By 
A critical component of the implementation of the Cyber Resilience Act (CRA) is the capacity of manufacturers to consistently monitor security risks throughout the entire lifecycle of a digital product, from development to post-shipment. Consequently, modern firmware monitoring technologies are becoming increasingly important.
RELATED: ONEKEY warns businesses are underprepared for tough new cyber rules
The Düsseldorf-based cybersecurity company ONEKEY has developed digital twin technology that enables automated scans to monitor firmware around the clock. ONEKEY’s monitoring system reanalyzes the firmware daily to ensure continuous security throughout its entire lifecycle. When new vulnerabilities arise, the constantly updated database and enhanced detection capabilities alert users to critical developments that could compromise a product’s security.
Firmware as a Critical Vulnerability
Firmware is the fundamental software layer of many technical systems, including industrial control systems, IoT devices, medical systems, and vehicle components. Security vulnerabilities at this level are particularly critical because they allow direct access to hardware functions and are often difficult to fix retroactively.
At the same time, modern devices contain a multitude of external software libraries, open-source components, and proprietary modules. Each of these components can introduce new security risks if new vulnerabilities are discovered after a product’s release.
“Manufacturers must know which software components are included in their products and which new vulnerabilities arise in order to react quickly and effectively protect their systems,” explained Jan Wendenburg, CEO of ONEKEY.
Continuous Analysis Instead of One-Time Reviews
As part of a modern firmware monitoring approach, a product’s firmware is continuously monitored, not just analyzed once. The goal is to automatically detect emerging security vulnerabilities in software components and assess their impact on existing products.
First, a detailed analysis of the firmware is conducted to achieve this. This process identifies all the software components contained within the firmware and creates a structured software bill of materials (SBOM). Based on this information, dependencies within the software supply chain can be transparently mapped.
Next, the SBOM is continuously compared against global vulnerability databases. As soon as new security vulnerabilities are published, for example in an open-source library, it can automatically be determined whether an affected product contains the vulnerable component.
ONEKEY’s “CRA Fast Start” program provides continuous monitoring throughout the entire product lifecycle. This program enables manufacturers of connected devices, machines, and systems to rapidly and structurally assess compliance with the Cyber Resilience Act. The CRA Fast Start approach won the “Best in Show Award” at Embedded World 2026.
Digital Twins for Scalable Security Testing
One method of implementing this approach is through the use of digital twins. This involves creating a virtual representation of the firmware, enabling security analyses to be conducted independently of the physical hardware.
These digital models can be continuously monitored to provide an ongoing overview of a product’s security status. This gives manufacturers a centralized source of information for identifying and addressing security risks early on.
Automated Prioritization and Incident Management
Another key aspect of firmware monitoring is automated risk assessment. Not every vulnerability poses an immediate threat. What matters is whether the affected software component is in active use and which functions it impacts.
Therefore, ONEKEY’s platform analyzes contextual information, such as affected components, exploitability of the vulnerability, and potential system impact with firmware monitoring as one of its features. The result is a prioritized list of security issues that can be addressed in a targeted manner.
This information feeds directly into security incident response processes, helping Product Security Incident Response Teams (PSIRTs) deploy security updates more quickly and effectively.
New Requirements for Manufacturers
The Cyber Resilience Act represents a fundamental shift in security strategy for manufacturers of digital products. In future, security analyses must be conducted throughout a product’s entire lifecycle, from development to operation to end of life.
Firmware monitoring is essential for this process. It combines automated software analysis, continuous vulnerability monitoring, and structured security processes into an integrated security management system.
“With the increasing number of connected devices and the growing complexity of modern software architectures, daily vulnerability checks are crucial for regulatory compliance and security,” said ONEKEY CEO Jan Wendenburg.
