In automotive cybersecurity news are BlackBerry Cylance, ALG, Auto-ISAC, NC4, BlackRidge, Green Hills, Cadence, Nanolock, Pelephone, Enigmatos and PureVPN.
CylancePersona for Security
BackBerry Cylance, a business unit of BlackBerry Limited , has been recognized as a leader in five distinct categories at the 2019 Cybersecurity Excellence Awards: Best Cybersecurity Company, Most Innovative Cybersecurity Company, Endpoint Detection and Response, Endpoint Security, and Best Cybersecurity Podcast.
The BlackBerry Cylance AI platform delivers a full suite of security solutions for comprehensive attack surface protection with deep-learning Al algorithms to support automated threat detection, prevention, forensic investigation, and response capabilities to customers worldwide. Its lightweight agent offers high performance and resiliency and requires only minimal updates to sophisticated multigenerational AI models that provide powerful data science capabilities designed to protect against future threat variants.
BlackBerry completed the acquisition of Cylance on February 21, 2019.
Verizon includes BlackBerry Cylance systems for its Managed Security Services (MSS) portfolio.
BlackBerry Cylance, a announced the introduction of CylancePERSONA, the first proactive endpoint behavioral analytics solution.
CylancePERSONA adds user monitoring to the company’s expansive defense of the enterprise and augments the AI-driven prevention, detection, and response capabilities of the Cylance native AI platform. This lightweight solution combines continuous biometric behavior and user conduct monitoring designed to identify suspicious users in real-time to prevent compromises.
Unlike other user monitoring solutions that rely on network traffic analysis or focus on detection without the ability to respond automatically, CylancePERSONA sensors are able to detect and score both malicious and anomalous conduct. CylancePERSONA monitors user activity and calculates a Cylance Trust Score; if the user trust score drops below a given threshold, step-up authentication action or suspension can be automatically initiated.
“Stealing valid credentials and impersonating users are two of the most successful vectors used by attackers,” said Rob Davis, founder and chief executive officer of Critical Start. “CylancePERSONA is the first solution to provide organizations a technology that can detect and respond to the use of stolen credentials on the endpoint—both on and off the corporate network.”
Key features of CylancePERSONA include:
- Behavioral biometric analysis: Continuous monitoring of user behavior with real-time detection of suspicious keyboard and mouse actions that could indicate an imposter.
- User conduct monitoring and analysis: Real-time monitoring of user actions with instant identification of anomalous user activity to indicate a possible remote account takeover.
- Contextual authentication analysis: Making use of previous user login activity such as location, time, or method to ensure current login attempts are valid.
- Automated user-centric response: Ability to interrupt user activity automatically upon detection of anomalous or suspicious actions with responses such as user logoff, suspended processes, and step-up authentication.
- Malicious and anomalous conduct detection: Ability to reduce false positives using baseline user activity.
- Cloud-based APIs: Enablement of zero-trust integration to third-party products using the Cylance Trust Score.
NC4 Partners with Auto-ISAC
NC4, a leader in revolutionizing safety and security, and an innovator in cyber threat intelligence solutions, is excited to announce a partnership with Automotive Information Sharing and Analysis Center (Auto-ISAC). With the implementation of NC4 Mission Center™, Auto-ISAC will continue to build on their mission of providing a global information sharing community to address vehicle cybersecurity risks.
Formed in 2015, Auto-ISAC operates a central hub for sharing, tracking and analyzing intelligence about cyber threats, vulnerabilities and incidents related to the connected vehicle. After several yearly expansions, the current membership base accounts for nearly all light-duty vehicles in North America, heavy trucking original equipment manufacturers (OEM) and suppliers, the Commercial Vehicle sector and 47 global OEMs and suppliers.
The partnership between NC4 and Auto-ISAC will not only help members stay informed of relevant cyber threats, it will also make available other valuable NC4 solutions that unify teams to empower human collaboration, accelerate defensive actions, and measure results, effectiveness and return on investment of community defense.
BlackRidge Joins AGL
BlackRidge Technology International Inc., cyber defense solutions, has joined Automotive Grade Linux (AGL), a collaborative open-source project at The Linux Foundation. The project brings together automakers, suppliers and technology companies to accelerate the development and adoption of a fully open software stack for the connected car.
BlackRidge originated from a Department of Defense contract to cloak critical internet connected assets used in the Afghanistan war. The principle behind the original technology — you can’t attack what you can’t see — continues to underlie the company’s identity-based authentication and access control technology. Today, this technology shields enterprise networks, critical infrastructure and internet of things (IoT) connected devices.
All three layers of the connected car ecosystem are vulnerable to attack — the vehicle layer (telematics, communications module, infotainment system, key), the network layer (cellular network, satellite communications, grid infrastructure) and the application layer (telematic service providers, public and private clouds, data intermediaries).
BlackRidge’s patented First Packet Authentication™ technology authenticates identity and enforces security policy on the first packet of a network session, before a connection is established. It is applicable across the entire ecosystem and can be embedded as the infrastructure for connected cars is built. The technology can block or redirect network traffic, control access, and enable network microsegmentation and segregation.
Cadence and Green Hills
Cadence Design Systems, Inc. and Green Hills Software, a privately held company announced a strategic partnership that is expected to leverage their respective strengths to drive embedded system safety and security, while accelerating growth for both companies. As part of the partnership, Cadence has invested about $150 million that represents an approximate 16 percent ownership interest in Green Hills, and Cadence CEO, Lip-Bu Tan, has joined the Green Hills Board of Directors.
There continues to be rapid growth of hyperconnected embedded systems that are deployed into critical infrastructure such as aerospace and defense, automobiles, industrial and medical devices. Security has become one of the most serious challenges that these industries face, and it is paramount that all embedded systems are designed with safety and security in mind.
Green Hills is the industry leader in embedded safety and security software solutions, with its INTEGRITY-178B real-time operating system having been certified to EAL6+, the highest Common Criteria security level achieved for an operating system. Green Hills products are broadly deployed across multiple application domains, particularly in aerospace and defense, with customers including Boeing and Lockheed Martin, and in automotive, with many top OEM and Tier 1 customers including Toyota and Ford.
The partnership furthers the Cadence System Design Enablement strategy and builds upon its leading core electronic design automation (EDA), verification hardware, embedded processor and IP solutions to address new market expansion opportunities in the estimated $3 billion plus embedded system safety and security space. Cadence and Green Hills expect to collaborate on providing integrated solutions that comprehend both hardware and software aspects of safety and security, to enable the development of highly secure embedded systems.
The partnership will leverage the technologies, domain expertise, market reach and resources of both companies to explore opportunities for joint go-to-market and technology collaboration across the companies as well as joint marketing initiatives.
NanoLock Partners with Micronc
NanoLock Security, a leading management and security provider for IoT and connected devices, today announced that it is collaborating with Micron Technology, Inc. (Nasdaq: MU), an industry leader in innovative memory and storage solutions, to provide a Flash-to-Cloud management solution for security of Internet of Things (IoT) and connected devices.
The NanoLock and Micron Authenta technology solution will be based on a Flash-to-Cloud trustworthiness model that is quickly gaining in market acceptance due to the simplicity and high integrity derived from single storage silicon – standard flash memory — providing critical health and protection schemes for code and critical data. Users will be able to easily register, provision and provide advanced services like firmware-over-the-air updates (FOTA), all verified in a silicon root of trust. Integrated into NanoLock’s Flash-to-Cloud platform, Authenta technology allows device makers to design with standard flash memory and maintain backward compatibility. It enables mutual protection from the production line through the device’s end of life, while consuming virtually zero computing and power resources.
Pelephone and Enigmatos
Pelephone recently signed a collaboration agreement with Enigmatos, which will provide technology consulting to the company’s Smart Cars Department. Pelephone entered the field of connected cars with the launch of the Pelephone Car service which transforms each vehicle into a “smart” car. The cooperation with Enigmatos indicates the importance that Pelephone attributes to the field of connected cars.
Enigmatos, a growing player in the fields of technology and cybersecurity for connected vehicles, can add the agreement with Pelephone as part of a long line of impressive achievements.
Enigmatos, an Israeli startup, has developed technology to protect vehicles from cyber attacks. The company’s President is Major General (Ret.) Ami Shafran, previously the head of the Israeli Defense Forces’ Information & Communication Technology (ICT) and Cyber Defense Command.
Realizing this huge gap in the cybersecurity of connected cars, PureVPN has proactively started various R&D initiatives to address this growing concern. There have already been numerous incidents where hackers were successful in taking control of IoT devices. Imagine the horror if a hacker takes control of a vehicle‘s extremely vulnerable CAN bus. The hacker could then lock the brakes or the steering of the vehicle.
A scenario similar to this isn’t just the work of fantasy anymore; hackers were able to take over a jeep and do as they wished with it in the not-so-distant past.
Read all Automotive Cybersecurity.
You are welcome to subscribe to receive email notification of publication of Connected Car News Cybersecurity, you can also get weekly news summaries or daily emails.