Onekey
ONEKEY GmbH
Keep your connected devices secure and compliant by design. Meet the software designed for manufacturers and operators to avoid risks along the whole lifecycle – on autopilot.
medical device cybersecurity: Keep your connected devices secure and compliant by design. Meet the software designed for manufacturers and operators to avoid risks along the whole lifecycle – on autopilot.
Know exactly what’s in your code. Get a detailed overview of your Software Bill Of Materials (SBOM) in just one click. No source code or network access needed. Create, import or override your component lists to keep your connected products secure and compliant.
Let our platform detect and prioritize any known or unknown firmware vulnerabilities for you. 24/7. Always maintain an overview with our impact assessments of CVEs or Zero-Day threats. Mitigate risks and avoid incidents in a fraction of time.
About
**Who they are**
Onekey is a cybersecurity company focused on securing connected products throughout their lifecycle. They champion automation to help businesses manage product cybersecurity and compliance with minimal effort and maximum effectiveness.
**Expertise & scope**
* Automating security and compliance for connected devices from design through production.
* Managing product cybersecurity and compliance by addressing risks across the entire product lifecycle.
* Building secure products, complying with standards and regulations, and resisting attacks.
* Providing SBOM generation, validation, and monitoring capabilities, even without source code, to uncover hidden components, vulnerabilities, and license information.
* Conducting penetration testing for embedded systems, critical infrastructure, enterprise IT, cloud environments, applications, and hardware.
* Offering vulnerability management solutions that cut through noise with binary-level detection, automated impact assessment, and real-time monitoring.
**Reputation / proof points**
* Celebrated internationally for contributions to setting industry benchmarks in IoT, OT, and IIoT.
Onekey is a cybersecurity company focused on securing connected products throughout their lifecycle. They champion automation to help businesses manage product cybersecurity and compliance with minimal effort and maximum effectiveness.
**Expertise & scope**
* Automating security and compliance for connected devices from design through production.
* Managing product cybersecurity and compliance by addressing risks across the entire product lifecycle.
* Building secure products, complying with standards and regulations, and resisting attacks.
* Providing SBOM generation, validation, and monitoring capabilities, even without source code, to uncover hidden components, vulnerabilities, and license information.
* Conducting penetration testing for embedded systems, critical infrastructure, enterprise IT, cloud environments, applications, and hardware.
* Offering vulnerability management solutions that cut through noise with binary-level detection, automated impact assessment, and real-time monitoring.
**Reputation / proof points**
* Celebrated internationally for contributions to setting industry benchmarks in IoT, OT, and IIoT.
Additional information
Onekey's approach emphasizes automation to minimize investment and risk, believing that security pays off with every avoided incident. They provide tools and services to manage product cybersecurity and compliance, enabling businesses to build secure products, comply with relevant standards, and resist cyber threats. Their solutions are designed to help identify and fix vulnerabilities before they become exploitable problems, offering actionable recommendations and supporting regulatory compliance. For those dealing with software supply chain security, Onekey offers SBOM management that provides a complete view of software components, including vulnerability and license information, directly from compiled binary files.
Key Highlights
-
Specializes in product cybersecurity and compliance for connected devices, emphasizing automation across the entire product lifecycle.
Source
“At ONEKEY we envision a world that is both connected and secure. A world where embedded products are protected in the best possible way. In code, process and production. That’s why we champion automation along the whole product lifecycle.”
-
Offers SBOM generation and management directly from compiled binary files, without requiring source code.
Source
“ONEKEY’s unique technology allows you to generate a comprehensive SBOM directly from compiled binary files. Identify components, versions, and license information effortlessly with our platform, providing a reliable foundation for vulnerability management without the need for source code.”
-
Provides penetration testing services for embedded systems, IoT, OT, and critical infrastructure.
Source
“Our penetration testing services target what really matters: critical infrastructure, enterprise IT, cloud environments, applications, and—most importantly—hardware.”
-
Focuses on vulnerability management by cutting through noise with binary-level detection and automated impact assessment.
Source
“ONEKEY cuts through the noise with binary-level detection, automated impact assessment, and real-time monitoring that shows exactly which vulnerabilities matter, and why.”
Certifications & Trust Signals
-
Recognized internationally for contributions to industry benchmarks in IoT, OT, and IIoT.
Source
“Celebrated internationally for our contributions to setting industry benchmarks in IoT, OT and IIoT.”
-
Headquartered in Düsseldorf, Germany.
Source
“ONEKEY GmbH Toulouser Allee 19A 40211 Düsseldorf / Germany”
Buyer Snapshot
Best for
- Manufacturers and operators of connected devices seeking to automate cybersecurity and compliance.
- Companies needing to manage SBOMs and track software supply chain risks.
- Organizations requiring penetration testing for embedded systems and critical infrastructure.
How engagement typically works
- Automation-driven platform for continuous security management.
- Expert-driven penetration testing services.
- Consultative approach to risk management and compliance.
Typical deliverables
- Automated SBOM generation and monitoring reports.
- Penetration test reports with actionable recommendations.
- Vulnerability assessment and management insights.
- Compliance documentation support.
Good to know
- Best when seeking to integrate security and compliance into the product lifecycle through automation.
- Most effective for organizations with connected devices, IoT, OT, or embedded systems.
HQ:
Düsseldorf, DE
Languages:
English
Claim status:
Listed
Services & Capabilities
Medical Device Cybersecurity
Provider Type:
Both
Service Categories:
SBOM Management (Software Tool), Vulnerability Management (Post-Market), Threat Modeling & Risk Analysis, Penetration Testing (Manual/Hardware)
Submission Stage Support:
Pre-Submission (Planning)
Device Types Supported:
Software as a Medical Device (SaMD), Connected Hardware (IoT/WiFi/Bluetooth), Hospital/Enterprise Systems
Sbom Formats Supported:
CycloneDX, SPDX, Other
Standards Frameworks:
IEC 62443, ETSI 303 645, EU Cyber Resilience Act
Pen Testing Available:
Yes
Threat Modeling Available:
Yes
Sbom Management Available:
Yes
Vulnerability Monitoring Available:
Yes
Rta Rescue Available:
No
cbam_verification
Additional medical_device_cybersecurity Details
Provider Type
Both
Service Categories
Penetration Testing, SBOM Management, Vulnerability Management
Submission Stage Support
Pre‑Submission, Ready for 510(k)/MDR, RTA Fix
Device Types Supported
connected hardware, IoT Devices, OT Devices, Embedded Systems
Sbom Formats Supported
CycloneDX, SPDX
Standards Frameworks
IEC 62443
