customers’ embedded components. They serve some of the largest OEM and Tier 1 suppliers in China. Once scanned, the Cybellum platform automatically generates a detailed replica, or Cyber Digital Twin, of the component including its SBOMs, interfaces, operating systems configuration, encryption mechanism, hardening and mitigation mechanism, API calls and more, all with no access to its source code.
“Deploying the Cybellum platform at our labs is part of our broader vision to create an ecosystem that supports the vibrant Chinese automotive industry,” said YuQiao Ning Senior Security Manager at CATARC. “Being able to use the platform for validating the security posture of our customers, we shorten the assessment process and time to resolution, increase the accuracy of our cyber reporting and improve the compliance of our customers with standards and regulations.”
Cybellum identifies any potential vulnerability or threat within the code, and automatically filters out irrelevant vulnerabilities in line with standards and regulations. It also identifies any gaps with industry regulations or security policies, and then prioritizes the risks that matter most, providing remediation guidelines to ensure issues are mitigated before start-of-production (SoP).
“With automation comes the ability to scale, and in this case, to scan more automotive components, review more lines of code within those components and do it with more accuracy and speed,” explained Slava Bronfman, Co-founder and CEO of Cybellum. “Given the new standards and regulations that are redefining the automotive industry, OEMs and suppliers must be tested and certified as adhering to industry regulations, requirements, and security policies. Being able to efficiently serve the industry at scale was a major goal for CATARC, a goal they were able to achieve by automating the entire firmware testing process with Cybellum’s platform.”
China Automotive Technology and Research Center (CATARC) is a science research institute established in 1985 to meet China’s need of managing the automotive industry and now belongs to SASAC (State-owned Assets Supervision and Administration Commission of the State Council). We own total assets of RMB 7.14 billion including net assets of RMB 4.68 billion and cover an area of about 5 km2. Meanwhile, we have built the talent pyramid based on chief expert, reserved subject leader and young science and technology cadre, which is a human resources team with high educational background and proficiency in skill and management.
CATARC is the centralized technical organization of the auto industry and the technical supporting body to the relevant national government departments. With the independent and neutral role, we firmly take the development road of “guided by science and technology, focusing on service to the industry and supported by commercialization.”
Cybellum enables device manufacturers to keep the products they build secure and compliant, every single moment of their life. Industry leaders use Cybellum’s product security platform to fuse security into every phase of the product lifecycle. Powered by Cyber Digital Twins™ technology — a live digital replica of every software component inside your devices – Cybellum allows product security teams to manage cyber risk continuously, whatever new threat arises. From living SBOMs to automated vulnerability management and continuous monitoring, teams can ensure their product portfolio is secure from design to post-production and beyond.
Read more at cybellum.com
Marketing Manager, Cybellum