How can I get security right in my product?

With the right guidance and methods from Limes Security, creating a security concept less of a hassle.

Do you know this situation? Your project is getting momentum. A lot of technical details must be clarified. The requirements are not clear yet but the customer already wants to see a prototype. And on top of this, there is no concept for security yet und you have neither the capabilities nor the resources to take car of it! What you need is a structured approach to security, let us help you.

Setting up and establishing teams

Developing templates for typical processes

Evaluating and coaching existing teams

|

Get started: The Limes Security starter package

To get you started, Limes Security provides a package that includes a threat modeling workshop and the first version of your very own security handbook. This will make it so much easier to continue the security efforts in an efficient and structured way, either by yourself of with further support by Limes Security. Get in contact with us and we get you started!

Threat modeling workshop

To get started, the project team needs to understand the security goals and the threats for the product and therefore we do something called threat modeling! Hard if you try it the first time, easy if you are guided by Limes Security experts.

Adding security

Together we will identify and define what security mechanisms really matter for you (and which do not) and how to best integrate them in your product.

Goal/Objective

The goal is to create a security concept (you can also call it a security handbook or a security blueprint), based on a template, but tailored to your project. At a result of the starter package, you get a security concept that is maintained while the product evolves.

Further support

If you need more support after the starter package Limes Security is still at your disposal. As we already know your product, your processes and your needs at this point we can support you with document creation, concept reviews, technical assessments, and much more.

Support by IEC 62443

Examples of security questions often covered in a security concept

  • How to prevent product manipulation via secure boot?
  • How can I establish trust between components with certificates? What is the certificate and PKi concept that fulfills the requirements of my ops team and my customers?
  • How can I harden my product including its sub-components?
  • How to handle risks of 3rd party components?
  • How can I establish a secure remote service concept for my product?
  • How can I securely deploy my components and link them to my cloud service?
  • What must be considered for my web application?
  • How can I securely provide updates to my components in the field?

When is the best time to integrate security into my product?

It is never too late to take the right security measures. But it is obvious from many products that security has been added as an afterthought and thus causes problems on a regular basis. Ideally, security requirements are already planned and structured during the conceptual design phase and a security concept is created, which is then further specified during the project.

How can I secure existing products?

First, it is important to understand what the status of the product is and what “securing” means for the product. For this, a threat analysis is the ideal tool, which is started in the form of a workshop. In four steps

  • the environment and architecture of the product are analyzed
  • security requirements and undesired effects are defined
  • potential vulnerabilities are identified
  • prioritized threats are derived from this and improvement measures are defined

Based on this, a security manual including a milestone plan is defined in order to take the appropriate measures to “secure” the product.

Is it sufficient to install security only once?

Like other quality features, security thrives from continuous improvement. Both the product and its environment are constantly evolving: For example, new technologies are used, additional interfaces are defined, or new attack paths are developed. Therefore, the security concept of a product must be reviewed regularly to ensure that it still meets the requirements of the product and fulfills current threats and security requirements.