Our ESCRYPT Vulnerability management solutions identify hundreds of potential findings in software-defined vehicles that must be contextualized, reviewed, and prioritized before addressing vulnerabilities. Our solution efficiently automates the identification of key vulnerabilities relevant to your project context, allowing you to allocate resources efficiently and focus on the most critical issues.
Automated analysis
Automated analysis of firmware by unpacking binaries, identifying components, and generating a BOM.
Automated detection
Automated detection of vulnerabilities by scanning BOM components against public vulnerabilities databases.
Focus and prioritization
Reduces total vulnerabilities by performing threat and risk analysis with ESCRYPT CycurRISK.
Customized support based on your needs
ESCRYPT Vulnerability Management provides you with three options to successfully introduce and implement vulnerability management according to your requirements.
ETAS delivers a comfort service: our consulting security experts analyze your firmware binaries and scan your BOM for vulnerabilities. We provide you with regular reports detailing the identified vulnerabilities measured via CVSS score.
You have access while ETAS manages the software infrastructure to provide a cost-efficient solution.
You manage and have access to the software: ETAS as value-added reseller offers an innovation software for an on-premise solution.
ETAS meets ONEKEY: vulnerability management for software-defined vehicles
ETAS and product security specialist ONEKEY offer a joint solution for effective risk-based vulnerability management in software-defined vehicles. The ONEKEY software automates the real-time analysis and creation of software bill of material (BOM) from firmware binary files. At ETAS, we combine our expertise in automotive cybersecurity and our product, ESCRYPT CycurRISK, to focus on and prioritize the critical vulnerabilities that truly matter in your context.
- Automated software component analysis provides visibility into your software supply chain.
- Automatic detection of vulnerabilities using interfaces to vulnerability databases like NVD, mapping the CVEs to CVSS.
- Compliance wizard ensures alignment with key regulations like UN R155 and ISO/SAE 21434.
From automated vulnerability detection to a dynamic TARA process
ESCRYPT CycurRISK supports the creation and maintenance of threat analyses and risk assessments (TARAs). It allows you to capture valuable context information about the analyzed functionality or component, enabling an assessment of the impact of potential attacks on assets in a given context. By prioritizing critical vulnerabilities, the integration of ESCRYPT CycurRISK with ONEKEY makes managing a large number of identified vulnerabilities much more efficient.
Do you have any questions about ESCRYPT Vulnerability management solutions?
We look forward to hearing from you and discussing your challenges!