News from the Wire
ONEKEY enables continuous firmware monitoring
Thursday, April 30, 2026 — 15:51:08 (UTC)
ONEKEY Enables Continuous Firmware Monitoring
Cyber Resilience Act drives need for continuous firmware security across the full product lifecycle
Düsseldorf, April 30, 2026 – A critical component of the implementation of the Cyber Resilience Act (CRA) is the capacity of manufacturers to consistently monitor security risks throughout the entire lifecycle of a digital product, from development to post-shipment. Consequently, modern firmware monitoring technologies are becoming increasingly important.
The Düsseldorf-based cybersecurity company ONEKEY has developed digital twin technology that enables automated scans to monitor firmware around the clock. ONEKEY's monitoring system reanalyzes the firmware daily to ensure continuous security throughout its entire lifecycle. When new vulnerabilities arise, the constantly updated database and enhanced detection capabilities alert users to critical developments that could compromise a product’s security.
Firmware as a Critical Vulnerability
Firmware is the fundamental software layer of many technical systems, including industrial control systems, IoT devices, medical systems, and vehicle components. Security vulnerabilities at this level are particularly critical because they allow direct access to hardware functions and are often difficult to fix retroactively.
At the same time, modern devices contain a multitude of external software libraries, open-source components, and proprietary modules. Each of these components can introduce new security risks if new vulnerabilities are discovered after a product’s release.
"Manufacturers must know which software components are included in their products and which new vulnerabilities arise in order to react quickly and effectively protect their systems," explained Jan Wendenburg, CEO of ONEKEY.
Continuous Analysis Instead of One-Time Reviews
As part of a modern firmware monitoring approach, a product’s firmware is continuously monitored, not just analyzed once. The goal is to automatically detect emerging security vulnerabilities in software components and assess their impact on existing products.
First, a detailed analysis of the firmware is conducted to achieve this. This process identifies all the software components contained within the firmware and creates a structured software bill of materials (SBOM). Based on this information, dependencies within the software supply chain can be transparently mapped.
Next, the SBOM is continuously compared against global vulnerability databases. As soon as new security vulnerabilities are published, for example in an open-source library, it can automatically be determined whether an affected product contains the vulnerable component.
ONEKEY’s “CRA Fast Start” program provides continuous monitoring throughout the entire product lifecycle. This program enables manufacturers of connected devices, machines, and systems to rapidly and structurally assess compliance with the Cyber Resilience Act. The CRA Fast Start approach won the “Best in Show Award” at Embedded World 2026.
Digital Twins for Scalable Security Testing
One method of implementing this approach is through the use of digital twins. This involves creating a virtual representation of the firmware, enabling security analyses to be conducted independently of the physical hardware.
These digital models can be continuously monitored to provide an ongoing overview of a product’s security status. This gives manufacturers a centralized source of information for identifying and addressing security risks early on.
Automated Prioritization and Incident Management
Another key aspect of firmware monitoring is automated risk assessment. Not every vulnerability poses an immediate threat. What matters is whether the affected software component is in active use and which functions it impacts.
Therefore, ONEKEY’s platform analyzes contextual information, such as affected components, exploitability of the vulnerability, and potential system impact with firmware monitoring as one of its features. The result is a prioritized list of security issues that can be addressed in a targeted manner.
This information feeds directly into security incident response processes, helping Product Security Incident Response Teams (PSIRTs) deploy security updates more quickly and effectively.
New Requirements for Manufacturers
The Cyber Resilience Act represents a fundamental shift in security strategy for manufacturers of digital products. In future, security analyses must be conducted throughout a product’s entire lifecycle, from development to operation to end of life.
Firmware monitoring is essential for this process. It combines automated software analysis, continuous vulnerability monitoring, and structured security processes into an integrated security management system.
"With the increasing number of connected devices and the growing complexity of modern software architectures, daily vulnerability checks are crucial for regulatory compliance and security," said ONEKEY CEO Jan Wendenburg.
ONEKEY is the leading European specialist in Product Cybersecurity & Compliance Management and part of the investment portfolio of PricewaterhouseCoopers Germany (PwC). The unique combination of the automated ONEKEY Product Cybersecurity & Compliance Platform (OCP) with expert knowledge and consulting services provides fast and comprehensive analysis, support, and management to improve product cybersecurity and compliance from product purchasing, design, development, production to end-of-life.
Critical vulnerabilities and compliance violations in device firmware are automatically identified in binary code by AI-based technology in minutes – without source code, device, or network access. Proactively audit software supply chains with integrated Software Bills of Materials (SBOMs) generation. "Digital Cyber Twins" enable automated 24/7 post-release cybersecurity monitoring throughout the product lifecycle.
The patent-pending, integrated ONEKEY Compliance Wizard already covers the EU Cyber Resilience Act (CRA) and requirements according to IEC 62443-4-2, ETSI EN 303 645, UNECE R 155 and many others.
The Product Security Incident Response Team (PSIRT) is effectively supported by the integrated automatic prioritisation of vulnerabilities, significantly reducing the time to remediation.
Leading international companies in Asia, Europe and the Americas already benefit from the ONEKEY Product Cybersecurity & Compliance Platform (OCP) and ONEKEY Cybersecurity Experts.
Further information: ONEKEY GmbH, Sara Fortmann, email: sara.fortmann@onekey.com, Toulouser Allee 19A, 40211 Düsseldorf, Germany, web: onekey.com
PR Agency: euromarcom public relations GmbH, Mühlhohle 2, 65205 Wiesbaden, Germany, email: team@euromarcom.de, web: www.euromarcom.de
Notice to readers: These are archived articles. Contact information, links and other details may be out of date. We regret any inconvenience.
Source: Company press release. 
Categories: Announcement
