Gartner在市場趨勢報告中提到VicOne的車用資安方案

2023年1月16日
VicOne
Gartner在市場趨勢報告中提到VicOne的車用資安方案

In its report “Market Trend: Connected and Autonomous Vehicle Data Enhances Software Life Cycle Management Transformation,” Gartner® mentions VicOne.

The report, which was written by the Gartner analysts Jonathan Davenport and Pedro Pacheco and published on Sept. 23, 2022, suggests that automakers have been embedding connections into more of their production vehicles to collect data and store it in the cloud. “Data is being collected to optimize software life cycle management and enable the provision of connected vehicle services or improvements to core vehicle functions, such as infotainment and advanced driver assistance systems (ADAS),” the report states.

We believe such handling of data represents new opportunities that will enable automotive manufacturers (OEMs) to improve their vehicles’ overall reliability and functionality. For example, vehicle sensor data such as odometer readings, mileage, and other diagnostics can provide OEMs with a richer and more accurate report of vehicle conditions. Analyzing these could help them efficiently manage their vehicles’ maintenance and software updates.

“Data is also collected to support remote security monitoring of vehicles,” the Gartner report further states. And VicOne is mentioned as an example of one such company. Click here to read more. (Gartner subscribers may access the whole report.)

VicOne develops cutting-edge solutions that address the unique challenges faced by automotive OEMs. The cloud-based extended detection and response (XDR) platform xNexus analyzes cross-data for vehicle security operations centers (VSOCs) for preventing cyberthreats. And the frictionless on-board intrusion detection and prevention system (IDPS) xCarbon and the vulnerability management tool xZETA enable automotive stakeholders to receive data other than vehicle status data and cloud service data; now system events, ADAS-related events, and firmware vulnerability information can all be consolidated on one platform, giving more context and information for investigating threats.

An example of the value of cross-data correlation can be seen in a case that was disclosed in 2021 by a German research team. The research team successfully compromised and gained control of Tesla’s in-vehicle infotainment (IVI) system by exploiting operating system (OS) vulnerabilities, and were able to insert unauthorized code to gain access to the IVI system with higher privileges.

In this use case, xNexus can identify anomalous events such as unusual on-board diagnostics (OBD-II) connection, unauthorized updates, and malicious CAN bus messages. After detecting abnormal activity, xNexus can outline the attack flow step by step (for example, exploitation of remote services à exploitation of OS vulnerability à code injection à sending of malicious CAN message), enabling automotive OEMs to see the big picture for easy investigation. After determining that it is a real threat, xNexus can list out car models affected by the vulnerability to show the scope of impact easily.

All this is powered by VicOne’s automotive attack mapping (based on the MITRE ATT&CK® framework), which provides unique insights into the tactics and techniques used in each stage of an attack on a connected car. xNexus can map the identified activity to help OEMs plan for the future. In this case, knowing that attackers could gain access by exploiting OS vulnerabilities can help OEMs consider working with suppliers to strengthen software vulnerability management for ECUs.

Leveraging over 30 years of cybersecurity experience from Trend Micro and the expertise of more than 10,000 independent researchers from Zero Day Initiative (ZDI), VicOne’s automotive cybersecurity solutions use the latest technologies like behavior monitoring and detection and response to help automotive stakeholders secure connected cars and comply with regulatory requirements.

Learn more about our solutions by visiting our homepage.

Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose. Gartner is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved.

VicOne新聞與觀點

深入瞭解汽車網路安全

閱讀最新報告

馬上體驗更先進的汽車網路安全防護

預約專人展示