News
- Press Release
Cybersecurity Cloud's vulnerability information collection and management tool "SIDfm" has newly launched the "SIDfm API," which allows API integration, and "SIDfm IG," which allows collected vulnerability information to be shared internally.
Cyber Cyber Security Cloud, Inc. (Headquarters: Shinagawa-ku, Tokyo; President and CEO: Toshihiro Koike; hereinafter referred to as "the Company"), a global security manufacturer, is pleased to announce that it has expanded the lineup of its vulnerability information collection and management tool "SIDfm" by newly launching "SIDfm API," which enables API integration, and "SIDfm IG," which enables the sharing of collected vulnerability information with internal stakeholders.

■ Development Background
In recent years, security incidents caused by OS and software vulnerabilities, such as damage caused by ransomware and attacks exploiting weaknesses in the supply chain, have been increasing. In order to improve this situation, compliance with PCI DSS v4 and updates to security guidelines from various government ministries and agencies have made it essential to introduce vulnerability management and SBOM. Therefore, security personnel at each company and personnel from vendors who are contracted to operate and maintain systems are required to quickly grasp, deal with, and report vulnerability information that affects their companies more than ever before.
However, with tens of thousands of vulnerabilities reported each year, quickly identifying vulnerabilities that affect your company, identifying those that need to be addressed, and then researching and applying countermeasures can be extremely difficult and time-consuming.
To solve these problems, in 1999, we first launched "SIDfm," a tool in Japan that streamlines the collection and management of vulnerability information that is published daily, and for over 20 years (*1), we have supported many companies in streamlining their vulnerability response operations. Now, leveraging our technological capabilities, we have released "SIDfm API" and "SIDfm IG," new types of tools that respond to recent circumstances.
*1: Softech, which was acquired in 2020, began operations in 1999.
■ What is "SIDfm API" that allows API integration?
"SIDfm API" provides vulnerability information content owned by "SIDfm" through an API. This allows you to build a system that utilizes vulnerability information obtained in JSON format and is linked to your existing environment, making it suitable for a variety of use cases.
As an example
- Display the latest vulnerability information and related news on the in-house portal site to widely disseminate it
- Matching with existing configuration management databases to notify vulnerability information only for installed products
- Incorporate it into your workflow, identify vulnerabilities that need to be addressed based on the thresholds you set, and issue a maintenance ticket with instructions on how to deal with them.
It is possible to automatically distribute vulnerability information such as these and systematize vulnerability management.

■What is "SIDfm IG" that allows you to share collected information within your company?
"SIDfm IG" automatically collects and accumulates vulnerability information required for your company's environment from around the world, allowing you to quickly identify only the information your company needs and see at a glance the vulnerabilities that need to be addressed and the countermeasures required.
The previously offered "SIDfm Biz" and "SIDfm Group" did not allow information to be automatically shared with anyone other than users with a login ID, but "SIDfm IG" is a version that makes this possible.
With "SIDfm IG," the information sharing option makes it possible to register a mailing list as the email notification destination, allowing new and updated vulnerability information that matches the conditions set by the administrator to be distributed simultaneously and shared with relevant parties.
In addition, you can post vulnerability information from SIDfm on your company's internal chat tool (※2) and share the information with channel participants in a timely and smooth manner.
In conjunction with this, new contracts for "SIDfm Biz" and "SIDfm Group" will be terminated at the end of June. (※3)
*2: Slack, Teams, and Chatwork are available (as of June 2024)
*3: Customers who are already using the service can continue to use it.
■ New type to be unveiled for the first time at "Interop Tokyo 2024"
The SIDfm API and SIDfm IG will be unveiled for the first time at Interop Tokyo 2024, which will be held at Makuhari Messe from Wednesday, June 12th to Friday, June 14th, 2024.
At our exhibition booth (booth number: 6M21), we will be holding seminars and demonstrations in our booth to introduce the features and usage scenarios of each type of vulnerability information collection and management tool, "SIDfm."

<Event Overview>
・Dates: Wednesday, June 12th to Friday, June 14th, 2024
・Time: 10:00-18:00 (until 17:00 on the last day)
・Venue: Makuhari Messe / Our booth number: 6M21
・Organizer: Interop Tokyo Executive Committee
Admission fee: Free with online registration (advance registration is not available) Here)
■About the vulnerability information collection and management tool "SIDfm"
SIDfm is a vulnerability information collection and management tool that streamlines vulnerability response operations. It automatically collects and accumulates vulnerability information for OS, applications, and network products from around the world. With a function that allows you to quickly identify only the information that is necessary for your company, you can see at a glance the vulnerabilities that need to be addressed and the details of the measures to be taken. In addition, it can even record and manage the progress of vulnerability countermeasures.
The biggest feature of "SIDfm" is the quality of its content. Security analysts interpret metadata from NVD, KEV, vendor advisory information, JVN, and other sources from an expert perspective, assess risk, and provide vulnerability information with "unique indicators" and "explanations in Japanese." With just the information from "SIDfm," you can immediately understand and grasp the affected versions and countermeasures in Japanese from the overview, allowing you to focus resources on addressing vulnerabilities that should be prioritized.

・ SIDfm service site: https://sid-fm.com/
About Cyber Security Cloud, Inc.
Address: 13th floor, JR Tokyu Meguro Building, 3-1-1 Kami-Osaki, Shinagawa-ku, Tokyo
Representative: Toshihiro Koike Representative Director, President and CEO
Established: August 2010
URL: https://www.cscloud.co.jp/
With the corporate philosophy of "creating a cyberspace that people all over the world can use safely and securely," we are a Japanese security manufacturer that provides vulnerability information collection and management tools and fully managed security services for cloud environments, centered on web application security services that make full use of the world's leading cyber threat intelligence. As one of the global companies in cybersecurity, we will contribute to solving social issues related to cybersecurity and provide added value to society.