Immediate help for security vulnerabilities

Companies are increasingly relying on Vilocify. The Siemens service issues alert messages when security vulnerabilities are discovered in software and hardware products – regardless of the manufacturer – and this occurs several thousand times a year.

There are three red dots with the word “critical” in front of it. Lukas Braune from the Vilocify team at Siemens wrinkles his brow. A security vulnerability was just discovered in a software component of a well-known database provider. Braune’s team has written the corresponding alert message, also referred to as a notification, which is immediately sent to the Vilocify subscribers. The notification describes why the issue is security-critical and what can be done to mitigate it. “This enables our customers to install security updates before attackers exploit the vulnerabilities and can cause damage,” explains Braune.

 

Each day, the Vilocify team combs through countless sources of information such as mailing lists, feeds or forums, constantly searching for security vulnerabilities that are released by countless numbers of software and hardware manufacturers. The analysts create a notification for each issue, comprised of a few brief words to describe the category of the vulnerability and how to close it. This adds up to thousands of notifications a year. Developers simply do not have time to monitor all these vulnerabilities.

Protecting highly sensitive data

That is why an increasing number of companies – ranging from small and medium enterprises (SMEs) to major corporations – subscribe to this service. However, the largest customer is Siemens itself – more than 20,000 developers, security officers and IT administrators are connected to the platform, including those from Siemens Healthineers. “Our customers deal with highly sensitive data and partially even life-saving clinical processes. Both deserve maximum security,” says Dr. Hans-Martin von Stockhausen, Cybersecurity Officer at Siemens Healthineers. “This is where Vilocify helps us identify and assess security vulnerabilities in a timely manner.”

Thanks to Vilocify, developers receive the notifications quickly and can therefore address the issues in their products, before criminals even have a chance to act upon them.

Only relevant notifications – thanks to editorial updates

One of the great advantages of Vilocify is that security vulnerabilities sharing similarities are carefully consolidated, for example for web browsers such as Chrome. Supposed vulnerabilities, which turn out to be mistakes or have long since been solved, are then filtered out.

 

Instead of being buried under alerts, this makes it even easier for users to respond to those that are truly relevant. “Vilocify’s great strength is the editorial updating of the component catalog,” emphasizes Braune. This means his team monitors thousands of software components and reports when the end of the support has been reached, for example in the case of older Windows versions that can still be found in many devices such as ATMs. 

Catalog containing around 100,000 entries

The catalog currently comprises about 100,000 entries pertaining to software and hardware components while new ones are added every day. If an entry is missing, the customers can request these components and the Vilocify team will add them shortly thereafter. Some entries may even be familiar to laypeople, such as the firmware version 7.21 recently released by the German manufacturer AVM for its FRITZ!Box router and for which there is a current security update and, of course, numerous entries about various Windows versions.

 

However, that is just the tip of the iceberg. Libraries providing special software functions constitute the majority of the entries. They can be found in countless products, including unexpected ones such as household appliances. If a hacker comes across a security vulnerability in such a library, then the worst-case scenario is that they could manipulate the device. But thanks to Vilocify, developers receive the notifications quickly and can therefore address the issues in their products, before criminals even have a chance to act upon them.

Bernd Müller

Subscribe to our Newsletter

Stay up to date at all times: everything you need to know about electrification, automation, and digitalization.