-871.png)
VULTARA is a leading software system specifically designed for automotive cybersecurity development and management. It features a powerful and continuously updated security database and analysis engine, enabling automated support for threat analysis and risk assessment (TARA) as required by automotive cybersecurity standards, threat monitoring, and related process management. VULTARA's TARA database provides a wide range of vehicle system features and assets for users to select directly. Users do not need to start from scratch with TARA work but can instead define features, communication protocols, and related attributes based on VULTARA's database to quickly complete modeling according to system requirements. After the model is created, VULTARA's built-in threat scenario analysis engine can automatically identify the security risks that all assets under the functions of the system may face, including threat scenarios, attack paths, impacts, and risk values, and provide detailed and reasonable descriptions based on the STRIDE threat model. R&D teams and security teams can further define relevant risk handling methods and subsequent operations based on the TARA analysis results. Additionally, VULTARA offers a continuous monitoring mechanism for TARA after product deployment. When the risk values of threat scenarios change in VULTARA's continuously updated database, VULTARA will issue an alert to notify users of the risk value changes. Users can then decide whether to implement new information security measures for the threat scenario based on the alert. This ensures the continuous security of the product throughout the entire lifecycle of the automotive system.
Starting in July 2024, all new vehicle models released within the EU must comply with the R155 safety regulations in order to obtain new vehicle certification. Otherwise, they will not be allowed to be sold. In China, the mandatory standard “Technical Requirements for Cybersecurity of Motor Vehicles,” drafted by the Ministry of Industry and Information Technology, is also set to be officially released. The development process and content of this standard reference the R155 regulation, establishing clear mandatory requirements for vehicle cybersecurity and information security. R155 provides a reference standard—ISO 21434—for assessing the compliance of new vehicles. TARA serves as the starting point for deriving the cybersecurity and information security requirements mandated by ISO 21434. VULTARA is a security development system launched specifically to meet ISO 21434 compliance requirements. In addition to its powerful database and threat scenario engine for automatically generating threat scenarios and risk values, VULTARA also provides a mechanism to compare the generated threat scenarios with R155, enabling automotive R&D and security teams to more easily and quickly meet compliance requirements for automotive cybersecurity regulations.
Core Values
-
Significantly improve TARA efficiency and reduce engineering costs for secure development through automation
-
Seamlessly connect automotive R&D teams and cybersecurity teams to collaborate on security development efforts
-
Continuously monitor and ensure the risk indicators of products related to automotive network information security
-
Achieve UNECE WP.29 and ISO/SAE 21434 compliance faster and easier
-
Standardize cybersecurity development workflows for automotive systems
-
Conducive to fostering a corporate cybersecurity culture
Advantages and Highlights
-
VULTARA has a powerful built-in security database and threat engine that maximizes TARA automation
-
Database supports automatic risk updates and customization
-
VULTARA consolidates automotive cybersecurity TARA-related activities onto a single platform
-
VULTARA lowers the technical and experience barriers to security design through automation
-
“What you see is what you get” modeling capabilities provide a good intuitive GUI experience
-
VULTARA supports hyperscale deployment to enable collaboration across the entire team.
-
Supports the generation and customization of various reports and dashboards
-
Automatically generate UNECE WP.29 and ISO/SAE 21434 compliance reports
-
No installation required, offering SaaS and private deployment
-
VULTARA supports seamless integration with third-party management systems such as ALM/PLM/JIRA.
Key Features
-
Model Creation
-
TARA Automation
-
Risk Management
-
Continuous Monitoring
-
Permission Management
-
Third-party Integration
-
Model Creation Creating a product model is the foundation of all TARA analysis. VULTARA's built-in database provides users with a large number of predefined, reusable in-vehicle system features and assets, which users can select directly to create system models. System developers only need to define system requirements, features, data, control methods, communication protocols, and related attributes based on VULTARA's database to quickly complete safety modeling.
VULTARA provides detailed attribute settings for each function and asset, allowing users to adjust and optimize them according to their needs. VULTARA widely supports common in-vehicle communication protocols, such as CAN, LIN, WiFi, 802.11p, Bluetooth, NFC, etc., allowing users to configure relevant communication protocol parameters according to their needs.
In addition to VULTARA's built-in functions and asset database, experts in each module within the user team can also create the functions and assets required for their own professional modules to expand and maintain the database to meet their own development needs. These predefined and customized functions and asset databases greatly reduce the technical threshold for creating product models from scratch and significantly improve development efficiency.
-
TARA Automation
VULTARA has a built-in powerful security database and threat engine. Security personnel only need to click a button based on the created model to automatically complete the analysis and obtain key analysis results such as threat scenarios, attack paths, and risk values corresponding to each asset, and provide detailed explanations of risk values based on models such as STRIDE.
For attack paths, users can also add/modify attack tree graphical modeling and perform attack tree analysis to analyze complex attack paths and establish links between attack paths in text form and attack trees in graphical form.
Security experts on the user team can also customize or expand the database and threat engine according to their own needs and application scenarios to more accurately meet personalized requirements.
-
Risk Management
After VULTARA outputs the TARA analysis results, it provides a series of functions to support further risk mitigation. These include threat scenario handling methods based on the ISO 21434 standard: No treatment, Avoid, Reduce, Share, Retain, and other options at different levels, along with the ability to further configure security control methods. It supports automatically suggesting security goals (Security Goal) and security controls (Security Control) based on an internal database, and users can also customize security control methods according to their specific needs to accommodate various application scenarios.
After the risk response measures are set up, users can further analyze changes in damage scenario, feasibility, and impact before and after response based on the defined security objectives and security controls.
-
Continuous Monitoring
Focusing on automotive cybersecurity, VULTARA's security team closely tracks and researches security information and intelligence from the public internet, dark web, deep web, social media, and other sources. After analyzing and processing the relevant key information, it is incorporated into VULTARA's threat engine and software platform so that users can keep up with the latest security developments in real time.
Once TARA has completed its work, VULTARA will continue to monitor existing TARA results throughout the product's lifecycle. If new attacks occur that affect the existing risk value, VULTARA will promptly notify users of the change in risk value and recommend further action.
Typical threat intelligence services only provide “cybersecurity information” as defined by ISO/SAE 21434. If you use these services, you need to have your own analysts to drive cybersecurity incidents. VULTARA's security continuous monitoring capabilities not only provide users with “cybersecurity information,” but also provide you with “cybersecurity incident” response support, which is fully compliant with ISO/SAE 21434 and UNECE WP29 R155.
-
Permission Management
VULTARA offers a comprehensive and detailed permission management mechanism, with five levels of permissions built in, including administrator, global library user, project library user, project user, and project viewer user. Enterprise users can precisely control permissions for each user across various dimensions, including users, projects, databases, models, and TARA results. This supports large organizational structures by clearly defining permission boundaries between company management, central security teams, different departments, and project development teams, thereby effectively coordinating collaboration between departments and roles within projects.
-
Third-party Integration
VULTARA supports seamless integration with commonly used third-party systems such as ALM/PLM/JIRA, enabling secure development requirements to be seamlessly integrated into existing development management systems. Even for user-developed development management systems, VULTARA can provide data interaction APIs to support customized integration with different systems.
Software Deployment
SaaS deployment: | Support |
Private deployment: | Support |
Hardware requirements for private deployment: | CPU:4 cores or more / Memory: 64 GB or more / Hard drive: 1 TB or more *Hardware configuration depends on deployment scale. For details, please consult our technical engineers. |
Related
