Security is our promise

01

Security is an Attitude

What are the security risks in industrial communication? We ask ourselves this question at all stages of development. Safe systems and devices require a safe development process. The development engineers of MB connect line are certified accordingly.

For this purpose, we rely on a TÜV expert certification program in the field of secure software development and on expert knowledge in the field of IT security (Teletrust T.P.S.S.E.).

02

Security by design

Our goal is to make the workflows and use cases in which our products are used as secure as possible and to consider IT security from the beginning of the development process.

In this way, the view on possible attack surfaces determines the work flow of the developers. Another key point is user-friendliness. The goal is to reduce complexity to that the user can not make any mistakes. The entire life cycle is considered. It is also not possible to read out data from a device that is ready for scrapping at the end of its life cycle.

03

Security as a teamwork

To guarantee the security promise to our customers, MB connect line works with external IT security companies to validate developments. We are actively involved in the industrial security working groups at Teletrust and from this the evaluation method for IEC62443-4-2 was developed, against which we measure and test our product safety.

The experience and the different points of view are essential factors for the safe design of our products – without losing sight of user-friendliness.

04
Security as a process

We see penetration tests rather as the first step of product maintenance than the last step of product creation. For us, security maintenance actually starts before the product is formally released and continues long after the product is no longer available for purchase.

It is an ongoing process that we maintain as long as the product is supported.

05

Security as a Whole

In our views, a security incident as the result of a problem in the process of product design, installation, configuration, integration, or usage. As a manufacturer, only the first process is under our control.

All the following others are mostly out of our hands. We do care to deliver secure products and contribute in this way to your Security by Design exercise.

Certification & Testing

At regular intervals, our products are reviewed by independent IT security companies. Both automated and manual penetration tests are used here. Essentially, the following standards and guidelines are appropriated:

 

✓  Guideline Penetration Tests of the Federal Office for Information Security
✓  OWASP Testing Guide Version 4
  OWASP Application Security Verification Standard v.3 – level 2

It is important for us to establish a dialogue between developers and pentesters. That’s why a penetration test always consists of the test itself and an intensive dialogue between Pentester and the developer in the aftermath.
Since then, there have been established certification procedures for IT security products for critical applications (e.g., military, government, etc.). For classical industrial applications there are various certification possibilities, such as the standard IEC62443. In cooperation with TeleTrusT, a test catalog was developed for this, which is used for our products. In addition, the published “state of the art” (“Stand der Technik”) technology from TeleTrusT is an important tool for our product development.

Attestation mbCONNECT24 V2.1.0
Attestation mbDIALUP V3.7R1.0
Attestation mbCONNECT24 V2.4.0

SECURITY STRATEGY OVERVIEW

N
The “State of the Art“ (in German „Stand der Technik“) document, from our security partner TeleTrusT, is the cornerstone of our product developments.
N
We are actively involved in the Industrial-Security working group at Teletrust and from this the evaluation method for IEC62443-4-2 was developed, against which we measure and test our product safety.
N
In addition to regular independent penetration tests, e.g. by customers or institutes, we regularly submit our products and solutions to penetration tests at certified, external IT service providers (SecuveraNixu,…)
N
Our Product Security Incident Response Team (PSIRT) monitors how new threats and newly discovered technology vulnerabilities can affect our products. They are ready to respond immediately to security alerts, reports or test reports

Our Memberships

TELETRUST - IT SECURITY ASSOCIATION OF GERMANY

We are a member of TeleTrusT – Bundesverband IT-Sicherheit e.V. and develop our products based on current IT security guidelines. As bearer of the Teletrust mark “IT Security Made in Germany” we have committed ourselves to the Teletrust criteria.
TeleTrusT is a competence network that includes domestic and foreign members from industry, administration and science as well as thematically related partner organizations. Our CEO&CTO represents Teletrust at the European Cyber Security Organisation (ECSO), where he is active in several working groups.

ALLIANCE FOR CYBERSECURITY

MB connect line is a member of the Alliance for Cyber Security and we actively cooperate with the German Federal Office for Security and Information Technology. This enables our development engineers to counteract security threats as quickly as possible, not only reactively but above all preventively.

CERT@VDE

Working together to successfully combat cyber attacks in the field of industrial production – that is the goal of CERT@VDE, the IT security platform of VDE.

With the first platform for the coordination of IT security problems, CERT@VDE offers manufacturers, integrators, plant constructors, and operators from the field of industrial automation the opportunity for information exchange and support on the topic of cyber security.

 

GEt our Security Whitepaper

Your want to learn more about our Indusrial Security Standards? Order our latest Security Whitepaper now.

Find your sales partner

Find your personal contact person in your area.

Start your Remote Services

Are you looking for an all-in-one solution? Try our web-based remote access portal today.

u

We are here to help you

Questions? We can help you. For direct support, you can also call us.

Stay informed

Subscribe here to get updates on IoT and Remote Access solutions, products and features and get the latest Cybersecurity updates.

You have Questions?

Write us!

Contact

Follow us

Newsletter