New name underlines expanded focus for industry (IIoT), manufacturing (OT) and Internet of Things (IoT)Düsseldorf, 02. May 2022 – German IT security company IoT Inspector is giving itself a new name. The specialist team for automated analysis of IoT devices is now called ONEKEY and continues to operate the leading European platform for industrial controls (IIoT), production equipment (OT) and other smart devices (IoT).
With the new name, the company underlines the stronger focus on security in the industrial area of the Internet of Things, which has already taken place since the beginning of 2022: “In recent months, the need in specifically this area – security in the firmware of industrial plants, virtually any device connected to a network – has grown enormously. At the same time, several scandals have made it clear that manufacturers and users need a simple system to verify the security and compliance of industrial devices. We strive to be the ONEKEY solution when it comes to secure design, procurement and persistent monitoring of IoT devices,” says Jan Wendenburg, CEO of ONEKEY. Just a few weeks ago, the company discovered massive security vulnerabilities in chipsets from Realtek, in Broadcom-supported devices, and in other devices that can be found not only in private environments, but especially in corporate networks.
With so-called technical advisories, i.e. technical details about vulnerabilities, ONEKEY has helped companies and institutions in the past months to uncover partly serious security holes. In many cases, ONEKEY has also worked together with the manufacturers to quickly eliminate the problems. However, hackers are now also taking advantage of expert knowledge: “After the publication of technical information about security vulnerabilities, hackers often immediately begin to attack these very vulnerabilities. That’s why we’re also calling for a general, mandatory basic security check of software for industrial control and production systems in the manufacturing and procurement process,” demands Jan Wendenburg, CEO of ONEKEY. This is because it is not uncommon for outdated or defective libraries from other manufacturers to be integrated, which weaken the overall system – such vulnerabilities, which were never discovered, thus migrate from one generation of equipment to the next. For the Düsseldorf-based company, the new name is therefore not just a new brand – but the basis for a 360-degree view of all connected devices, whether in the industrial, infrastructure or smart home sectors.
Many organizations and IT departments usually rely on manufacturers’ statements about components of the delivered software, but manufacturers often do not know exactly which components are in their own software. Many subcontractors and outsourced development departments of the manufacturers usually pay more attention to costs than to the exact testing of all individual components of a software. ONEKEY can automatically identify the software components and delivers an independent list for this purpose – the “Software Bill of Materials” (SBOM). Thus, manufacturers and purchasers receive significantly more transparency and security.
An industrial control system or critical infrastructure device may be secure today – but tomorrow it may have completely new vulnerabilities in the components it contains. Every day, hundreds of new vulnerabilities are found and published worldwide.
“ONEKEY” automatically creates so-called “digital twins” of these controls and devices and can then monitor them 24/7 fully automatically. In this way, valuable industrial equipment can be monitored without interfering with the production process, and alerted to new vulnerabilities virtually in real time,” Wendenburg said. “The political unrest in the world is a risk for data outflows, attacks on critical infrastructures, which is growing with unknown factor: Timely, fast verification is necessary, we have the key to it,” ONEKEY CEO Jan Wendenburg sums up.
ONEKEY is the leading European specialist in Product Cybersecurity & Compliance Management and part of the investment portfolio of PricewaterhouseCoopers Germany (PwC). The unique combination of an automated Product Cybersecurity & Compliance Platform (PCCP) with expert knowledge and consulting services provides fast and comprehensive analysis, support, and management to improve product cybersecurity and compliance from product purchasing, design, development, production to end-of-life.
Critical vulnerabilities and compliance violations in device firmware are automatically identified in binary code by AI-based technology in minutes – without source code, device, or network access. Proactively audit software supply chains with integrated software bill of materials (SBOM) generation. “Digital Cyber Twins” enable automated 24/7 post-release cybersecurity monitoring throughout the product lifecycle.
The patent-pending, integrated Compliance Wizard™ already covers the upcoming EU Cyber Resilience Act (CRA) and existing requirements according to IEC 62443-4-2, ETSI EN 303 645, UNECE R 155 and many others.
The Product Security Incident Response Team (PSIRT) is effectively supported by the integrated automatic prioritisation of vulnerabilities, significantly reducing the time to remediation.
Leading international companies in Asia, Europe and the Americas already benefit from the ONEKEY Product Cybersecurity & Compliance Platform and ONEKEY Cybersecurity Experts.
euromarcom public relations GmbH
+49 611 973 150