Cybersecurity Threat Analysis
and Risk Assessment Solution

From Components to Single Systems to Final Products and Full-vehicles
  • Rapid implementation with Security-by-Design

  • Support of reliable Lifecycle Management

  • Customizable ISO 21434 driven reports

Trusted by Our Customers & Partners:

  • ASRG
  • Block Harbor
  • BOSCH
  • CARIAD
  • Continental
  • Hella
  • Kostal

Enabling Your Product Security through Vulnerability Assessments of Cybersecurity Threats

As products become increasingly connected and software driven, cybersecurity evolves into a strategic imperative for device manufacturers of all kinds. Cyberattacks on connected systems are becoming more likely and more frequent. While these cyber risks increase, we ensure that companies are empowered to protect product security with reliable cybersecurity solutions, supporting security-by-design.

Our experts support you to guarantee cybersecurity, so that your products aren’t just safe, but also secure!

ISO 21434 : Cybersecurity with YAKINDU Security Analyst

Analyze Your Risk with itemis Security Analyst

itemis Security Analyst allows you to manage the complexity of all cybersecurity risks related to your product development. It supports your Threat Analysis and Risk Assessment (TARA) throughout the entire lifecycle of the vehicle in full compliance with ISO 21434 (or ISO/SAE 21434) and UNECE R155.

Request a meeting now

Benefits at a Glance

  • Rapid Implementation with Security-by-Design

    Design systems first-time right with a model-based security-by-design approach and generate simple to understand attack trees and sequence diagrams with real-time validation.

  • Support of Reliable Lifecycle Management

    Analyze threat scenarios and attack paths with automated calculation of risk levels throughout the entire lifecycle of the vehicle to react faster to upcoming and changing threats.

  • Customizable ISO/SAE 21434 Driven Reports

    Generate standardized and audit-proof documentation of assessment models and action plans at enterprise or project level.

  • Efficient Synchronization with Reference Systems

    Synchronization and re-use of existing architectural elements or requirements across different projects to avoid duplication of models.

  • Easy Integration into various Tool and Process Landscapes

    Extensive import and export functionalities enable the exchange of data between various tools within an organization or with other entities along the value chain via openXSAM or custom tailored formats.

  • Flexible Collaboration Options between Organizations

    “One Truth” through architecture-based modeling with role-specific views for the requirements of analysts, architects or security experts to enable collaboration in interdisciplinary organizations with functional interdependencies.

  • Model-Based Approach for Fast and Reliable Results

    The model-based approach ensures validity and makes the tool less error-prone when maintaining large models and points out the interdependencies between hundreds of assets and elements.

Do you need any information about itemis Security Analyst?

Let us talk about your project

usa_klinke_01_ew

Realize Cybersecurity in an Easy and Reliable Way

Analyzing and managing the cybersecurity risks of connected systems is essential for the development of secure systems. Our tool assists you in:

  • Identifying and specifying security requirements and objectives
  • Defining adequate security measures
  • Verifying necessary security features

Implementing effective and comprehensive risk solutions is crucial for automotive companies operating internationally.

By 2024, all road vehicles will be required to meet UNECE R155 and ISO 21434 standards in order to receive type approval.

OEMs and Tier-n suppliers that do not meet these standards will be barred from the European, Korean and Japanese markets. Adopting a certified Cybersecurity Management System (CSMS) and conducting Threat Analysis and Risk Assessments (TARAs) throughout the product life cycle and along the entire supply chain is mandatory for meeting these requirements.

Our itemis Security Analyst enables you to realize this in an easy and reliable way.

Submit your questions

  • Security Analyst is a versatile instrument that helps me to develop my work in a more dynamic and easier way. Aligned with the current automotive ISO21434, Security Analyst allows me to fulfill my customers’ needs.

    Javier Mendoza, Senior Software & Functions Engineer at AVL Software and Functions GmbH
    AVL Logo
  • We all know analyzing risk over time will be the next biggest industry challenge. No longer will excel tables, MS access databases or custom-made tools be able to handle the task. We need a way to continuously manage, track and update risk assessments (TARA, etc.) to ensure product security over its entire life. Security Analyst allows for complex and dynamic risk models and simulations which allow us to evaluate risk faster and more transparent than other market tools.

    John Heldreth, Founder ASRG
    itemis_USA_arsg_01_EW
  • itemis JOINS The Connected Vehicle Trade Association (CVTA)

    itemis announces its start-up corporate membership in the Connected Vehicle Trade Association (CVTA). With the partnership itemis shows its innovation and thought leadership in the automotive and connected vehicle industry. itemis’s significant automotive industry experience in model-based tooling, embedded systems, and cybersecurity will allow it to effectively collaborate with the CVTA member community to advance the secure development of secure connected vehicle technologies.

    Partnerschaft_CVTA_460x560_EW_kf
  • We are proud to announce our membership with Auto-ISAC!

    With our market-leading cybersecurity tool for performing Threat Analysis and Risk Assessments (TARA), we are pleased to join the Auto-ISAC community. By combining the industry insights of leading OEMs within the Auto-ISAC, we look to advance the level of automation related to automotive TARA.

    Membership Auto-ISAC and itemis.
  • We are joining the Siemens Digital Industries Software Partner Program!

    With our market-leading cybersecurity tool for performing Threat Analysis and Risk Assessments (TARA), we are expanding in the field of Product Lifecycle Management by connecting to Siemens Polarion ALM™ (Application Lifecycle Management) software.

    Our two best in class solutions will enable OEMs and Tier-suppliers in the automotive industry to enable a high level of security of their products and customers can achieve cybersecurity compliance for ISO/SAE 21434.

    itemis - Siemens Digital Industries Software Partner Program
  • Join us.

    Become a building block for itemis – and let itemis become one in your career. Currently we are recruiting enthusiastic engineers all over Germany. Want to create the next IT revolution with us?

    Jobs_Banner_News_460x560_EW

Frequently Asked Questions

The amount of electronic systems in cars is constantly increasing due to market demands. With the increasing complexity of new electronic driver assistance and infotainment systems, cars are not only becoming more comfortable and safer, but also more threatened by cyberattacks. The connected car and its components need to be secure throughout its entire lifecycle. To cope with this challenge, it is essential to continuously find out if, where, and how the car is vulnerable, what damage is associated with the threat, and how the impact of the threat will be managed. Otherwise, there are serious risks in the form of financial losses, legal consequences or loss of reputation. For this reason, the cybersecurity regulation ISO 21434 was implemented. It aims to establish a “cybersecurity by design” framework for the entire lifecycle of road vehicles.

One of the key elements of the recently published cybersecurity standard ISO 21434 is the performance of a Threat Analysis and Risk Assessment (TARA), which is the major part of identifying cybersecurity goals. In the best case, the method scales with the status of the development process, so a secure system design is possible right from the start (Security by Design), but it can also be applied for existing systems. This risk assessment method describes different identification and analysis activities throughout the development phases in the lifecycle: from asset identification over threat scenario identification, impact rating, attack path analysis, attack feasibility rating, risk value determination to risk treatment decision.

The purpose of ISO 21434 is to ensure that OEMs and all participants in the supply chain have structured processes in place that support a “Security by Design” process. Especially in the highly dynamic security environment, new vulnerabilities are discovered on a daily basis. These threats must be adequately addressed with updates and new countermeasures to ensure continued security. A model-based approach to safety risk analysis is therefore not only beneficial in the design phase of a vehicle model or component, but crucial and forms the basis for continuous safety risk assessment throughout the vehicle's lifetime.

R 155 has a very far-reaching definition of the period in which the provision of updates for vehicles is mandatory. Security updates need to be provided in all phases of the product lifecycle: during the development and production phase and also throughout the entire operating period, until the car is ultimately no longer active in traffic. To guarantee cybersecurity over this long period of time and to keep your TARAs up to date, it is important to use a flexible solution that adapts to constantly changing conditions, especially when new threats arise. A suitable cybersecurity solution is necessary for this without any doubt.

Spreadsheets are quite often a great support for work, but not really suitable to model TARAs to meet upcoming cybersecurity regulations. We have already explained how a specified solution can help. Nevertheless, here are three compelling arguments against spreadsheets: First, they can not be customized to fulfill ISO 21434 regulation requirements out of the box, thus lacking industry standards. Secondly, spreadsheets don’t run on a model based environment, so the correct referencing of input and changes in the project is not ensured. And last but not least, your TARAs will have to be updated over time and this will bring up problems in the future referencing, particularly when new threats emerge.

Find More Information about Solutions and Services, Our Events and Other Resources on a Wide Array of Subject Matter

Why itemis?

We are a multi-award winning IT/IoT consulting and development company with different tools to optimize companies product development. As the world gets smarter, more connected, it will change our daily lives due to increasing cybersecurity attacks and requires even more cybersecurity controls. With our software solution itemis Security Analyst, we are providing security-by-design, especially for the automotive industry, both for manufacturers and suppliers.

itemis was founded in Germany, and now we are spreading our extensive experiences and expertise in the US and support you as a competent partner in the area of cybersecurity and automotive.

Our mission: “We are your partner who is with you in every situation”.

Book an Appointment with One of Our Cybersecurity Experts

Jonathan Mohring is the President of itemis Inc. in the US, a wholly-owned subsidiary of itemis AG. Prior to itemis, he spent over 20 years at automotive OEMs in Europe and the US driving innovation in the areas of engineering IT, software automation and data strategy.

Contact Us

Please complete the form below to be contacted by an Itemis representative.

Our Additional Products & Services

With YAKINDU Statechart Tools, you can easily create complex systems in a visual way. Simulate and test your system’s behavior already while you are modeling. Code generators translate your state machine into high-quality source code for different target platforms.

Model your code

YAKINDU Traceability is a professional requirements traceability management tool. It adapts to your usual development tools and creates a homogeneous traceability graph, without interfering with your established workflows.

Track your requirements

Benefit from the support of industry experts to find efficient solutions without having to make any diversions.

Work with industry experts

Develop more efficiently, increase quality, and streamline your processes end-to-end.

Perfect tool support