Theme
Compare Plans
Built for ISO/SAE 21434

ThreatZ Automotive Cybersecurity
Platform for
ISO/SAE 21434, R155 & GB 44495

ThreatZ is the comprehensive CSMS (Cybersecurity Management System) for automotive manufacturers and Tier-1 suppliers. Automate TARA, manage SBOMs, track vulnerabilities, and unify compliance operations in one platform.

Compare Plans
500+ Registered Users
Built for ISO/SAE 21434
TISAX AL3 Assessed
EU CRA Compliant
EN, DE, ZH — 3 Languages
Uraeus.ThreatZ Dashboard
Real-time Security Overview
98%
Compliance Score
24
Active Monitors
Threat Models 7
Risk Assessments 12
Compliance Checks 156

Powering Cybersecurity at Leading Automotive Manufacturers

BMW Vector Informatik Foxconn Brose Preh Neusoft Reach
85%
Faster TARA Completion
500+
Cybersecurity Professionals
30+
Tool Integrations
5
Compliance Standards
Complete Platform

Fifteen Integrated
Security Modules

End-to-end automotive cybersecurity management — from program-level vehicle architecture and TARA to SBOM supply chain, network communication analysis, baselines, and compliance reporting.

TARA Threat Modeling

Visual STRIDE analysis with automated risk scoring

TARA Guide →
Risk Assessment
Visual Diagrams
Auto Scoring

Risk Assessment

Real-time TARA calculations and mitigation tracking

Automating TARA →
TARA Analysis
Real-time Updates
Mitigation Plans

Requirements Management

ISO/SAE 21434 compliance with full traceability

ISO/SAE 21434
Traceability
Audit Trails

Architecture Analysis

Interactive system diagrams with security layers

System Maps
Security Layers
Dependencies

Vulnerability Management

Automated CVE scanning and prioritization

Vulnerability Lifecycle →
CVE Tracking
Auto Scanning
Prioritization

Incident Response

Streamlined security operations workflow

Response Playbooks →
Response Plans
Team Coordination
Escalation

Compliance Reporting

Automated audit documentation generation

CSMS Audit Prep →
Auto Reports
Regulatory
Documentation

System Modeling

Define vehicle architecture, assets and trust boundaries

Component Trees
Interface Mapping
Trust Boundaries

Risk Treatment

Define cybersecurity controls with full traceability

Security Controls
Requirement Linking
Residual Risk

SBOM & Supply Chain

Software bill of materials with dependency analysis

SBOM Import
Weakness Tree
License Compliance

Validation & Testing

Security test campaigns with the Test Bench Agent

Test Campaigns
AI Test Agent
Evidence Collection

AI Assistant

AI-powered intelligence across every workflow

Smart Suggestions
Auto Classification
Context-Aware

Programs & Vehicle Architecture

Top-level program management with 3D vehicle architecture canvas

ECU Hierarchy
Blueprints Catalog
Platform Reuse

Baselines & Release Management

Point-in-time release snapshots with auto-versioning and comparison

Release Snapshots
Baseline Comparison
Freeze / Unfreeze

Network Communication Matrix

Signal-level security for CAN, LIN, FlexRay & Ethernet networks

DBC Import
COVESA VSS v6.0 signal taxonomy with requirement traceability
STRIDE Auto-Threats

Ready to secure your vehicle lifecycle?

See how these modules work together to provide comprehensive cybersecurity management. Get personalized recommendations for your specific use case.

Complete platform demo walkthrough
Personalized security assessment
ISO/SAE 21434 compliance roadmap
Custom implementation timeline

Get Platform Demo

Schedule a personalized walkthrough of all security modules

Compare Plans
✓ No credit card required ✓ 14-day free trial ✓ Expert support included
Eight Integrated Pillars

Built for Modern
Automotive Security

A complete CSMS — not a point tool. From governance and system design through post-production operations and compliance evidence, ThreatZ covers the full ISO/SAE 21434 lifecycle with eight integrated pillars.

01

Design

3D vehicle modeling, system architecture canvas, and ECU → SBOM → CVE traceability across 40+ automotive protocols.

Learn more →
02

Governance

Versioned security catalogs, project blueprints, approval workflows, and security baselines with regression tracking.

Learn more →
03

TARA

AI-assisted STRIDE threat modeling, attack path analysis, CAL 1–4 risk determination, with end-to-end traceability.

Learn more →
04

SBOM & Supply Chain

CycloneDX / SPDX ingest, NVD/GHSA/OSV/CNVD scanning, 90-day CVE forecasting, and SBOM-to-architecture mapping.

Learn more →
05

Security Testing

Penetration, fuzz, robustness, and compliance campaigns linked to TARA. TestBench Agent ships 36+ protocol fuzzers.

Learn more →
06

Operations

Post-production event ingestion, P1–P4 anomaly detection, VSOC export (JSON/AUTOSAR/STIX), and incident lifecycle.

Learn more →
07

Compliance

Full ISO/SAE 21434 clause coverage (44 work products), UNECE R155, GB 44495, GDPR & EU CRA — with audit-ready report generation.

Learn more →
08

Collaboration

Real-time co-editing with presence indicators, two-tier RBAC, multi-tenant supplier portal, and open APIs with HMAC webhooks.

Learn more →
Built for ISO/SAE 21434 Always-Current Threat Intelligence Enterprise-Grade Security Multi-Language (EN / DE / 中文)
Looking for runtime vehicle monitoring and fleet protection? Explore SentraX Fleet XDR →
Product Demos

See ThreatZ
In Action

13 step-by-step walkthroughs covering every module — from TARA threat modeling to compliance reporting

ThreatZ platform walkthrough demo video 7:42

ThreatZ Walkthrough Demo

End-to-end platform tour covering all modules and core workflows

Platform Overview
Threat modeling with STRIDE in ThreatZ 5:18

Threat Modeling in ThreatZ

STRIDE-based threat analysis with attack path visualization

TARA
ISO/SAE 21434 risk assessment in ThreatZ 4:55

Risk Assessment in ThreatZ

ISO/SAE 21434 risk scoring with impact and feasibility analysis

TARA
SBOM management and vulnerability tracking 6:10

SBOM Management in ThreatZ

Import SBOMs, track vulnerabilities, and manage license compliance

Supply Chain
Compliance reporting for ISO/SAE 21434 and R155 4:30

Compliance Reporting in ThreatZ

Generate audit-ready reports for ISO/SAE 21434, R155 & GB 44495

Compliance
System modeling for automotive cybersecurity 5:45

System Modeling in ThreatZ

Define assets, interfaces and trust boundaries for your vehicle architecture

Foundation
Risk treatment and cybersecurity requirements 4:15

Risk Treatment in ThreatZ

Define cybersecurity requirements and controls with full traceability

TARA
Security validation and testing in ThreatZ 5:30

Validation and Testing in ThreatZ

Create and execute security test campaigns with the Test Bench Agent

V&T
Security operations module in ThreatZ 4:48

Operations Module in ThreatZ

Threat intelligence, incident response and security event monitoring

Operations
Security catalog with threats, risks and controls 3:52

Security Catalog of ThreatZ

Pre-defined threats, controls, security goals and cybersecurity claims

Foundation
Import legacy TARA projects from Excel 3:20

Import Legacy Project to ThreatZ

Migrate existing TARA projects from Excel or legacy tools

Migration
Policy management for automotive cybersecurity 3:40

Policy Management in ThreatZ

Define cybersecurity policies and organizational security governance

Governance
ThreatZ home page and dashboard overview 2:55

ThreatZ Home Page Overview

Dashboard navigation and key platform features at a glance

Platform Overview

Seen enough? Get hands-on with ThreatZ.

What Our Customers Say

Trusted by Automotive Security Leaders

“ThreatZ transformed our CSMS from a checkbox exercise into a competitive advantage. We now approach audits with confidence, not anxiety.”

Head of Cybersecurity Engineering European Premium OEM

“Before ThreatZ, a single CVE disclosure could take two weeks to assess. Now we have impact analysis in under four hours.”

Director of Software Engineering Global Tier-1 Supplier

“ThreatZ eliminated the duplication and gave us confidence that both documentation sets were consistent and complete. We achieved European type approval months ahead of schedule.”

VP Cybersecurity Chinese EV Manufacturer
Transparent Pricing

Enterprise-Grade Platform.
Accessible Pricing.

The complete automotive cybersecurity platform. From your first TARA to full lifecycle operations.

Monthly
Annual Save 17%

Team

Get to a compliant TARA and audit-ready reporting fast.
$1,199 /month
Unlimited users · Billed annually ($14,388/yr)
Includes
  • Foundation + TARA
  • Unlimited internal users
  • Up to 3 projects (+$99/mo each)
  • Full security catalog (threats, risks, controls, goals, claims)
  • System scoping + threat modeling
  • STRIDE threat identification
  • Risk assessment + heatmaps
  • Risk treatment planning
  • Attack path analysis
  • Risk relationship graph
  • Architecture
  • Vehicle architecture canvas
  • Vehicle → SubSystem → ECU hierarchy
  • Compliance & Collaboration
  • Compliance reporting (ISO/SAE 21434)
  • MATLAB System Composer import
  • RBAC (basic roles)
  • Team collaboration + report history
  • PDF + Excel exports
  • Email support (48h SLA)
  • Platform
  • Multi-language (EN, DE, ZH)

Professional

Full lifecycle platform with operations and supply chain.
$499 /user/month
Min 5 users · Billed annually ($29,940/yr at 5)
Everything in Team, plus
  • BOM/SBOM & Supply Chain
  • Up to 15 projects
  • SBOM management (CycloneDX, SPDX)
  • Vulnerability tracking + dependency analysis
  • Weakness tree visualization (SBOM + TARA)
  • License tracking + compliance notes
  • SCA / SAST code analysis
  • Validation & Testing (V&T)
  • Security testing campaigns
  • ThreatZ Test Bench Agent (Desktop App)
  • Vector CANoe via Test Bench Agent (CAPL + Python)
  • Operations
  • Threat intelligence tracking + mapping
  • Incident management lifecycle
  • Security event monitoring
  • Architecture
  • 3D vehicle architecture canvas
  • Unified blueprints catalog
  • Baselines & Release Management
  • Release snapshots with auto-versioning
  • Baseline comparison + project freeze/unfreeze
  • Network Communication Matrix
  • Signal-level security (CAN/LIN/FlexRay/Ethernet)
  • DBC import + COVESA VSS v6.0 mapping
  • STRIDE auto-threat generation for signals
  • Integrations & Collaboration
  • Two-factor authentication (2FA)
  • Report sharing (LiveLink + Snapshot)
  • Multi-framework compliance (ISO/SAE 21434, R155, GB 44495, GDPR, EU CRA)
  • SW architecture import (EA, Cameo, Rhapsody, SysML)
  • Jira, GitHub, GitLab integrations
  • Priority email support (24h SLA)
  • Platform
  • Multi-language (EN, DE, ZH)
Enterprise
Full platform at OEM/Tier-1 scale with advanced controls.
Custom
Starting at $100K/year
Everything in Professional, plus
  • Programs at Scale
  • Unlimited programs + vehicle architecture
  • Enterprise Controls
  • Unlimited users + projects
  • SSO / OIDC authentication
  • Advanced RBAC + governance controls
  • REST API access (rate-limited, scoped)
  • Email notifications (SendGrid / SMTP)
  • Custom integrations
  • Advanced reporting + audit trails
  • AI Power Pack included
  • Operations at Scale
  • VSOC integration (2 connectors included)
  • Ops data retention (6–36 months)
  • Multi-source threat intel ingestion
  • STIX / AUTOSAR export formats
  • Delivery
  • Dedicated Customer Success Manager
  • SLA: 4h response, 99.9% uptime
  • On-premise deployment available
  • Custom rollout planning
  • Platform
  • Multi-language (EN, DE, ZH)

Add-ons

Available for Professional and Enterprise tiers

AI Power Pack

Free 1st year, then $29/user/mo

AI threat recommendations, risk scoring assistance, test case generation, and finding correlation. Gifted for the first year on all plans.

VSOC Connector

+$500/month

Bidirectional integration to external VSOC/SIEM systems. Webhooks, REST, MQTT. Enterprise includes 2 connectors.

Managed TARA Service

From $5,000/project

ThreatZ experts perform your TARA assessment using the platform. Full deliverable ready for audit.

Training & Onboarding

From $2,000

Live training sessions, workshop facilitation, custom template creation, and team onboarding.

Additional Projects

$99/project/month

Need more than your plan's included projects? Add extra project slots to any Team or Professional subscription.

On-Premise Deployment

Enterprise only

Air-gapped, self-hosted deployment. +40% uplift on license cost. Minimum $200K/year ACV. 2–3 year terms.

Custom Integration

$2,500/story point

Bespoke integration development consumed as story points. Connect ThreatZ to your proprietary toolchain, PLM, or internal systems.

Starter Package

$7,900 one-time

Full onboarding and migration service. We set up your workspace, configure vehicle architectures, and migrate existing projects so you can hit the ground running.

Compare Plans

Team Professional Enterprise
Platform
Multi-language support (EN, DE, ZH)
UsersUnlimited5–50Unlimited
Projects3 (+$99/mo)15Unlimited
RBACBasic rolesFull rolesAdvanced + governance
Two-Factor Auth (2FA)
SSO / OIDC
REST API Access
Email Notifications
Advanced Reporting
Foundation
Security Catalog Full Full Full
Policy Manager Unlimited Unlimited Unlimited
Compliance ReportingISO/SAE 21434Multi-frameworkCustom frameworks
PDF / Excel Exports
ReqIF Export
Programs & Vehicle Architecture
ProgramsUnlimited
3D Vehicle Architecture Canvas
Vehicle → SubSystem → ECU Hierarchy
Unified Blueprints Catalog
Baselines & Release Management
Release Snapshots + Auto-Versioning
Baseline Comparison
Project Freeze / Unfreeze
Metrics Tracking (12+ metrics)
Network Communication Matrix
Signal-Level Security (CAN/LIN/FlexRay/Ethernet)
DBC File Import + Parsing
COVESA VSS v6.0 Signal Mapping
STRIDE Auto-Threat Generation (Signals)
Multi-Standard Compliance (ISO 21434, R155, GDPR)
SOME/IP & DDS Service Modeling
TARA
System Modeling
STRIDE Threat Modeling
Risk Assessment + Heatmaps
Risk Relationship Graph
Attack Path Analysis
Risk Treatment Planning
Weakness Tree (SBOM + TARA)
Report Export (PDF)
Report Sharing (LiveLink + Snapshot)
Integrations
MATLAB System Composer (Native)
SW Architecture Import (EA, Rhapsody, Cameo, SysML)
Jira Integration
GitHub / GitLab
Vector CANoe via Test Bench Agent (CAPL + Python)
VSOC / SIEM IntegrationAdd-on 2 included
Custom Integrations
SBOM / Supply Chain
SBOM Management
SCA / SAST Code Analysis
Vulnerability Tracking
License Tracking
Validation & Testing (V&T) / Operations
Security Testing Campaigns
ThreatZ Test Bench Agent (Desktop App)
Threat Intelligence Multi-source
Incident Management At scale
Security Event Monitoring
Ops Data Retention90 days6–36 months
STIX / AUTOSAR Exports
AI
AI Power Pack Free 1st year Free 1st year Included
Support
Support ChannelEmail (48h)Email (24h)Dedicated CSM (4h)
OnboardingSelf-serveGuidedWhite-glove
Private Cloud (+10%)
On-Premise Option

Frequently Asked Questions

Can I switch plans later?
Yes. You can upgrade at any time and your billing will be prorated. Downgrading takes effect at the end of your current billing cycle.
What's the difference between Team and Professional?
Team gives you everything needed for TARA and ISO/SAE 21434 compliance with unlimited users at a flat monthly rate. Professional adds per-user pricing with SBOM/supply chain management, operations (testing, incidents, threat intel), additional integrations (Jira, GitHub, GitLab, architecture import), and multi-framework compliance.
Do you offer discounts for startups or academic institutions?
Yes. We offer 50% off Professional for companies under 50 employees, and free Professional access for accredited universities. Contact us for details.
What compliance frameworks are supported?
ISO/SAE 21434, UNECE R155, GB 44495, GDPR, and EU CRA. Team includes ISO/SAE 21434 reporting; Professional and Enterprise support all five frameworks. Enterprise customers can also create custom compliance frameworks.
Can I get a volume or multi-year discount?
Yes. We offer 5% off for 2-year commitments and 10% off for 3-year commitments. For large teams on Professional, contact us for volume pricing.
Is on-premise deployment available?
On-premise is available for Enterprise customers with strict deployment requirements. SaaS is default and recommended for fastest time-to-value. On-prem carries a 40% uplift on the license cost with a minimum $200K/year ACV.
What does "Unlimited internal users" mean on Team?
Every member of your organization can access the platform at no additional per-user cost. Team is priced per-workspace, not per-user, so your entire cybersecurity team can collaborate from day one.
How does the free trial work?
Team and Professional plans come with a 14-day free trial. No credit card required. Full access to all tier features. Your data carries over when you subscribe.
What is ISO/SAE 21434?
ISO/SAE 21434 is the international standard for automotive cybersecurity engineering. It defines requirements for a Cybersecurity Management System (CSMS) covering the entire vehicle lifecycle — from concept and development through production, operation, and decommissioning. ThreatZ automates ISO/SAE 21434 compliance with built-in TARA workflows, risk assessment, and traceability.
What is TARA in automotive cybersecurity?
TARA (Threat Analysis and Risk Assessment) is the core security analysis process defined in ISO/SAE 21434. It involves identifying assets, analyzing threat scenarios, assessing attack feasibility, determining risk levels, and defining cybersecurity goals and risk treatment decisions. ThreatZ automates the entire TARA process with AI-powered threat modeling using the STRIDE methodology.
What is a CSMS (Cybersecurity Management System)?
A CSMS (Cybersecurity Management System) is the organizational framework required by UNECE R155 and defined in ISO/SAE 21434 for managing automotive cybersecurity across the vehicle lifecycle. It encompasses policies, processes, and tools for threat analysis, risk management, incident response, and continuous monitoring. ThreatZ provides the complete CSMS platform for OEMs and Tier-1 suppliers.
How does ThreatZ automate TARA analysis?
ThreatZ uses AI to automatically identify assets from system models, generate threat scenarios using the STRIDE methodology, assess attack feasibility and impact, calculate risk levels per ISO/SAE 21434, and suggest cybersecurity goals and risk treatment options — with full traceability from assets to controls. What traditionally takes weeks of manual effort can be completed in hours.
What is the STRIDE methodology?
STRIDE stands for Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, and Elevation of Privilege. It is the threat classification framework used in ThreatZ for systematic automotive threat modeling. Each STRIDE category maps to specific cybersecurity goals, enabling comprehensive threat coverage and structured risk assessment aligned with ISO/SAE 21434.
Product Overview

Download Our One Pager

Get a comprehensive overview of the ThreatZ platform in a single document.

Resources & Guides

Deepen Your Knowledge

Expert guides on automotive cybersecurity standards and best practices from the Uraeus knowledge hub.

Standard
ISO/SAE 21434 TARA Guide
Step-by-step guide to threat analysis and risk assessment under ISO/SAE 21434.
Read guide →
Regulation
UNECE R155 Type Approval
How to achieve CSMS certification and vehicle type approval under R155.
Read guide →
Supply Chain
Automotive SBOM Management
Best practices for software bill of materials in automotive cybersecurity.
Read guide →
Compliance
CSMS Audit Preparation
Prepare your organization for a successful CSMS audit with this checklist.
Read guide →
View All Resources
Join 500+ Registered Users

Secure Your Vehicle
Ecosystem Today

Start your cybersecurity transformation with Uraeus.ThreatZ. Get ISO/SAE 21434 compliant in weeks, not months, with our proven platform used by automotive teams worldwide.

Built for ISO/SAE 21434
TISAX AL3 Assessed
Supports R155 / GB 44495
GDPR Compliant
EU CRA Compliant
Available in EN, DE & ZH

Everything you need to succeed:

Free 14-day trial with full platform access
Dedicated cybersecurity expert onboarding
ISO/SAE 21434 compliance templates included
Priority support and training sessions
Custom integration with your existing tools

Start your 14-day free trial today. No credit card required. Cancel anytime. Your data stays secure with enterprise-grade encryption.