“Security is like the brakes of your car. It slows you down but it also enables you to go a lot faster.” The trend towards connected products is giving rise to innovative features – and also to the possibility of malicious attacks, particularly from faraway hackers.
As an engineering partner, we put our cyber security expertise at your disposal and develop secure connected products that fit your enterprise. Startup or corporate giant, we deliver sized to suit your business and industry.
What does ‘secure’ actually mean? Security is always context-specific. For example, confidentiality is imperative for passwords, but irrelevant for public messages. This is why a risk analysis is necessary to identify possible attack paths and assesses the associated risk. Our experts team up with yours to develop a risk assessment with prioritized vulnerabilities to guide your decisions about the cyber security concept.
What we do at a glance:
Identification of threat scenarios
Attack trees modelling
Delivering reusable results
Ensuring compliance with standards such as UNECE r155, ISO/SAE 21434, and the EU Cyber Resilience Act (CRA), IEC 62443
Conceptual consulting
What security mechanisms do you need? We will work with you to develop a concept for a security architecture engineered to meet the defined security goals and outline the requirements for implementation. Once we jointly finalize the concept, we can specify the appropriate requirements. Another task is to specify the requirements for implementation.
Count on us to:
Specify security mechanisms, to include integration concepts such as secure boot, secure OTA updates, secure diagnostics
Put into practice secure cryptographic protocols such as secure onboard communication
Assess costs/ benefits for security mechanisms
Software development
How do you actually implement security mechanisms ‘securely’? Even if the concept and specifications are indeed secure, software vulnerabilities can easily compromise the overall system’s protection. This is why it is so important for developers to rule out all software vulnerabilities – that is, in the components that implement security mechanisms and in all other software – to afford proper protection against hackers. We rely on secure coding practices and semi-automated code analysis to ensure code conformity.
Count on us to:
Develop turnkey security modules, for example, by encapsulating critical code/ cryptographic functions
Develop and integrate the hardware security module (HSM)
Review source code
Penetration Testing
Have any chinks in the armor, any opportunities for attacks been overlooked? Software has to be tested to confirm its reliability, and the same goes for secure systems. We use state-of-the-art methods and tools to test systems for vulnerabilities that an attacker could exploit and explore your options for fixing these vulnerabilities.
What we do at a glance:
Embedded device penetration testing
Web service backend penetration testing
Mobile app penetration testing
IT network penetration testing (OSCP / OSEP -certified)
Check-up
How secure are your products? Security is a big deal when companies set out to develop products, but key questions about how to design and build in security often go unanswered. How much should you invest to achieve the appropriate level of security? Where do you start? What steps will you have to take? If you want to make informed decisions and avoid needless investments, a check-up is an excellent idea.
What we do at a glance:
Opt for a fixed time and price with the workshop format, if you wish
Keep your design options open by selecting experts who know all about gap analysis, processes, products, development artifacts, etc.
Implementation of a “CyberRisikoCheck” in accordance with DIN SPEC 27076 for companies
Trainings
Take advantage of our training to empower your employees and cultivate a cyber security mindset:
Our customers have to cope with a rising tide of more and more cyber security standards and regulations. To ensure compliance, they have to integrate cyber security into products, monitor it throughout these products’ lifetime, and embed it in the organization. However, the impact of emerging regulations and standards is as yet uncertain. This customer may not know much about cyber security; that customer may have little experience with it. Many are not very well versed in security responsibilities, certifiers’ requirements, lead times, effort, and costs. If any event, you will need a cyber security strategy to make the informed decisions required to arrive at a robust security posture.
What we do at a glance:
Ensures compliance with regulations such as UNECE r155, EU Cyber Resilience Act (CRA), EU Radio Equipment Directive (RED)
Develops a pan-organizational strategy for integrating cyber security throughout the enterprise
Supports, plans, and executes certification processes, to include a milestone plan, complexity/ cost assessment, and communicating with certifiers
Process consulting
Building security into the product is one concern, but companies also have to adopt cyber security processes and methods to obtain reproducible results. Take advantage of the vast experience we have in handling cyber security engineering tasks in customers’ ecosystems. Call on our support to help you put new security processes and methods into practice. Rest assured, we will factor requirements, technical constraints, and legacy processes into the security equation.
Count on us to:
Advise you on processes, for example, on the basis of ISO/SAE 21434 or IEC 62443 requirements
Make the most of risk analysis methods
Execute the security testing process and methods
Help you manage vulnerabilities
Assist you in managing suppliers
Conduct cyber security assessments
Monitoring setup & support
With new regulations, such as the UNECE r155 or the EU Cyber Resilience Act, constantly monitoring, analyzing, and responding to security incidents in the products lifecycle as well as the supporting infrastructure is getting more in focus. With the extent of the requirements from regulations, the singular and non-integrated activities executed in organizations might not be sufficient to meet these requirements. Typically, planning and implementing a Security Operation Center (SOC) is a good investment to give structure to singular activities and align with regulations. We can help with identifying gaps, planning, and supporting you to execute the plan in a way that is tailored to your organization.
What we do at a glance:
Identification of key requirements for a Cyber Security monitoring approach that is tailored to your company
Support you with auditing, gap analysis, and process improvements of your existing monitoring structures
Evaluation of technical offerings from SOC vendors to meet the organization needs
Evaluation of threat intelligence, vulnerability management, risk management, and incident management requirements
Support in vulnerability & incident analysis and mitigation
We support you with customized cyber security solutions – from strategy to engineering. Learn more about our cross-domain strategy consulting portfolio in the field of cyber security.
Learn more about the mechanisms, tools, and methods we typically use in our projects and tailor to our customers’ technical and non-technical objectives. Our services run the gamut from CSMS consulting to penetration testing and efficient risk assessments.
Software has to be tested to confirm its reliability, and the same goes for secure systems. We apply state-of-the-art methods and tools to test systems for vulnerabilities and explore your options for patching these vulnerabilities.
Cross-sector competency
Security for all sectors
ITK understands cyber security and knows your industry’s technology and processes. And we put all this together to your best benefit.
Assessments and audits are necessary to ensure that safety-relevant systems are developed in compliance with standards. We are looking forward to support you with your Safety and Security audits and assessments and provide certified, experienced auditors and assessors.
Embedded security: We know how to secure embedded systems and connected products, and this cyber security skill-set features prominently on our YouTube channel. Regulatory issues such as ISO/SAE 214343 and UNECE are also a hot topic. To learn more, be sure to check out our YouTube channel.
Learning from other domains and developing secure systems
Our experts’ insight into state-of-the-art security technology and methodology runs deep and ranges wide, from automotive and manufacturing use cases to medical engineering. Drawing on this powerful set of synergies, domain expertise, and engineering skills, we develop standards-compliant solutions. And the solution tailored for you will be built in teamwork with you. Our tool- and product-independent approach lets you enjoy the benefits of unbiased advice and optimized engineering services tuned precisely to meet your needs.
Unsolved challenges? We look forward to your inquiry.