The Cyber Resilience Act requires manufacturers to ensure the security of digital products throughout their entire life cycle in a traceable manner. SECIRA helps to systematically record risks and threats, assess vulnerabilities and derive suitable measures. All results are automatically documented and create the basis for a traceable CRA declaration of conformity according to the principle of security by design.
SECIRA - The holistic
risk management tool
Interactive digital twins and comprehensive analyses - for maximum security and control.
✔ Interactive digital twin
✔ Holistic risk analysis
✔ Easy to use thanks to drag-and-drop
✔ Preconfigured
✔ Compliance made easy
Automated risk analysis based on current threat data
Visualization of infrastructure
including virtual networks
Seamless integration with i-doit
(CMDB) & IRMA (SzA)
Mapping to business processes &
evaluation within the operational context
Support for IEC 62443,
ISO 27001, NIS2, IT-SiG 2.0
Ready for future standards
(CRA, C5)
SECIRA revolutionizes your security management
Our unique technology combines technical, organizational and infrastructural aspects to precisely identify risks and develop tailored measures. Experience intuitive visualizations that facilitate collaboration and plan with confidence for the future.
Risk management life cycle
SECIRA is the only web platform on the market that is capable of performing holistic risk management as a service. ICS experts help you build a robust, sustainable risk analysis lifecycle that delivers high quality results and keeps itself continuously updated. The risk management process is built on a digital twin that captures all security relevant information across all OSI layers. The lifecycle — from “Collect” and “Model” to “Monitor” and “Risk Management” — forms the foundation of a defense in depth security architecture. All required data is consolidated as automatically as possible through imports and bidirectional interfaces, then visualized within the digital twin.
Forget Excel & manual processes
Manage risks smartly and holistically with SECIRA - through automated analyses, clear prioritization and practical implementation recommendations. This not only saves you valuable time and resources, but also increases the security and efficiency of your IT and OT systems.
Interactive digital twin
SECIRA is the only solution that enables a fully interactive and customizable digital twin - creating an accurate digital representation of your infrastructure. SECIRA's digital twin is not just a static model, but a dynamic and interactive representation that is continuously updated to reflect changes in the infrastructure. The digital twin centrally describes all the information required for continuous risk analysis and at the same time creates a reliable starting point in the planning phase to identify and avoid risks during the design of new products and solutions (CRA).
Holistic risk analysis
In addition to technical assets, SECIRA also integrates organizational (e.g. access authorizations) and infrastructural aspects (e.g. locking mechanisms, resistance classes, etc.) into the risk analysis and thus offers a more comprehensive risk assessment than other products. With SECIRA, we create holistic risk management at all levels in a permanent, automated form. The high level of automation reduces effort and costs - often by up to 70% compared to manual procedures. Already using i-doit or IRMA? Then it's even easier: SECIRA can be connected directly and validated data can be used in the risk analysis.
System for attack detection (SzA) with IRMA for BSIG §8a compliant use.
CMDB with i-doit for a structured, dynamic value directory.
Advanced visualization
SECIRA's interactive visualization improves communication and understanding of risks throughout the company. From the IT technician to the CISO.
- The digital twin depicts the current situation.
- The attack tree shows where risks exist and how they affect business processes on a daily basis.
- The risk matrix evaluates and visualizes risks based on their probability of occurrence and level of damage in order to prioritize them clearly and derive targeted measures.
Conformity to standards
SECIRA supports compliance with standards by analysing risks in a structured manner and prioritizing and documenting security measures. This helps with ISMS operations based on common standards such as NIS2, ISO 27001 or BSI baseline protection. Through gap analysis, maturity assessment and action planning, SECIRA fulfills key regulatory requirements. The result: a better overview, less effort - and audit-ready proof at the touch of a button.
Proactive security planning
SECIRA gives companies a competitive advantage by analyzing planned projects, enabling them to identify and mitigate future risks at the planning stage. With intuitive drag-and-drop and intelligent presets, you can design your risk landscape flexibly and quickly - without in-depth technical know-how.
Security for the future
SECIRA not only assesses existing risks, but also incorporates planned changes - such as new interfaces, systems or IT projects - for forward-looking, strategic security planning instead of reactive measures.
Implementing the Cyber Resilience Act with SECIRA
All highlights at one glance
Powerful functions for companies with foresight.
Time saving
Create risk analyses faster and with less effort. Thanks to a semi-automated process & versatile import options.
Actuality
Changes in risk are directly visible in SECIRA. Up to date.
Verifiable
The risk analysis is traceable internally and in the audit.
Unique
The only risk management system on the market that truly performs a holistic, reliable risk analysis for IT/OT/cloud.
Interoperable
A reliable data situation. A complete data process.
Consulting
Long-term risk management is established, supported and operated by specialized ICS consultants.
Compare SECIRA and competitors
SECIRA is the only solution that offers a fully interactive and customizable digital twin that enables more accurate and user-friendly risk analysis.
-
Basic tools
-
Advanced tools
-
SECIRA
Basic toolsWhat all tools can do |
Advanced toolsWhat SECIRA & a few tools can do |
SECIRAOnly SECIRA can do that |
|
|---|---|---|---|
| Risk analysis | Assessment of IT/OT risks |
Contextualization of risks |
Industry-specific models with process & role assignment |
| Vulnerability detection | Automated CVE detection |
Prioritization based on criticality |
Recommendations for action in the context of the business process |
| IEC 62443 support |
Consideration in parallel in checklist |
Zone/conduit modeling & evaluation |
Risk assessment along the IEC 62443 requirements |
| Asset recognition | Network scan / manual input |
Regular import of assets |
Non-reactive asset discovery based on IDS and regular comparison with digital twin |
| Attack tree | Graphic representation (partial)
|
Analysis of attack sequences |
Fully generated attack tree across the entire model shows dependencies in risk management |
| Visualization | Dashboards & reports
|
Risk maps & interactive models |
Visualized digital twin with live link to the risk matrices |
| Tool configuration | Predefined rules/checklists
|
Custom risk logic & KPIs |
Free modeling for individual security scenarios |
| Support & Service | E-mail / ticket system
|
Dedicated contact person |
Guided Intelligence with consultant support & transfer know-how |
SECIRA Unique Selling Point
Deeper application than the competition
Limited or only partially supported
Supported
Success Story
Risk management in practice: structured security assessment
For Stadtwerke Bielefeld, ICS has developed a transparent and comprehensible risk assessment with SECIRA - as a basis for well-founded decisions, effective measures and regulatory evidence. The success story shows how modern risk management can work.
What customers say from real projects
"Thanks to SECIRA, we were able to map our complex infrastructure in a digital twin and carry out a holistic risk analysis with 20% less effort."
i. Jörg Neitz | Information Security Officer
Stadtwerke Bielefeld
Webinar: Implementing CRA - ensuring risk analysis & compliance
In our webinar you will learn how SECIRA enables risk analysis, vulnerability assessment and long-term compliance according to CRA.
FAQ - Risk management with SECIRA
What makes SECIRA unique compared to other risk management tools?
SECIRA goes beyond traditional risk analyses: instead of one-off checklists, it provides continuous, automated risk analyses - with an interactive digital twin, context-based recommendations for action and an attack perspective that makes the actual impact on business processes visible. SECIRA is a risk management software that provides a holistic view of even complex infrastructures.
What is a digital twin in the context of SECIRA?
The digital twin is a dynamic, visual image of your entire infrastructure - including IT, OT and cloud systems, roles, processes, buildings and external partners. It is fed from your existing data sources, constantly updated and serves as the basis for risk analyses, action planning and decision-making processes.
What is the advantage of a digital twin for risk analysis?
Identifying and understanding risks in a company can be a complex task. The digital twin makes the description and derivation of risks tangible and visual. Modeling creates an overview of dependencies in the business processes and thus also a reliable and explainable data situation.The automated attack tree uses the digital twin as a basis and thus represents the visual linkto the risk matrix. Identified risks can be verifiedalong the model and the attack path in the tree and traced with any depth of penetration .
How up-to-date are SECIRA's risk analyses?
SECIRA works on a daily basis. New vulnerabilities, threats and changes in your infrastructure are automatically detected and evaluated - thanks to a constantly growing threat librarybased on MITRE data and findings from the ICS offensive team, among other things.
Which data sources does SECIRA use?
SECIRA draws on your existing systems - e.g.CMDBs, network data, asset directories, IDS/IPS. No additional sensors or hardwareare required. By using established legacy systems, validated information is usedas the basis for risk analysis, allowing SECIRA to be integrated quickly and deliver reliable results based on real, maintained data.
Is SECIRA an ISMS?
SECIRA is not an ISMS, but the perfect complement. It focuses on technical, infrastructural and role-related risks. The results can be incorporated into any ISMS. On request, our consultants will support you until you are audit-capable in accordance with ISO27001, IT-Grundschutz or industry-specific B3S.
We will be happy to support you in setting up your ISMS.
Is SECIRA suitable for small companies or only for large corporations?
SECIRA is flexibly scalable and is suitable for both small companies and large organizations with complex security requirements.
How does SECIRA help with compliance with security standards such as ISO 27001?
SECIRA supports companies in the ISO27001 process with holistic risk analysis by proactively identifying risks within a structured attack tree. Identified findings are clearly highlighted and displayed in an intuitive dashboard to enable quick and well-founded decisions.
Which sectors in particular benefit from SECIRA?
SECIRA is ideal for companies in sectors with high security requirements, such as rail, IT, industry, manufacturing, energy supply, healthcare and critical infrastructure.
How does SECIRA support collaboration between teams?
SECIRA's interactive visualizations and reports are designed to be understandable for non-technical stakeholders, which facilitates communication and decision-making.
Is SECIRA secure? How is my data protected?
SECIRA uses state-of-the-art encryption and security protocols to protect your data at all times. All data is processed in compliance with the GDPR.
How long will it take to introduce SECIRA in my company? And how much effort is involved in introducing SECIRA?
The implementation of our solutions usually takes around 10 days, depending on the size and complexity of the existing IT and OT infrastructure.
SECIRA uses existing data - so the initial outlay for youis low. Our ICS consultants accompany you step by step: from the initial data acquisition to modeling and operational use. You also benefit from default settings, drag-and-drop functionality and an interface that even non-technicians can understand.
Is SECIRA standard-compliant?
Yes, SECIRA supports companies in complying with IEC62443, ISO27001, NIS2, IT Security Act2.0 and other relevant standards - not just audit-capable, but practical and proactive.
Can SECIRA be integrated into our existing IT?
Yes, SECIRA is customized with interfaces to your systemsas part of the implementation project .
How deep does the analysis go?
SECIRA evaluates risks based on context - not just "whether something is vulnerable", but how it affects your specific business processes. An example: A vulnerability in the VPN may be harmless in an extension - but it can become business-critical in the main system. SECIRA identifies risks in the context of business processes.
Can SECIRA also carry out penetration tests?
SECIRA is not a pentest tool in the traditional sense, but it is an ideal complement to such analyses. Instead of simulating attacks itself, SECIRA seamlessly integrates the results of penetration tests into the holistic risk analysis, network information and vulnerabilities. This ensures that no gaps are overlooked and provides you with a well-founded assessment in the context of your overall infrastructure.
By the way: ICS itself offers penetration testing as a service - for IT, OT, physical security and much more. This experience flows directly into the development of SECIRA.
Is SECIRA only suitable for operators of critical infrastructures (KRITIS)?
No. Although SECIRA was developedspecifically for high-security industries, the platform is also suitable for small and medium-sized enterprises (SMEs).
The high level of automation reduces effort and costs - often by up to 70% compared to manual processes. Companies with a mix of IT and OT in particular benefit from SECIRA.
How does SECIRA deal with outdated legacy hardware?
SECIRA knows that legacy systems are indispensable in many infrastructures. Instead of relying on replacement, SECIRA pursues a defense-in-depth approach in which additional layers of protection are placed around older systems.
In this way, even insecure or unpatchable componentscan be operated securely - without critical dependencies or high costs.
Does SECIRA support various OT protocols?
Yes, SECIRA supports over 50 industry protocols, which are continuously being expanded. All findings from real ICS projects and penetration tests are incorporated into the protocol library. This means that communication in heterogeneous OT landscapesis also reliably evaluated - an important factor for your operational security.
Are different protocol versions and properties taken into account?
Absolutely. SECIRA not only recognizes protocols, but also their specific versions and security features. Depending on the asset type, the platform evaluates WLAN or LAN communication, for example, and provides best practice information directly. This enables precise risk analysis, even for less well-known or specialized protocols.
What does SECIRA cost?
The costs depend on the scope (e.g.number of locations, assets,desired services). We offer customized packages - from pure subscription use to full risk management support from the ICS team of experts. You are welcome to arrange a free demo for an assessment.