Upgrading in the war against cybercriminals with expanded protection from zero-day attacks
Düsseldorf/Germany, December 8, 2022 – ONEKEY, a company specializing in the security of industrial control systems and IoT devices, is responding to the increasing activity of criminal hackers with its new software release. ONEKEY offers an extensive software-supported automated analysis of binary code to detect previously unknown vulnerabilities, especially the so-called zero-day vulnerabilities. ONEKEY’s automated firmware analysis identifies all device-internal software components and comprehensively matches them against international vulnerability databases, such as CVE. In addition to the known vulnerabilities, however, the software examines for other potential and yet undiscovered security problems. These can include configuration conflicts, hard-coded credentials, outdated or invalid cryptographic usages and assets. The new automated 0-day analysis identifies previously unknown vulnerabilities in the applications such as code, SQL or command injection issues that could be exploited by an attacker. This 0-Day detection significantly expands the type and number of vulnerabilities that are automatically detected by the ONEKEY platform.
Localization of zero-day threats
In addition to detecting 0-day vulnerabilities, the platform also provides information as to where each vulnerability is located in the code. This helps customers to quickly isolate the problem and reduces the time and effort required to fix it. The new version of ONEKEY software has been massively enhanced to provide the highest level of protection: “In recent months, industrial companies have been attacked more frequently, including numerous medium-sized businesses. We are actively helping to ensure that hackers – whether criminally or politically motivated – can no longer gain access to networks via connected devices or industrial control systems,” says ONEKEY CEO Jan Wendenburg regarding the latest innovations of his cybersecurity platform.
Transparent listing of software components in SBOMs
The new variable software composition analysis enables to list and scan all components from internal development and external sources to be screened for unwanted components and risks. The integrated “Software-Bill-of-Materials (SBOM)” generator helps to increase transparency and reduce efforts and software supply chain risks. This will become more important with the upcoming EU Cyber Resilience Act. Even very large firmware images are no problem as the platform supports extended file sizes.
Extended detection of private keys
The new release introduces numerous additional features that further increase the cybersecurity level for users in industry and business. These include automatic detection of private keys, which can easily be exploited as a potential backdoor and can lead to man-in-the-middle attacks.
The threat level classification has also been expanded to include “critical” and “informal” to better represent identified issues. “Currently, cyberwar is developing faster than the IoT/OT industry in general. Therefore, a high level of protection is urgently needed for businesses that have a lot of network-connected technology in use. Our research team is thus working intensively on our automatisms to be able to not only find known risks, but especially detect those not yet discovered, based on our innovative software,” explains Jan Wendenburg, CEO of ONEKEY.
ONEKEY is the leading European specialist in Product Cybersecurity & Compliance Management and part of the investment portfolio of PricewaterhouseCoopers Germany (PwC). The unique combination of an automated Product Cybersecurity & Compliance Platform (PCCP) with expert knowledge and consulting services provides fast and comprehensive analysis, support, and management to improve product cybersecurity and compliance from product purchasing, design, development, production to end-of-life.
Critical vulnerabilities and compliance violations in device firmware are automatically identified in binary code by AI-based technology in minutes – without source code, device, or network access. Proactively audit software supply chains with integrated software bill of materials (SBOM) generation. “Digital Cyber Twins” enable automated 24/7 post-release cybersecurity monitoring throughout the product lifecycle.
The patent-pending, integrated Compliance Wizard™ already covers the upcoming EU Cyber Resilience Act (CRA) and existing requirements according to IEC 62443-4-2, ETSI EN 303 645, UNECE R 155 and many others.
The Product Security Incident Response Team (PSIRT) is effectively supported by the integrated automatic prioritisation of vulnerabilities, significantly reducing the time to remediation.
Leading international companies in Asia, Europe and the Americas already benefit from the ONEKEY Product Cybersecurity & Compliance Platform and ONEKEY Cybersecurity Experts.
euromarcom public relations GmbH
+49 611 973 150