Get Grip on Product Security with SUM
SUM is a vulnerability management platform for connected devices and systems. Built upon the principles of a strong vulnerability management process, SUM supports device manufacturer to identify, triage, address and report vulnerabilities.
Strengthen product security with the SUM platform throughout the IoT life cycle, covering development to maintenance: with an average life span of over 10 years, consistent vulnerability monitoring is paramount. The proactive approach allowed by SUM not only meets regulatory standards but also guarantees robust device security, safeguarding against cybersecurity threats.
SUM is the perfect fit for:
Key Features
1
SBOM management
Get accurate insight in all components present in your product, both third party and proprietary components. SUM is unique by monitoring both software and hardware components. Download your SBOM and HBOM in machine-readable and industry accepted formats such as CycloneDX and SPDX
3
Compliance
Satisfy requirements from standards and regulations in your industry (MDR (EU) 2017/745, ISO/SAE 21434, FDA Omnibus, IEC 62443, ETSI 303 645, UL2900, …
2
Vulnerability Management
Manage identified vulnerabilities using a robust vulnerability management process. SUM shows all the identified vulnerabilities, but also gives remediation and mitigation options. Assign a status to each vulnerability and keep track of all open and closed vulnerabilities. Assign a policy to each project, view vulnerability deadline and close vulnerabilities in time.
4
Visibility & Control
The aim is not to reach zero vulnerabilities. The aim is to gain visibility into the vulnerabilities and have them under control. Manage risk according to your specific use case and the products intended environment.
Flexible, Efficient, Human-Centred Design
1
Cloud and on-site deployment
SUM’s modular architecture allows for both cloud-based and on-site deployment.
2
No source code required
We don’t need access to your source code. We believe in building extremely accurate Device Models (SBOM&HBOM) and minising false-positives using: SW building artefacts, interface information, defining hardware blocks, and a video call with our security expert.
3
Dedicated support
Every project gets assigned a Project Manager and Security Expert. For doubts and questions you can always reach us.
How SUM works:
01.
Device Model Creation
The first step is to identify all components in your device. This includes both software (SBOM) and hardware (HBOM) components.
We call this complete set of components the 'Device Model'. We don't need access to your source code.
02.
First Report
Receive login details to the cloud platform for you and your colleagues. During a video call we show you all platform features, as well as your initial vulnerability results.
03.
Review
Check both your Device Model and Vulnerability results on the cloud platform. You can also export the information, to share within or outside your organisation.
The filter and sort options help you to identify priorities.
.
04.
Succeeding reports
When you update, remove or add a component in your device, the Device Model should be adjusted accordingly. This can be automated by integrating our APIs in the CI/CD pipeline.
05.
Continuous support
We are here to support you.