Cybellum, the leading provider of the Product Security Platform that enables manufacturers and suppliers to continuously detect, manage, and remediate cyber threats and security vulnerabilities, announced today that it has teamed up with China Automotive Technology and Research Center, CATARC, to deploy an automated vulnerability management solution on CATARC Data Center.
China Automotive Technology and Research Center (CATARC) is a science research institute established in 1985 to meet China’s need to manage the automotive industry and now belongs to SASAC (State-owned Assets Supervision and Administration Commission of the State Council). Following a detailed evaluation process, CATARC chose Cybellum’s solution to allow for the business to scale quickly to address local industry growth. The deployment has been done by GY Security, Cybellum’s partner in China. The goal was to shorten the CATARC’s certification process time-to-market while ensuring the highest security standards CATARC has always been committed to.
CATARC uses Cybellum’s platform to scan their customers’ embedded components. They serve some the largest OEM and Tier 1 suppliers in China. Once scanned, the Cybellum platform automatically generates a detailed replica, or Cyber Digital Twin, of the component including its SBOMs, interfaces, operating systems configuration, encryption mechanism, hardening and mitigation mechanism, API calls and more, all with no access to its source code.
“Deploying the Cybellum platform at our labs is part of our broader vision to create an ecosystem that supports the vibrant Chinese automotive industry,” said YuQiao Ning Senior Security Manager at CATARC. “Being able to use the platform for validating the security posture of our customers, we shorten the assessment process and time to resolution, increase the accuracy of our cyber reporting and improve the compliance of our customers with standards and regulations.”
Cybellum identifies any potential vulnerability or threat within the code, and automatically filters out irrelevant vulnerabilities in line with standards and regulations. It also identifies any gaps with industry regulations or security policies, and then prioritizes the risks that matter most, providing remediation guidelines to ensure issues are mitigated before start-of-production (SoP).
“With automation comes the ability to scale, and in this case, to scan more automotive components, review more lines of code within those components and do it with more accuracy and speed,” explained Slava Bronfman, Co-founder and CEO of Cybellum. “Given the new standards and regulations that are redefining the automotive industry, OEMs and suppliers must be tested and certified as adhering to industry regulations, requirements, and security policies. Being able to efficiently serve the industry at scale was a major goal for CATARC, a goal they were able to achieve by automating the entire firmware testing process with Cybellum’s platform.”