Listing Thumbnail

    ThreatZ - Automotive Cybersecurity Management System (CSMS)

     Info
    Sold by: Vxlabs 
    Deployed on AWS
    ThreatZ runs the connected cybersecurity engineering process for vehicle programs, from system modeling and TARA through SBOM, supplier tracking, security testing, and monitoring, on one architecture-centric model. Built for OEMs and Tier-1 suppliers. ISO/SAE 21434, UNECE R155/R156, and EU CRA evidence is a standing output of the process, not a separate project.

    Overview

    Play video

    ThreatZ: Where Automotive Cybersecurity Engineering Runs

    ThreatZ is the Cybersecurity Management System (CSMS) that OEMs and Tier-1 suppliers run their vehicle cybersecurity on, end to end, on one connected model. From concept to operations, every stage feeds the next:

    System & Vehicle Modeling > TARA > Cybersecurity Goals, Claims & Concept > SBOM & Vulnerabilities > Supplier Tracking > Verification & Security Testing > Incidents & Monitoring > Reporting

    Nothing is maintained twice, and nothing drifts out of date. When the architecture changes, a CVE lands, or a test finds something, the risk picture recalculates across the entire chain.

    The Problem ThreatZ Solves: Disconnection

    In most vehicle programs, cybersecurity work is spread across Excel TARAs, SharePoint folders, ticketing systems, point tools, and supplier email threads. This disconnection means:

    • Engineers redo work the organization has already done
    • Risk assessments freeze at kickoff while the product keeps changing
    • A critical CVE takes days to resolve to affected components, programs, and suppliers
    • Every audit or customer review triggers a manual evidence-rebuilding sprint

    ThreatZ replaces the work between your engineering tools: the glue, spreadsheets, manual correlation, and handovers. Your specialist tools stay in place.

    What Runs on the Platform

    Vehicle & System Modeling. Model E/E architecture, software architecture, functions, and networks, or import from Sparx EA, MATLAB/Simulink System Composer, Cameo, and Rhapsody. The model is the single source of truth every other workflow derives from.

    TARA & Threat Modeling. Assets, threats, attack paths, risk assessment, and risk treatment on the live architecture. Import your existing TARA as-is (Excel without a template, CSV without a schema) and structure is inferred automatically. No migration project.

    Cybersecurity Goals, Claims & Concept. Derived from the TARA and maintained with full traceability down to requirements, controls, and tests.

    SBOM & Vulnerability Management. CycloneDX/SPDX ingestion, continuous CVE monitoring (NVD, OSV, GHSA), and architecture-to-code traceability: a new CVE resolves to affected components, threats, and risk in one traversal.

    Federated Supplier Execution. Your suppliers log into your tenant and execute your CSMS process on your templates, scoped to their assigned projects, with live status and a full audit trail. No platform license for them to buy. No static attachments emailed back.

    Attack Simulation & Security Testing. Test logic derived from TARA attack paths runs in your existing SIL/HIL/MIL environment (Vector CANoe, Simulink, TPT). Findings link back and residual risk updates automatically.

    Incidents & Monitoring. Operational events flow back into the risk model, closing the loop from field to design.

    Compliance Reporting. Because everything above is connected, ISO/SAE 21434 work products (clauses 5-15), UNECE R155/R156 evidence, and EU CRA artifacts generate on demand from the same model, with compliance scores and gap tracking. Audit-ready becomes a state you hold, not a sprint you run. ThreatZ produces the evidence; certification and type approval remain between you and your authority.

    Your Tools Stay

    Jira, GitHub, GitLab, Jenkins, SonarQube, CodeQL, Snyk, Black Duck, your architecture tools, and your test benches all integrate. ThreatZ consolidates the standalone TARA tool, vulnerability management, GRC platform, pipeline glue, and compliance trackers into one license.

    Deployment and Data Sovereignty

    ThreatZ ships as containerized services (Kubernetes/Helm or Docker Compose) that you deploy into infrastructure you control:

    • Your AWS account: managed Kubernetes (EKS) or VMs, Helm-deployed; data stays in your account and region
    • Private cloud or on-premise: your data center, your network, your keys
    • Air-gapped: fully isolated enclave with offline, signed update bundles; no egress

    Per-tenant database isolation, SAML 2.0/OIDC/LDAP identity federation, and data residency in your region. Vehicle and program data stays in your control plane.

    Built for Both Sides of the Supply Chain

    For OEMs, ThreatZ is the Living CSMS your program runs on, with suppliers executing your process on your platform.

    For Tier-1 suppliers, ThreatZ is the Living TARA that turns cybersecurity from a per-program scramble into a compounding, reusable asset across customer awards.

    See It on Your Own Architecture

    Book a 20-minute session, your architecture on the screen, no generic demo: vxlabs.ai/book-meeting/

    Highlights

    • One connected cybersecurity engineering process across the vehicle lifecycle: system modeling, TARA, goals and claims, SBOM and vulnerabilities, supplier tracking, security testing, incidents, monitoring, and reporting, all on one architecture-centric model. When anything changes, the risk picture and evidence recalculate automatically.
    • Govern suppliers inside your process, not around it. Suppliers execute your CSMS on your platform: your templates, your governance, scoped access, live status, full audit trail, with no platform license for them to buy. Cybersecurity work arrives structured and traceable instead of as static attachments.
    • From threat model to test bench and back: attack-path-derived test logic runs in your existing SIL/HIL/MIL environment, and findings update residual risk automatically. Because everything is connected, ISO/SAE 21434, UNECE R155/R156, and EU CRA evidence generates on demand from the same model.

    Details

    Sold by

    Delivery method

    Deployed on AWS
    New

    Introducing multi-product solutions

    You can now purchase comprehensive solutions tailored to use cases and industries.

    Multi-product solutions

    Features and programs

    Financing for AWS Marketplace purchases

    AWS Marketplace now accepts line of credit payments through the PNC Vendor Finance program. This program is available to select AWS customers in the US, excluding NV, NC, ND, TN, & VT.
    Financing for AWS Marketplace purchases

    Pricing

    ThreatZ - Automotive Cybersecurity Management System (CSMS)

     Info
    Pricing is based on the duration and terms of your contract with the vendor. This entitles you to a specified quantity of use for the contract duration. If you choose not to renew or replace your contract before it ends, access to these entitlements will expire.
    Additional AWS infrastructure costs may apply. Use the AWS Pricing Calculator  to estimate your infrastructure costs.

    12-month contract (2)

     Info
    Dimension
    Description
    Cost/12 months
    Team Plan
    Ideal for small teams starting with threat analysis, including TARA for risk assessment and 3 scalable projects.
    $17,868.00
    Professional Plan
    Designed for growing teams needing full security coverage, with all modules included and pricing based on users (starting from 5, scalable up to 15).
    $31,680.00

    Vendor refund policy

    We offer refunds only if the subscription is cancelled within 3 days of the initial purchase and significant usage has not occurred. After this period, fees already paid are non-refundable.

    How can we make this page better?

    Tell us how we can improve this page, or report an issue with this product.
    Tell us how we can improve this page, or report an issue with this product.

    Legal

    Vendor terms and conditions

    Upon subscribing to this product, you must acknowledge and agree to the terms and conditions outlined in the vendor's End User License Agreement (EULA) .

    Content disclaimer

    Vendors are responsible for their product descriptions and other product content. AWS does not warrant that vendors' product descriptions or other product content are accurate, complete, reliable, current, or error-free.

    Usage information

     Info

    Delivery details

    Software as a Service (SaaS)

    SaaS delivers cloud-based software applications directly to customers over the internet. You can access these applications through a subscription model. You will pay recurring monthly usage fees through your AWS bill, while AWS handles deployment and infrastructure management, ensuring scalability, reliability, and seamless integration with other AWS services.

    Support

    Vendor support

    ThreatZ Support by VxLabs

    Support is provided by VxLabs, the maker of ThreatZ.

    Contact: support@threatz.io  | Security inquiries: security@vxlabs.ai 

    Support tiers:

    • Team: email support during business hours, 48-hour first-response target
    • Professional: email and in-app support, 24-hour response target
    • Enterprise: 24/7 Severity-1 coverage with a 4-hour S1 response target, dedicated account team, and custom SLA options

    Enterprise onboarding includes: deployment into your environment (private cloud, on-premise, or air-gapped), schema-free import of existing TARA and catalog data, integration configuration, and SSO/role setup.

    Security posture: TISAX label held; SOC 2 Type II audit in progress; independent penetration testing on a recurring cadence.

    AWS infrastructure support

    AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.

    Customer reviews

    Ratings and reviews

     Info
    0 ratings
    5 star
    4 star
    3 star
    2 star
    1 star
    0%
    0%
    0%
    0%
    0%
    0 reviews
    No customer reviews yet
    Be the first to review this product . We've partnered with PeerSpot to gather customer feedback. You can share your experience by writing or recording a review, or scheduling a call with a PeerSpot analyst.