ARE YOU READY FOR THE NEW EU CYBER RESILIENCE ACT? » START YOUR CRA READINESS ASSESSMENT TODAY!

CYBERSECURITY SERVICES

Secure products throughout the entire lifecycle. 

Benefit from our awarded experts.

Holistic expertise. Instant result. 

BOOK A FREE MEETING NOW

Product cybersecurity is mandatory in today’s connected world!

 

As physical products are becoming increasingly digital and connected, the security of software, connections and data is a crucial element in product development.

 

Regardless if you develop software internally, you have outsourced development or if you take a hybrid approach – product cybersecurity needs a comprehensive approach to ensure best-in-class coverage and protection.

 

ONEKEY’s security experts have extensive experience in software product security, they are internationally awarded security researchers and experts. They will assist you throughout the product lifecycle by understanding your threat landscape and attack surface, identifying vulnerabilities, establishing security quality locks, and performing continuous controls.

Start now - talk to our security experts

BOOK A FREE MEETING NOW

CYBERSECURITY SERVICES COVERING THE ENTIRE PRODUCT LIFECYCLE

SDLC ASSESSMENT & GAP ANALYSIS ​

We will assess your current software development practices, and rate it according to industry standards, such as IEC 62443-4-1 for manufacturing, ISO 13485 for vendors of medical devices, or ISO/SAE 21434 for the automotive industry. Jointly, we will develop a roadmap for your software development processes to embed necessary security controls and practices and support, following “secure by design” principles.

Verification Phase

Validation Phase

Operation
Phase

Threat Modeling

After decomposing the architecture of your product and analyzing data flows, we will evaluate threats originating from various threat actors. The resulting threat model will highlight missing mitigating controls therefore you can comply with your security requirements.

Design & Architecture Review

To support your endeavors towards “secure by design” principles, we will review the architecture and design of hardware, software, and network layer of your product to validate its cyber resilience and advise you on how to raise its security level.

VALIDATION PHASE

Security Test Automation for Build-Chains

We will review your current build chain and suggest automated security controls that can be integrated into the automated build process for early feedback, which will help your developers build a more secure product.

Source Code Review

In addition to automated security tests at the source code level, we will manually review your source code for security vulnerabilities and logic issues with the help of our automated analysis engine. Recommended mitigations will assist rapid fixing of vulnerabilities to avoid in-the-wild exploitation and abuse by cyber-criminals.

Configuration Review

We will review the operating system as well as all services running on the device for insecure configuration. Actionable advice and recommended configuration changes will raise the overall resilience of the product.

Independent 3rd Party Assessment

To support client demands that may require a Software Bill of Materials (SBOM) as well as insights into vulnerabilities affecting your device, we are your trusted independent partner to provide that information and support you in fulfilling your client’s needs.

Penetration Test (Pentest)

From an attacker’s point of view, we will attempt to exploit any security vulnerabilities we find in the product and supporting systems, which may lead to unauthorized access or compromise of the device. During the pentests, we provide detailed proof-of-concepts that validate security issues and mitigation recommendations. This enables you to close potential gaps immediately.

Conformity Testing

Various industries and governments impose security requirements on devices. We will verify that your product conforms with industry standards and is compliant with effective regulatory frameworks.

Firmware Extraction & Decryption

To assure that threat actors with physical access to your device can’t easily analyze it and access your intellectual property, we will validate physical security controls and attempt to gain unauthorized access to data stored on the device. This approach can also be used to acquire forensic images of compromised devices.

OPERATION PHASE

Security Monitoring for PSIRT

To support pro-active vulnerability management of your product security incident response team (PSIRT) we will alert you about newly discovered vulnerabilities and emerging threats that may impact your product. An impact assessment will help you prioritize remediation efforts.

Vulnerability Triage & Mitigation Support

As soon as you notice an ongoing cyber attack targeting your product, or as soon as a security researcher reports a vulnerability to you, you will want to assess its risk and initiate appropriate mitigating controls. We will support you with triage of vulnerabilities and security issues, and derive actionable mitigating advice.

Start now - talk to our security experts

BOOK A FREE MEETING NOW

WHAT OUR CUSTOMERS SAY...

"ONEKEY’s capabilities and security expertise made it a truly eye-opening experience to work with them."
Nigel Hanson
Nigel HansonAppSec + Hardware Security Specialist at Trimble.
“ONEKEY’s automated binary software analysis simplifies product security at Snap One by reducing manual efforts while increasing transparency and confidence. ​ We enjoyed a smooth onboarding experience and highly recommend the excellent support from a team of experts.” ​
Connie Gray
Connie GraySr. Director of Engineering, ​ Cybersecurity & Product Security at Snap One.
“We use ONEKEY to check every piece of software for potential risks before it even reaches release candidate status, at which point any issues are immediately analyzed and fixed. This allows us to effectively secure new features and interfaces.” 
Giulio Grazzi
Giulio GrazziSenior Security Consultant at Swisscom.
“ONEKEY helps us to uncover critical vulnerabilities in embedded devices in a fully automated way. This allows us to target manual testing efforts more efficiently on business logic issues.“
Wolfgang Baumgartner
Wolfgang BaumgartnerHead of Global Security Consulting at Atos.
"We provide best-in-class services to our IoT customers, helping them ensure security throughout their entire product lifecycle. So naturally we want to deliver continuous firmware monitoring and vulnerability assessments using the best tools and solutions in the business. ONEKEY's automated firmware analyses help us to deliver our services efficiently and with unparalleled quality."
Joël Conus
Joël ConusFirst Vice President IoT R&D and Services at Kudelski IoT.
"Ever since we integrated ONEKEY into our security assessments, the automated analyses help us reducing substantially the effort of time-consuming manual analyses."
Yann Chalencon
Yann ChalenconHead of Cyber Security Services at wizlynx group
Previous
Next

YOUR BENEFITS AT A GLANCE

  • Clarity about your product security situation
  • Early detection and mitigation of vulnerabilities
  • Decision support for optimization of the product cybersecurity strategy
  • Conformity to industry security standards and regulatory requirements
  • Professional and realistic advices thanks to longstanding experience
  • Flexible combination with further services of our cybersecurity capabilities
  • Significant cost savings and avoidance of reputational damage caused by security incidents

SECURITY REPORTS - WHITEPAPERS – DOWNLOADS

Click. Fill Form. Download.
ONEKEY Whitepaper EU Cyber Resilience Act Cover

Whitepaper:
Understanding the EU Cyber Resilience Act

Titlepage of the Whitepaper TacklingSoftware Supply Chain Risks with IEC 62443 and SBOM

Whitepaper:
Tackling Software Supply Chain Risks with IEC 62443 and SBOM

Coverpage of the ONEKEY Success Story

Success Story:
How SWISSCOM saves 400K EUR per avoided incident

ONEKEY Datasheet Manufacturing Coverpage

Datasheet:
ONEKEY Platform -
Manufacturing

ONEKEY Datasheet Automotive Coverpage

Datasheet:
ONEKEY Platform -
Automotive

ONEKEY Datasheet onDemand Coverpage

Datasheet:
ONEKEY onDemand Service

IoT Security Report 2022 Title Draft

IoT Security Report 2022

contact us
  • © ONEKEY GmbH