Jan Wendenburg, CEO
Each layer of IoT/OT software – the software supply chain - written by a different software vendor, has potential to cause a security breach. When the organization using the software wants to add new functionalities or revamp an existing one, the vulnerability of the entire system is jeopardized. In today’s fast-paced CI/CD delivery world, continuous monitoring of all the software patches and constant engagement of pentesters makes the manual deployment process tedious. Thankfully, ONEKEY has developed an automated SaaS-based platform that makes the software supply chain transparent and can detect security vulnerabilities in old and new layers of binary software code and alert to risks faster than pentesters.
Developed by pen-testers and cyber security professionals to automate their daily work, ONEKEY has established a name for itself in the IoT/OT security space. The company enables the software vendor to do software development faster, with lower costs and fewer resources, by automating the software development’s mandatory quality and security checking element. “The uniqueness of our service is that we are doing security checks intensively in minutes and enabling the vendors to publish reasonably secure software,” says Jan Wendenburg, CEO of ONEKEY. Once deployed by the software vendor, ONEKEY platform continuously monitors the software by generating a digital twin and constantly scanning the twin against the database for all new vulnerabilities detected around the planet as well as ONEKEY’s expert findings.
The company also works with device buyers and operators to enable continuous monitoring of the IoT/OT’s software security throughout the full product lifecycle. As a result, ONEKEY platform can automate security tests and compliance analysis, make the software supply chain transparent through automated SBOMs, and monitor the firmware without the need to access the device, software code, or client network.
The platform seamlessly integrates with the procurement process, incident management systems and provides instant feedback about common weaknesses and vulnerability resolution.
ONEKEY platform provides a substantial benefit to producer, purchaser, and operator of IoT/OT devices to reduce risk by increasing transparency & security at a fraction of traditional costs. An example is Swisscom, which is saving today $400,000 per avoided firmware security incident. The telco behemoth has served as a gateway for telecommunications products in Switzerland for over a century. However, the security of the products needed more transparency and improved security due to short product cycles, heavy competition, complex supply chains, and intense focus on ever-evolving product features. Therefore,ONEKEY was called on to improve the security of customer premises equipment (CPE) for Swisscom’s private and SME customers. As a result, the ONEKEY platform was integrated with Swisscom’s software development and quality assurance process, which provided the capability to systematically analyze about 80 firmware images per year, leading to greater supply chain visibility and security. The detailed firmware security and compliance analyses provided by ONEKEY empower Swisscom to be well-prepared for negotiations with device vendors, suppliers and manufacturers.
The uniqueness of our service is that we are automating IoT/OT software supply chain transparency, security and compliance checks to enable producers to publish and maintain reasonably secure software, while operators benefit from faster vulnerability identification and resolution
Security and compliance can make or break an organization, and ONEKEY is firm on its resolve to automate the process of continuous transparency and monitoring of both. By doing so, ONEKEY’s clients benefit from a substantial improved security level at less costs. This is achieved by automated monitoring and “realtime” alerts on security and compliance of their IoT/OT products and infrastructure. And that’s the usability of the offering - the device is secure by design and the fully automated aspect of security and compliance.