Collaboration pairs leaders in API and automotive cybersecurity to enable broad protection as attacks on automotive APIs climb within and among vehicle, cloud and mobile
DALLAS and TOKYO, May 29, 2024—VicOne, an automotive cybersecurity solutions leader, today announced a partnership with 42Crunch to enhance the security of application programming interfaces (APIs) for the software-defined vehicle (SDV) and broader connected-vehicle ecosystem. Through the partnership, automotive original equipment manufacturers (OEMs) and suppliers achieve differentiating benefits:
- Quicker and more accurate detection of the latest Open Worldwide Application Security Project (OWASP) Top 10 API security vulnerabilities during development
- Accelerated identification of potential threats at application runtime
- Improved dynamic risk assessment through integration of API security events along with other automotive data and security events
- Better compliance with regulations such as UN Regulation No. 155 – Cyber security and cyber security management system and ISO/SAE 21434:2021 Road vehicles Cybersecurity engineering
The cyber-attack surface has expanded rapidly with the trend toward SDVs and increasing reliance on the cloud and APIs. VicOne noted that API-related incidents contributed to 12 percent of automotive security incidents from the second half of 2022 to the first half of 2023. To date, it has been challenging to attain security visibility across the broadening automotive ecosystem, but the VicOne/42Crunch partnership promises to eliminate unknown security blind spots.
“Our API security testing and protection services are used by Fortune 500 enterprises and over 1 million developers worldwide, and we are thrilled to partner with VicOne to bring these capabilities to the automotive ecosystem,” said Jacques Declas, chief executive officer (CEO) of 42Crunch. “APIs are inherently easy to expose but difficult to defend. As the automotive industry relies more heavily on APIs in SDVs, OEMs and their suppliers will be uniquely equipped through our partnership with VicOne to tackle threats and comply with evolving cybersecurity mandates by integrating diverse sensor data for comprehensive risk assessment and actionable insights.”
According to a Gartner® report, Innovation Insight for API Protection, “API protection products provide three main types of functionality — discovery, posture management and runtime protection.”1 Utilizing 42Crunch’s API Audit vulnerability testing solution and API Firewall in tandem with artificial intelligence (AI)/Large Language Modeling (LLM) via the VicOne xNexus next-generation vehicle security operations center (VSOC) platform, OEMs and suppliers gain precise, contextualized and actionable threat insights to enhance risk visibility across the full ecosystem, optimize resource allocation, accelerate attack investigations and eliminate wasted effort in chasing “false positives.”
Furthermore, data from VicOne’s xCarbon VSOC sensor and smart cockpit protection can be correlated into clear narratives to facilitate continuous and dynamic risk assessment across the automotive supply chain. VicOne’s xZETA automotive vulnerability and SBOM management system scans vehicle software to identify zero-day, undisclosed and known vulnerabilities, malware, ransomware, and advanced persistent threats. Information feeds back into Threat and Risk Assessment (TARA) results to ensure alignment with ISO/SAE 21434 processes and enable continuous monitoring.
“Whereas automotive cybersecurity not long ago focused almost exclusively on in-vehicle APIs, it must today account for API attacks within and among vehicles, the cloud and mobile,” said Max Cheng, CEO of VicOne. “This partnership brings together 42Crunch’s proven expertise in API security and ours in automotive cybersecurity to enable a solution engineered for the new, more complex reality in this industry.”
API Security Solutions for the Automative industry
About 42Crunch
42Crunch enables a standardized approach to API security that automates the enforcement of security compliance across distributed development and security ecosystems. Our API security testing and runtime threat protection services are used by Fortune 500 enterprises and over 1 million developers worldwide. The 42Crunch API DevSecOps platform empowers developers to build security from the IDE into the API pipeline and gives application security teams full governance from the CI/CD across the entire API lifecycle. This seamless DevSecOps approach to API security reduces governance costs and accelerates the delivery of secure APIs.
About VicOne
With a vision to secure the vehicles of tomorrow, VicOne delivers a broad portfolio of cybersecurity software and services for the automotive industry. Purpose-built to address the rigorous needs of automotive manufacturers, VicOne solutions are designed to secure and scale with the specialized demands of the modern vehicle. As a Trend Micro subsidiary, VicOne is powered by a solid foundation in cybersecurity drawn from Trend Micro’s 30+ years in the industry, delivering unparalleled automotive protection and deep security insights that enable our customers to build secure as well as smart vehicles. For more information, visit vicone.com.
1 Gartner, Innovation Insight for API Protection, 2 February 2024. GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved.
