跳到主要内容
ThreatZ 平台

ThreatZ
汽车 CSMS 平台
面向 OEM 和 Tier-1 供应商

ThreatZ 是面向 Tier-1 供应商、ECU 制造商和软件提供商的 AI 驱动汽车网络安全管理系统 (CSMS)。它在一个平台中统一 TARA、SBOM、漏洞和事件管理,满足 ISO/SAE 21434 和 UNECE R155 合规要求。

查看价格
符合 ISO/SAE 21434
UNECE R155 就绪
4 个模块,12 项能力
ThreatZ Dashboard
12
TARA Projects
847
Components Tracked
98%
Compliance Score
STRIDE Threat Analysis 142 threats
SBOM Vulnerabilities 7 critical
Risk Treatments 89 resolved
Core Capabilities

Purpose-Built for
Tier-1 Cybersecurity Teams

平台亮点

  • Centralize TARA, SBOM, risk assessments and reports in a single automotive CSMS platform
  • Support multiple OEM CSMS portals and templates without re-doing work for every customer
  • AI assistant for automotive threat modeling to propose threats, attack paths and mitigations
  • Generate audit-ready ISO/SAE 21434 / UNECE R155 documentation with full traceability

Deployment Options

私有云 Cloud SaaS 本地部署

Licensing Tiers

  • Team — Unlimited users, Foundation + TARA, up to 3 projects
  • Professional — Min 5 users, all modules incl. SBOM & Testing, multiple OEM programs
  • Enterprise — 21+ users, all modules incl. Operations, on-premise/SaaS/private cloud
Four Modules, Twelve Capabilities

Everything You Need for
Automotive Cybersecurity

ThreatZ unifies governance, threat analysis, supply chain security, and post-production operations into a single platform covering the complete ISO/SAE 21434 lifecycle.

Foundation Module

Cybersecurity Governance Backbone

Establish your organizational cybersecurity governance with a knowledge library of reusable building blocks, policy governance, and audit-ready compliance reporting for ISO/SAE 21434 and R155.

  • Security Catalog — knowledge library of reusable threats, risks, goals, controls, templates
  • Policy Manager — governance engine defining allowed/disallowed/mandatory practices
  • Reports & Compliance — audit engine with versioned ISO/SAE 21434 and R155 reports

TARA Module

Automotive Threat Analysis and Risk Assessment

The core of automotive cybersecurity engineering. Capture architectures and assets, run guided threat modeling for damage scenarios, threat scenarios and attack paths, and assess risks with ISO/SAE 21434-aligned scoring.

  • System Modelling — capture architectures, assets, interfaces, and CALs
  • Threat Modelling — guided approach for damage scenarios, threat scenarios, attack paths
  • Risk Assessment — ISO/SAE 21434-aligned scoring engine for prioritizing risks
  • Risk Treatment — mitigation framework for goals, controls, and treatments

BOM & Supply Chain Module

SBOM and Vulnerability Management

Full visibility into your software supply chain. Track software components, suppliers, licenses, and vulnerabilities with automated monitoring across your entire vehicle platform.

  • SBOM Management — import, manage and monitor software bills of materials
  • Vulnerability Tracking — continuous monitoring from multiple vulnerability feeds
  • Licenses & Supplier Tracking — license compliance and supplier risk management

Operations Module

Monitoring, Incidents and Continuous Cybersecurity

Manage the post-production cybersecurity lifecycle. Track incidents, correlate findings to risks and assets, and run validation campaigns through their full lifecycle.

  • Incidents & Security Events — incident lifecycle management with correlation to threats and assets
  • Threat Intelligence — feed ingestion, tracking and threat correlation
  • Validation & Testing — security testing campaigns with test bench agent, integrates with your existing test infrastructure
  • Vector CANoe Works with Vector CANoe (CAPL + Python) — See all integrations
Integration Ecosystem

Connects to Your
Engineering Workflow

ThreatZ integrates with the tools your engineering teams already use — from system modeling and requirements management to test benches and issue tracking. View all 30+ integrations →

Architecture & Modeling

Sparx Enterprise Architect

Import XMI models and system architectures

MathWorks MATLAB

Import system architectures from System Composer

Cameo Systems Modeler

Import XMI system models from MagicDraw / Cameo

IBM Rhapsody

Import XMI system and software architecture models

SAST & Code Analysis

Semgrep

CodeQL

SonarQube

Cppcheck

Clang SA

SCA & Dependency Scanning

Black Duck

Snyk

JFrog Xray

FOSSA

Mend

Binary & Deep Analysis

CodeSonar

Klocwork

Astrée

SBOM Platforms

Dependency-Track

GUAC

DevOps, Testing & Data

Atlassian Jira

Bi-directional sync for security tasks and tickets

GitHub

Repository scanning and CI/CD pipeline integration

Vector CANoe

CAN bus security test execution (CAPL + Python)

Microsoft Excel

Import/export data via Excel spreadsheets

Vulnerability Feeds

NVD CNVD OSV GitHub Security Advisories
查看所有 30+ 集成
Standards & Formats

Speaks Your
Industry Language

ThreatZ supports the SBOM formats, export standards, and data interchange protocols used across the automotive cybersecurity ecosystem.

SBOM Formats

Import and export software bills of materials in all major industry-standard formats.

CycloneDX SPDX v2.3 SPDX v3

Export Formats

Export your data in the formats your stakeholders need — from human-readable reports to machine-readable interchange standards.

PDF CSV ReqIF SARIF 2.1.0 OpenXSAM
Compliance-First

Built for the World's Most
Demanding Standards

ThreatZ maps your cybersecurity activities to the specific clauses and controls required by each standard. Generate audit-ready evidence packages with a single click.

ISO/SAE 21434

Full TARA lifecycle and cybersecurity engineering process management per clause requirements.

UNECE R155

Type approval evidence and CSMS process documentation for WP.29 compliance.

GB 44495

China's national vehicle cybersecurity standard compliance and reporting.

NIST & ISO 27001

Map controls and evidence to NIST CSF and ISO 27001 information security frameworks.

AI-Powered

Accelerate with
AI Assistance

Damage Mitigation Recommendations

AI-driven countermeasures based on Auto-ISAC guidance and proven patterns. Get actionable mitigation suggestions for identified threats and risks.

Interactive Security Chatbot

Ask natural language questions about your project context, compliance status, and cybersecurity posture. Get instant, context-aware answers.

12
Integrated Modules
23
Integration Partners
4
Vulnerability Feeds
3
Deployment Options
Ready to Transform Your TARA Workflow?

Start Managing Automotive
Cybersecurity the Right Way.

Get your team up and running with ThreatZ in days, not months. Full ISO/SAE 21434 lifecycle coverage from day one. Need expert help? Explore our engineering services.

查看价格 查看集成 比较 ThreatZ
符合 ISO/SAE 21434 UNECE R155 就绪 私有云和本地部署