ObjectSecurity is also developing a portable version with firmware extraction support for analyzing fielded embedded systems.
San Diego, Calif. – Apr 22, 2021 – ObjectSecurity, The Security Automation Company, today announced that it has launched easyVAPT™ a new freemium SaaS service for automated binary vulnerability analysis. This product is a commercialization of the analysis engine developed as part of a $2.5 Million Phase II Small Business Innovation Research (“SBIR”) grant from the Navy to advance the capabilities of the US Department of Defense (DoD) around automated cybersecurity vulnerability assessment and penetration testing (VAPT). A core objective is to overcome the limitation of human red team resources for conducting vulnerability assessments on DoD systems, in particular, cyber-physical systems – through a portable, easy-to-use, automated vulnerability scanning solution to effectively and efficiently assess the cyber security posture of embedded devices.
The current version of the easyVAPT™ SaaS is easy to use: it lets users upload binaries, and shows information about their vulnerabilities in a simple stoplight manner, and detailed information about vulnerabilities, weaknesses, malware etc. can also be viewed.
As part of the SBIR, ObjectSecurity is developing novel binary analysis technologies, and also focuses on supporting firmware analysis of already-fielded embedded systems at scale. This includes supporting firmware extraction from embedded/IoT/ICS devices via external and internal connectors, and on creating an efficient portable device.
“The launch of easyVAPT™ is an important milestone for ObjectSecurity and allows us to engage with the vulnerability analysis community to improve cybersecurity,” said Ulrich Lang, CEO of ObjectSecurity. “SBIR contracts allow us to research and develop advanced concepts that feed into rapid product development, enabling us to commercialize next-generation innovative products that will bring tremendous value to the DoD, and our customers across all industries. We are committed to leading this initiative with the DoD to protect DoD’s embedded systems from adversaries by delivering advanced next-generation technology solutions.”
“By fully automating a raft of vulnerability assessment and penetration testing technologies that were originally designed for manual use by human experts, our solution is a low-hanging fruit even for non-experts”, said Dr. Reza Fatahi, Senior Software Engineer at ObjectSecurity. “We are also researching machine learning to further improve our analysis results and to make the solution more adaptive”, adds Ulrich Lang, CEO of ObjectSecurity.
ObjectSecurity LLC is The Security Automation Company. A privately held company based in San Diego, CA, ObjectSecurity’s mission is to reduce cybersecurity effort, complexity, and cost through innovative cybersecurity automation technologies, including security policy automation, supply chain risk analysis automation, and vulnerability assessment automation.
- Vulnerability assessment & pen-testing automation: ObjectSecurity’s VAPT series intelligently automates “vulnerability assessment and penetration testing” (VAPT). Our binary analysis solution is accurate, fast, automated, easy-to-use, and supports numerous uses. The pre-release easyVAPT™ freemium SaaS VAPT service is available – try it out today! Pre-release versions are also available for select trial users for our VAPTBOX™ portable suitcase + handheld combo for VAPT of fielded embedded systems, and for our virtual/physical VAPT server version.
- Supply chain risk analysis automation: SCRAMS helps you make sense of supply chain information you already have, but which you cannot effectively analyze for supply chain risks. Ingest information from your ERP and other sources into SCRAMS and let SCRAMS intelligently “connect the dots”, and provides insights. Once done, you can run smart searches across the analyzed data, and run automated analytics. You can also generate actionable reports. Available as easySCRAMS™ freemim SaaS and SCRAMS Enterprise™ versions.
- Security policy automation: OpenPMF™ solves multiple challenges with enforcing security policies: rich and dynamic policies need to be applied in many industries to restrict information flows to only what is authorized. OpenPMF’s award-winning unique “security policy automation” approach allows users to author policies very intuitively. OpenPMF automatically generates the numerous detailed technical rules and configurations, by importing and analyzing information about your organization and technologies. OpenPMF supports modern access control including Attribute Based Access Control (ABAC), Zero Trust Architecture (ZTA) and DevSecOps.
- AI driven cybersecurity analysis: ObjectSecurity is working on numerous AI-based technologies for cybersecurity, esp. AI-based cyberattack detection for wireless sensor networks
Ulrich Lang, Ph.D.
Chief Executive Officer
1855 1st Ave #103
San Diego, CA 92101