New UL IoT Security Kit Aims to Boost Developers’ Cybersecurity Profile
How can MSSPs pinpoint IoT (Internet of Things) devices that are designed and regularly updated with proper cybersecurity in mind?
Perhaps the answer involves Underwriters Laboratories, the venerable specialist in product safety testing and evaluation universally known as UL. Indeed, UL is offering an entry-level tool kit to help IoT device makers improve cybersecurity in the product development and lifecycle management processes.
UL’s IoT Security Starter Kit is based on secure development life cycle (SDL) best practices and includes security-by-design training, an SDL gap analysis, a product security architecture review and penetration testing. The package adds to UL’s suite of advisory, testing and certification services, and allows customers to tailor it to their specific security needs. UL sees industrial automation control system manufacturers and commercial, consumer and medical device product manufacturers as their target segment for IoT cybersecurity kit.
“With the complex nature of IoT and operational technology infrastructure, companies need to maintain the right level of security for products and systems,” said Olivier Laborie, UL’s identity management and security group business development director. “We can also identify potential product vulnerabilities and provide remediation advice by conducting penetration testing of a product,” he said.
According to UL, its IoT security kit affords companies these benefits:
- Advance in-house security knowledge and capabilities.
- Compare internal security processes and practices to industry frameworks and standards.
- Prioritize processes and practices that require improvements to meet industry frameworks and standards.
- Understand product, security architecture and design risks through testing for vulnerabilities and exploits.
“We work with companies to train their personnel on an SDL framework, as well as perform a gap analysis of security processes and documentation to ensure companies are equipped to prevent, identify and respond to potential cyberthreats,” Laborie said.