Manufacturers and operators of smart devices have been facing complex challenges. Existing cybersecurity regulations and the introduction of new legal requirements, such as the forthcoming EU Cyber Resilience Act (CRA-E) worsens the scenario. The components contained in the software of smart devices are often unknown to customers, as are the vulnerabilities they contain. Such vulnerabilities are identified and exploited by hackers with dramatic consequences for companies. In addition to bringing industrial production lines to a standstill or causing complete infrastructure failures, so-called zero-day vulnerabilities – vulnerabilities that are completely new unknown – pose a substantial threat. Several companies have had to file for bankruptcy in the past as a result of such cyber-attacks.
The industry faces an urgent requirement for comprehensive solutions that tackle these challenges. Enter ONEKEY, a Düsseldorf, Germany-based enterprise. The enterprise provides an automated Product Cyber security and Compliance Platform called PCCP. The platform performs automated, fast and more comprehensive cybersecurity and compliance analysis of any binary firmware from any OT/IoT product, such as industrial routers, industrial control systems, connected machines, mobility systems, or cars.
“Our platform does not require any source code or connection to the devices or networks. It creates a digital cyber twin from the binary firmware so that there will be no impact, interference, or connection to the device or production systems. The digital cyber twin enables detailed analyses of the firmware and detection of known and unknown vulnerabilities. Further, all results are verified against known vulnerabilities in the public and our own CVE databases. As a result, customers can shorten time to fix the vulnerability and to act to mitigate potential zero-day vulnerabilities at an early stage,” explains Jan C. Wendenburg, CEO ONEKEY.
As part of the automated software composition analysis (SCA), the platform automatically generates a Software Bill of Materials (SBOM), a critical inventory of all components. The feature enables customers to gain maximum transparency as to what exactly is contained in the software. Automation in the platform also empower the software to be checked against industry cyber security compliance guidelines such as IEC 62443-4-2, ISO303645, UNR155 the forthcoming EU Cyber Resilience Act and many others. The included monitoring offers customers continuous 24/7 automated cybersecurity monitoring of all software components.
The public and private sectors, as well as the security and privacy, are under constant and increasingly sophisticated cyber-attack around the world. The importance of an effective, holistic SCA and resulting detailed SBOM in this context is unprecedented. ONEKEY’s PCCP platform offers to increase operational security, reduce cyber risk and ensure compliance through maximum automation, while reducing manual efforts and required resources. ONEKEY’s cybersecurity expert team actively contributing to the global, official vulnerability (CVE) database and making their automated results continuously available to the public as an authorized CVE Numbering Authority.
How ONEKEY Differentiates Itself?
ONEKEY differentiates from the competition through a unique, proprietary binary extraction technology which extracts structured data faster at better results from binary images. This results in more findings, more transparency within shorter time for a larger coverage of firmware. Second, a unique hybrid approach of combining the automated platform with a team of embedded cybersecurity experts to support the firm’s clients for faster implementation and benefit and to cover highly proprietary embedded technology, which is typically hard to automate.
The ONEKEY clientele includes prominent names such as Nestle, Phoenix Contact, Emerson, Belden, HighTec, ATOS, Swisscom, TUEV, Sauter, Verbund, Snapone, Vodafone, and Zyxel Networks and many others.
Stint with Swisscom
With a market share of more than 60% in mobile and broadband and total revenue of CHF 11.2B (2021), Swisscom is the top telecom in Switzerland and one of the biggest IT service providers in the nation. Swisscom has been the reliable entry point for telecom goods on the Swiss market for more than a century. Swisscom can conduct tests that manufacturers previously shied away from doing because of ONEKEY’s firmware analysis capabilities, maintaining its leading position even as device security becomes more intricate.
The Future Plans
“Our top priority will always remain maximum customer benefit and satisfaction. We will continue to invest and evolve to ensure our customers can focus on their business while feeling secure and compliant to cyber security. Our roadmap for the near future is to focus even more on product cybersecurity, compliance, and secure software supply chains, as this a major driver for cybersecurity,” adds Wendenburg.
The company is striving to expand and strengthen further its leading offering, reach and influence in software composition analysis. The enterprise recognizes the global growing need of its customers for complex yet efficient solutions in the SCA space and is constantly working to improve its Product Cybersecurity & Compliance Platform and services to meet this need.