Implementation of a data-driven platform to map business systems and define a cybersecurity improvement plan.
Hi-lex Italy S.p.A
aizoOn
Hi-Lex Italy S.p.A. is a leading company in the automotive sector, specializing in the design and manufacture of control systems for vehicles.
This project stems from the need to comply with the automotive industry’s cybersecurity requirements. In recent years, the automotive industry has undergone significant technological changes and has become aware of the fact that there is a security issue and that cybersecurity is of fundamental importance.
Hi-Lex Italy has launched a cybersecurity project based on a data-driven approach, overcoming the limitations of traditional analyses based solely on interviews and documentation. Through a Technical Discovery phase and the use of the Enhanced Security Risk Analytics (ESRA) platform, all devices connected to the network were mapped, real vulnerabilities were identified, and priorities for action were defined.
The multi-standard platform integrated up-to-date and near-real-time data, ensuring accurate security assessments, reducing analysis times, and improving consistency between the overall picture and technical details, supporting a structured plan to improve tools, processes, and controls.
To achieve the project objective, aizoOn adopted a multidisciplinary cognitive method, which identified, classified, and assessed Hi-Lex’s cybersecurity with a 360-degree approach.
In particular, this made it possible to observe the dynamics related to cybersecurity, integrating
both internal and external perspectives of the observed operational perimeter.
Cyber risk analysis through ESRA enabled risk assessment based on data collected from the systems and therefore detailed for all assets within the perimeter and precisely aligned with the current state of the infrastructure. To achieve this result, ESRA integrated a diverse set of sources:
Process Map – Applications: ESRA provides immediate insight into the applications most affected by operational or highly specialized processes: an immediate view of the propagation of impacts.
Asset Inventory: ESRA uses the most advanced inventory detection tools, allowing accurate, real-time surveys of the systems on the target network and their status in terms of configuration and updates.
Infrastructure Discovery: Real-time reconstruction of internal and external ITC infrastructure.
Traffic data, asset characteristics, and their application relevance enable accurate reconstruction of the risk level on each network element, independently.
The main impacts of the ESRA project on Hi-Lex Italy were as follows:
Greater awareness of cybersecurity issues among staff, not only IT personnel but also in other departments.
Review of IT security policies to make them more effective
Provision of asset management, patch management, and vulnerability assessment systems
For years now, car manufacturers have been requiring their suppliers to obtain specific certifications in many areas, including cybersecurity.
German car manufacturers (Volkswagen Audi Group, BMW) in particular require TISAX certification (based on ISO 27001 and VDA ISA), which includes specific requirements on:
• IT Security / Cyber Security,
• Access management,
• Identity and access management.
The project has therefore enabled the company to strengthen its position in these areas, without which it would not be able to participate in tenders for the development of new business. For years now, car manufacturers have been requiring their suppliers to obtain specific certifications in many areas, including cybersecurity.
