Responding to the ongoing threat of cybersecurity attacks.
In 2020, the SolarWinds breach highlighted the emergence of software supply chain attacks as a very real security threat that impacted many high-profile companies. (The software supply chain includes third-party and open-source components used in a software product.) Then in late 2021, not to be outdone, the massive scope of the Log4j vulnerability emerged, impacting millions of consumer products, enterprise software, and web-based applications. The Federal Trade Commission even issued a strong warning to remind companies of the necessity to remediate the flaws, which suggests that many companies are simply not fully aware of the software ecosystem that comprise their applications.
As the work environment has shifted from on-site to at-home, to a hybridization of the two, the cyberthreat landscape has never stopped adapting and evolving. For Siemens DISW, protecting data throughout its lifecycle has always been core to our security strategy and it is no different as we increasingly leverage the cloud to augment and extend the capabilities of our industry-leading desktop tools.
Siemens EDA delivers a portfolio of electronic design automation software, hardware, and services that enable our customers to digitally transform their product development and deployment, become market leaders, and deliver life-changing innovations to market faster. From our software development lifecycle to our cloud-connected and cloud-native applications, we embed security into every aspect of what we do. The protection of our customer’s IP is a primary design imperative.
Fig. 1: Security is a key element in every phase of the software development lifecycle.
Siemens is on the shortlist of companies with the focus and ability to invest in security, resources, processes, technology, and expertise at a scale capable of assessing and responding to the ever-changing cyber threats the world faces today.
But even the best-managed product development and operational environments are still subject to the ongoing threat of cybersecurity attacks. An example of the value provided by Siemens EDA is evident in our response to the Log4j vulnerability.
The Log4j vulnerability was announced in mid-December as a 0-day vulnerability that impacted applications across the globe, exposing them to simple attacks that could invade enterprise networks and compromise otherwise protected corporate data. Siemens’ response was prompt and thorough, and it focused on our customer’s best interests.
Notification from the Siemens CERT team to the Siemens development groups happened within hours of the publicization of the vulnerability by global media and was passed on to our customers via customer bulletins within 24 hours of its impact on them. Subsequent daily updates were provided to customers as remediation actions were completed. Immediate, collective action was taken across Siemens to respond to the vulnerability in the Siemens corporate network, Siemens-hosted SaaS/Cloud products, and during product development. Remediation was performed across all supported versions of our products.
Security excellence is a top priority, and thus we understand both the importance of adopting industry-leading security practices and the technologies needed to develop best-in-class products. In the paper ‘Modern day security practices safeguard a digital transformation,’ we provide a more detailed overview of foundational elements to our security strategy. A guiding principle of this strategy is to build security in, not bolt it on as an afterthought.
Download the paper today to learn more how Siemens EDA protects your company from the mounting security threats of today and tomorrow.
 |
 |
 |
 |
 |
 |
 |
 |
 |
Leave a Reply