Skip to main content

ONEKEY Logo on black background

New Firmware Monitoring Tool Targets Cyber Resilience Act

Automated digital twin technology provides continuous security analysis for connected devices throughout the entire product lifecycle.

Software vulnerabilities within connected devices are facing increased scrutiny as manufacturers prepare for new regulatory requirements. ONEKEY has launched a continuous firmware monitoring system designed to help manufacturers comply with the European Union’s Cyber Resilience Act (CRA).

The technology utilizes digital twins—virtual representations of device firmware—to conduct automated security scans without requiring access to physical hardware or source code. While traditional security reviews are often conducted once during development, this platform reanalyzes firmware daily to identify emerging risks.

The system functions by creating a structured Software Bill of Materials (SBOM), which maps every component and third-party library within a device. This inventory is then cross-referenced against global vulnerability databases. If a new flaw is discovered in an open-source component, the system automatically alerts the manufacturer if their products are affected.

Firmware, the permanent software programmed into a device's hardware, represents a significant attack surface for industrial control systems, medical devices and automotive components. Because these systems often rely on a complex web of external software libraries, a single vulnerability in a sub-component can compromise the entire machine.

The platform also includes automated risk assessment to help Product Security Incident Response Teams (PSIRTs) prioritize threats. By analyzing the exploitability of a vulnerability and its potential impact on system functions, the tool provides a targeted list of issues for remediation.

The shift toward continuous monitoring marks a change in strategy for the industry. Under the CRA, manufacturers must maintain security standards from the initial design phase through the end of a product’s operational life.

About the Author

Jesse Jacobs is assistant editor of SecurityToday.com.

Featured

Most   Popular

New Products

  • ResponderLink

    ResponderLink

    Shooter Detection Systems (SDS), an Alarm.com company and a global leader in gunshot detection solutions, has introduced ResponderLink, a groundbreaking new 911 notification service for gunshot events. ResponderLink completes the circle from detection to 911 notification to first responder awareness, giving law enforcement enhanced situational intelligence they urgently need to save lives. Integrating SDS’s proven gunshot detection system with Noonlight’s SendPolice platform, ResponderLink is the first solution to automatically deliver real-time gunshot detection data to 911 call centers and first responders. When shots are detected, the 911 dispatching center, also known as the Public Safety Answering Point or PSAP, is contacted based on the gunfire location, enabling faster initiation of life-saving emergency protocols.

  • Unified VMS

    AxxonSoft introduces version 2.0 of the Axxon One VMS. The new release features integrations with various physical security systems, making Axxon One a unified VMS. Other enhancements include new AI video analytics and intelligent search functions, hardened cybersecurity, usability and performance improvements, and expanded cloud capabilities

  • HD2055 Modular Barricade

    Delta Scientific’s electric HD2055 modular shallow foundation barricade is tested to ASTM M50/P1 with negative penetration from the vehicle upon impact. With a shallow foundation of only 24 inches, the HD2055 can be installed without worrying about buried power lines and other below grade obstructions. The modular make-up of the barrier also allows you to cover wider roadways by adding additional modules to the system. The HD2055 boasts an Emergency Fast Operation of 1.5 seconds giving the guard ample time to deploy under a high threat situation.