Public Relations

Asgent Announces Start of Sales for ThreatHive, Service for Early Detection of Vulnerabilities in Automotive ECUs

October 11, 2018
Asgent, Inc.
（JASDAQ: 4288）

  Asgent, Inc. (JASDAQ: 4288, President & CEO: Takahiro Sugimoto, located in Chuo-ku, Tokyo), a pioneer in network security and operations management solutions, announces the start of sales for "ThreatHive", a service for early detection of vulnerabilities in connected vehicle ECUs, from Karamba Security Ltd. (CEO & Co-founder： Ami Dotan, located in Israel).

[Background]
  Electronic control units (ECU) that are deployed in automobiles are used in many ways, including controlling the engine, brakes etc. As the call for the commercial viability of connected cars grow stronger, it is more imperative than ever to be able to prevent hacking of the ECU from the internet. ECUs are normally developing using a process of Demand Analysis > Software Design > Coding > Individual Testing > Combined Testing > General Testing > Goodness of Specification Fit Test. Security testing is performed in the "General Testing" phase. However, because there are requirements to perform various tests other than for security, it is commonly the case that security tests do not have a lot of time spent on them. Also, it can prove realistic unfeasible for a superior red team (test team) to be outsourced in a timely and cost effective manner. If for some reason a vulnerability is found, because modifications to the ECU that had already completed the General Testing would be required, there was the issue of more time being required for the product to go to market. In addition, in cases where personnel resources or security knowledge and procedures to find vulnerabilities are insufficient, there would be a need for frequent updates.

[ThreatHive]
  Karamba´s "ThreatHive" provides a platform for early detection of ECU vulnerabilities. By deploying in-development ECU software in Karamba´s cloud-based virtual machines in multiple locations around the world, threat information is collected. By analyzing the collected information, it is possible to gain information on vulnerabilities before the General Testing phase. The software can then be further strengthened by modifying the software based on that vulnerability information. This in turn allows for go to market time to be shortened, and the number of update post-deployment to be reduced.
  Karamba CEO & Co-founder, Ami Dotan, made the following comment.
"Karamba´s new portfolio for protecting ECUs provides insights gained through security research to secure connected vehicles. Customers are requiring methods to test the product with security scenarios. With this approach, it is possible to gain information on cyber-attacks with plenty of time to make modifications to the problem. By gaining insights to the vulnerability, customers can renew their prevention technology before going into production and fix the vulnerability without sacrificing go to market time."

[Auto-ISAC]
  Auto-ISAC (Automotive Information Sharing and Analysis Center) is an organization established, in the US automotive industry, with the objective of establishing a secure platform to share, track and analyze intelligence related to potential vulnerabilities and cyber-attack threats. Among its members are OEMs and Tier1 suppliers such as Ford, General Motors, Toyota, Mazda, BMW etc. and it functions as a hub for sharing and analyzing incidents related to connected vehicles, cyber threats and vulnerabilities.
  Auto-ISAC also has a strategic partnership program, and only those companies that have been vetted and approved by Auto-ISAC board members can be recognized as strategic partners. Karamba´s method for early detection of vulnerabilities with ThreatHive was recognized, and it became a strategic partner in September 2018. In the future, Karamba will act as a strategic partner to provide Auto-ISAC and its members with attack data and vulnerability information against general components gathered using ThreatHive. Karamba is the only partner to provide vulnerability information as a service to Auto-ISAC.
  
Auto-ISAC’s Executive Director Faye Francy made the following comment about Karamba’s participation in the strategic partnership program.
“We are happy to welcome Karamba as a strategic partner into Auto-ISAC. We have high hopes for the ECU vulnerability and threat insights they can provide. By utilizing Karamba’s ECU strengthening and forensic information, we will be able to fully implement it into the complete automotive lifecycle.”

Asgent will provide ThreatHive with Karamba to domestic OEM and Tier1 suppliers. Start of sales is planned for Q1 2019, and the product cost is open priced.

※Company and product names are the trademarks or registered trademark of the respective companies.