Chariot is more than a product; it’s a partnership that combines automated monitoring and human analysis to identify externally-accessible security risks. In light of the FDA’s latest requirements for in-market device security (summarized in Section 524B), Praetorian’s customers are having success leveraging the Chariot Managed Service as a cost-effective and scalable approach to satisfying Section 524B’s requirements.
Under subsection 1 of Section 524B, medical device manufacturers must “submit to the Secretary a plan to monitor, identify, and address, as appropriate, in a reasonable time, postmarket cybersecurity vulnerabilities and exploits, including coordinated vulnerability disclosure and related procedures…”
- Monitor–By integrating with cloud providers, source code managers, container registries, workloads, and ci/cd pipelines, Chariot provides continuous, comprehensive, and contextual asset discovery. The automation also monitors our clients’ attack surfaces around the clock for vulnerabilities that an attacker could exploit to gain a foothold in their network. Our tools ensure significantly greater coverage, both in breadth of assessment and in time on target, than a manufacturer could gain from one-off penetration testing of postmarket devices.
- Identify–When we identify an issue, clients can be certain it is truly a threat. Every alert from Chariot is triaged by Praetorian security engineers to ensure it is a true positive and represents an exploitable attack path. This, in turn, saves time and energy for our clients’ internal security teams. In addition, Praetorian’s security engineers perform risk-based manual analysis to identify business logic vulnerabilities and other advanced techniques automated tools cannot employ.
- Address–Operating in close collaboration with our clients, our managed service can validate that remediation steps were effective and operate within the guidelines of clients’ vulnerability disclosure processes. We also can provide expertise to contribute to future design decisions and product security documentation.
While our example here details Chariot’s alignment with a particular FDA regulation, we specifically designed it to meet the needs of any organization that needs round-the-clock vulnerability discovery. This solution can provide organizations with the coverage, continuity, and collaboration necessary to meet their industries’ ongoing product security requirements. Additionally, Chariot clients, like all Praetorian clients, can feel confident knowing they have an expert, offensive-focused partner who wants them to be as secure as possible.
For a deeper discussion of using Chariot’s adversarial approach to satisfy FDA requirements for medical device cybersecurity, please download our whitepaper.
Share via: