BlackBerry QNX Security Services
The growing complexity and increased connectivity of today’s critical embedded systems has brought about a unique set of challenges – particularly when it comes to the security of those systems and their users. Embedded developers need to consider security at every stage of the development lifecycle to mitigate vulnerabilities and protect against attacks.
For over 35 years, BlackBerry has been synonymous with security. Let our team of embedded security experts help you evaluate software assets to identify vulnerabilities and recommend specific remediation actions. From penetration testing to a holistic appraisal of your company’s security posture, our professional services team can assess and address security issues with your processes or products at every stage of your software development life cycle (SDLC).
Our security services are built on our deep embedded systems expertise and BlackBerry’s long history of proven security experience. We have helped thousands clients across automotive, medical, aerospace and defense and more. We have specialized embedded system and security knowledge and are members of the Consortium for Information and Software Quality’s (CISQ) SBOM Standards Working Group. By leveraging our expertise along with the power of our proprietary binary scanning technology, we have helped many organizations assess the security of their code, both in development and in the field. Let our team of experts help you thwart cyberattacks, take advantage of emerging opportunities and overcome the technical limitations that are unique to embedded systems.
Many of our security service offerings rely on BlackBerry® Jarvis™, our proprietary binary code scanning and software composition analysis tool. BlackBerry Jarvis has been specifically tailored for embedded and safety critical systems such as those in the automotive, medical and defense sectors, and has automated capabilities for enumerating both software and hardware bills of materials. It provides insights into software composition, and helps you manage risk by tracking changes in software quality over time. Through cutting-edge system exploration technology and expert security services, you can scan a complete software product for security vulnerabilities and software craftsmanship. Since BlackBerry Jarvis extracts the characteristics and attributes from compiled binaries, access to source code is not required to gain insights into the final product.
Predefined Security Service Packages
We offer a set of security service packages that provide a standard scope of deliverables to address common security challenges in embedded system development, yet are flexible enough to be tailored to your requirements.
This audit will help you uncover the full open source software bill of materials to assess each OSS component and identify vulnerabilities.
Applying a combination of our cybersecurity expertise and binary code scanning technology, we will assess the security of hardware and software within an embedded system.
Using BlackBerry Jarvis and our deep security expertise, we will define and test various exploits to understand potential design or code vulnerabilities.
BlackBerry QNX experts can provide a range of services including assessing risks, vulnerabilities and maturity levels, and can help you prevent and respond to both internal and external threats. While specific service engagements may vary, most engagements result in a documented analysis of your current situation and a report that includes a remediation roadmap.
Cyber risk assessments should be conducted at least once a year or when significant changes occur with your business, your IT estate, or your legal or regulatory environment. This engagement will help inform decisionmakers, support your risk responses, and improve spending efficiency and cyber resilience.
The upcoming WP.29 regulation places an obligation on OEMs to be certified in order to release vehicles into markets covered by the United Nations Economic Commission for Europe (UNECE). This readiness assessment service will help you with compliance to the regulation by helping you understand conformity levels, your cybersecurity posture, and the risks you may face. Read the data sheet
We will help you develop or enhance your governance strategy, identifying maturity levels to pinpoint weakness. Understanding the maturity, the environment, your threats and risk will help you effectively prioritize remediation, manage resources, allocate spending, and accelerate projects.
We can help you build a systematic approach to complying with security expectations, laws and regulations. This review will help inform your team about their duties by outlining procedures for collecting, storing and processing data. We will assist you in creating net new policies, update current policies or recommend better compliance processes.
With an increased focus on “security by design” and an increase in connectivity in the IoT and embedded space, you need to understand how to adopt security practices within your development team. Our threat modelling capability provides a clear view of cyberthreats, enables measurement of security initiatives, displays trends and provides pragmatic evidence of the vulnerabilities and required mitigations.
You need to ensure your cybersecurity plans are aligned with your wider business objectives, all while keeping your organization, partners, customers and supply chain secure. We will assess your vision, resources, unique characteristics, and security / data protection by design approach, then provide you with a roadmap, strategy and steps to reach your goals.
Third-party security risk management helps you assess and control financial, operational, regulatory or cyber risks resulting from doing business with third-party vendors. We can investigate the quality of software inherited by your products from third party and open source and help you formulate the right processes to assess and interact with vendors.
Insider cyberattacks are a leading risk for organizations. And the growing complexity of IoT and embedded networks can introduce the possibility of accidental threats by well-meaning insiders. We will assess your vulnerability to insider threats and provide an analysis and set of recommendations for protecting your organization.
Reverse engineering involves dissecting a device to examine and test your firmware for security vulnerabilities. This service can help you understand how a device is built, its connections and how to manipulate the hardware / software for additional access and control.
Custom Security Services
Backed by 35 years of experience in cybersecurity and a proven binary code scanning solution, the BlackBerry QNX Professional Services team has deep expertise and security research and development to help you protect your products. Traditional security consultants test to find holes, and then go home just as the real work begins. We will support your organization from product design to ongoing incident response.
We understand the unique challenges of securing embedded systems throughout the development lifecycle and can advise on secure architecture design, development, deployment, and supply chain management. Whether you’re looking to build a secure platform, harden a product, or deploy a secure and effective IoT capability, we’re here to help.