VicOne partners with 42Crunch for security across SDV and connected-vehicle ecosystem
30 May 2024
VicOne, a provider of automotive cybersecurity solutions is partnering with Crunch to enhance the security of application programming interfaces (APIs) for the software-defined vehicle (SDV) and broader connected-vehicle ecosystem.
Through the partnership, automotive original equipment manufacturers (OEMs) and suppliers achieve differentiating benefits:
Quicker and more accurate detection of the latest Open Worldwide Application Security Project (OWASP) Top 10 API security vulnerabilities during development.
Accelerated identification of potential threats at application runtime.
Improved dynamic risk assessment through integration of API security events along with other automotive data and security events.
Better compliance with regulations such as UN Regulation No. 155 – Cyber security and cyber security management system and ISO/SAE 21434:2021 Road vehicles Cybersecurity engineering.
The cyber-attack surface has expanded rapidly with the trend toward SDVs and increasing reliance on the cloud and APIs. VicOne noted that API-related incidents contributed to 12% of automotive security incidents from the second half of 2022 to the first half of 2023. To date, it has been challenging to attain security visibility across the broadening automotive ecosystem, but the VicOne/42Crunch partnership promises to eliminate unknown security blind spots.
APIs are inherently easy to expose but difficult to defend. As the automotive industry relies more heavily on APIs in SDVs, OEMs and their suppliers will be uniquely equipped through our partnership with VicOne to tackle threats and comply with evolving cybersecurity mandates by integrating diverse sensor data for comprehensive risk assessment and actionable insights.
—Jacques Declas, chief executive officer (CEO) of 42Crunch
According to a Gartner report, Innovation Insight for API Protection, “API protection products provide three main types of functionality—discovery, posture management and runtime protection.”
Utilizing 42Crunch’s API Audit vulnerability testing solution and API Firewall in tandem with artificial intelligence (AI)/Large Language Modeling (LLM) via the VicOne xNexus next-generation vehicle security operations center (VSOC) platform, OEMs and suppliers gain precise, contextualized and actionable threat insights to enhance risk visibility across the full ecosystem, optimize resource allocation, accelerate attack investigations and eliminate wasted effort in chasing “false positives.”
Furthermore, data from VicOne’s xCarbon VSOC sensor and smart cockpit protection can be correlated into clear narratives to facilitate continuous and dynamic risk assessment across the automotive supply chain. VicOne’s xZETA automotive vulnerability and SBOM management system scans vehicle software to identify zero-day, undisclosed and known vulnerabilities, malware, ransomware, and advanced persistent threats. Information feeds back into Threat and Risk Assessment (TARA) results to ensure alignment with ISO/SAE 21434 processes and enable continuous monitoring.
Whereas automotive cybersecurity not long ago focused almost exclusively on in-vehicle APIs, it must today account for API attacks within and among vehicles, the cloud and mobile. This partnership brings together 42Crunch’s proven expertise in API security and ours in automotive cybersecurity to enable a solution engineered for the new, more complex reality in this industry.
—Max Cheng, CEO of VicOne
Comments