Onekey
ONEKEY GmbH
Keep your connected devices secure and compliant by design. Meet the software designed for manufacturers and operators to avoid risks along the whole lifecycle – on autopilot.
medical device cybersecurity: Keep your connected devices secure and compliant by design. Meet the software designed for manufacturers and operators to avoid risks along the whole lifecycle – on autopilot.
Know exactly what’s in your code. Get a detailed overview of your Software Bill Of Materials (SBOM) in just one click. No source code or network access needed. Create, import or override your component lists to keep your connected products secure and compliant.
Let our platform detect and prioritize any known or unknown firmware vulnerabilities for you. 24/7. Always maintain an overview with our impact assessments of CVEs or Zero-Day threats. Mitigate risks and avoid incidents in a fraction of time.
About
**Who they are**
Onekey is a cybersecurity company focused on securing connected products throughout their lifecycle. They aim to enable businesses to manage product cybersecurity and compliance with minimal effort and maximum effectiveness.
**Expertise & scope**
* Automating cybersecurity and compliance for connected products across the entire lifecycle.
* Providing binary-level SBOM generation, even without source code, to identify components, versions, and license information.
* Conducting security audits and assessments to uncover and fix vulnerabilities.
* Managing vulnerabilities effectively using SBOMs, VEX, and automated tools for risk tracking and mitigation.
* Ensuring compliance with relevant security standards and regulations.
* Performing penetration testing for embedded systems, including hardware, OT, IoT, and ICS devices.
* Offering context-aware vulnerability impact analysis and firmware risk evolution monitoring.
**Reputation / proof points**
* Celebrated internationally for contributions to setting industry benchmarks in IoT, OT, and IIoT.
* Based in Düsseldorf, Germany.
Onekey is a cybersecurity company focused on securing connected products throughout their lifecycle. They aim to enable businesses to manage product cybersecurity and compliance with minimal effort and maximum effectiveness.
**Expertise & scope**
* Automating cybersecurity and compliance for connected products across the entire lifecycle.
* Providing binary-level SBOM generation, even without source code, to identify components, versions, and license information.
* Conducting security audits and assessments to uncover and fix vulnerabilities.
* Managing vulnerabilities effectively using SBOMs, VEX, and automated tools for risk tracking and mitigation.
* Ensuring compliance with relevant security standards and regulations.
* Performing penetration testing for embedded systems, including hardware, OT, IoT, and ICS devices.
* Offering context-aware vulnerability impact analysis and firmware risk evolution monitoring.
**Reputation / proof points**
* Celebrated internationally for contributions to setting industry benchmarks in IoT, OT, and IIoT.
* Based in Düsseldorf, Germany.
Additional information
Onekey's approach emphasizes automation to minimize investment and risk, believing that security pays off by avoiding incidents. They offer solutions for managing product cybersecurity and compliance, helping businesses build secure products, comply with standards, resist attacks, and avoid losses. Their services include generating SBOMs directly from compiled binaries, identifying components and licenses without source code, and tracing vulnerabilities across dependency chains. They also provide penetration testing services for critical infrastructure, enterprise IT, cloud environments, applications, and hardware, delivering actionable recommendations for risk mitigation and regulatory compliance.
Key Highlights
-
Generates complete binary-level SBOMs, identifying hidden components, known vulnerabilities, and open-source licenses, even without source code.
Source
“ONEKEY generates complete binary-level SBOMs – even without source code. It uncovers hidden components, known vulnerabilities, and open-source licenses.”
-
Provides penetration testing services for embedded systems, including hardware, OT, IoT, and ICS devices, to uncover vulnerabilities before they are exploited.
Source
“Our penetration testing services target what really matters: critical infrastructure, enterprise IT, cloud environments, applications, and—most importantly—hardware.”
-
Automates vulnerability management by cutting through noise with binary-level detection, automated impact assessment, and real-time monitoring.
Source
“ONEKEY cuts through the noise with binary-level detection, automated impact assessment, and real-time monitoring that shows exactly which vulnerabilities matter, and why.”
-
Helps ensure compliance with relevant security standards and regulations to avoid legal risks and maintain customer trust.
Source
“Ensure Compliance: Meet all relevant security standards and regulations to avoid legal risks and maintain customer trust.”
Certifications & Trust Signals
-
Celebrated internationally for contributions to setting industry benchmarks in IoT, OT, and IIoT.
Source
“Celebrated internationally for our contributions to setting industry benchmarks in IoT, OT and IIoT.”
-
Headquartered in Düsseldorf, Germany.
Source
“ONEKEY GmbH Toulouser Allee 19A 40211 Düsseldorf / Germany”
Buyer Snapshot
Best for
- Manufacturers and operators of connected devices seeking automated cybersecurity and compliance solutions.
- Companies needing to manage SBOMs and identify vulnerabilities without source code access.
How engagement typically works
- Automated platform solutions for SBOM generation and vulnerability management.
- Expert-driven penetration testing services.
Typical deliverables
- Comprehensive SBOMs (CycloneDX, SPDX formats supported).
- Vulnerability assessment reports and risk monitoring.
- Penetration testing reports with actionable recommendations.
- Compliance support for relevant security standards.
Good to know
- Best when integrated into the product development lifecycle for continuous security.
- Requires collaboration for effective penetration testing and vulnerability remediation.
HQ:
Düsseldorf, DE
Languages:
English
Claim status:
Listed
Services & Capabilities
Medical Device Cybersecurity
Provider Type:
Both
Service Categories:
SBOM Management (Software Tool), Vulnerability Management (Post-Market), Threat Modeling & Risk Analysis, Penetration Testing (Manual/Hardware)
Submission Stage Support:
Pre-Submission (Planning)
Device Types Supported:
Software as a Medical Device (SaMD), Connected Hardware (IoT/WiFi/Bluetooth), Hospital/Enterprise Systems
Sbom Formats Supported:
CycloneDX, SPDX, Other
Standards Frameworks:
IEC 62443, ETSI 303 645, EU Cyber Resilience Act
Pen Testing Available:
Yes
Threat Modeling Available:
Yes
Sbom Management Available:
Yes
Vulnerability Monitoring Available:
Yes
Rta Rescue Available:
No
cbam_verification
Additional medical_device_cybersecurity Details
Provider Type
Both
Service Categories
Penetration Testing, SBOM Management, Vulnerability Management
Submission Stage Support
Ready for 510(k)/MDR
Device Types Supported
connected hardware, OT Devices, IoT Devices, Embedded Systems
Sbom Formats Supported
CycloneDX, SPDX
Standards Frameworks
IEC 62443
