Back to Services

IoT & Product Security

Jukka Leskio

Jukka Leskio

Head of IoT & Product Security
CONTACT ME

Secure your IoT innovations to ensure a competitive edge 

In today's rapidly evolving digital landscape, the security of your products is more critical than ever. At IoT & Product Security, our mission is simple: to strengthen and keep your economic engine running smoothly by helping you build secure, compliant, and resilient products and software. We specialize in Building a Life Cycle-Based Cyber Security Capability for clients who are manufacturing or operating products with digital components. We believe in embedding security throughout the entire product life cycle, ensuring your products are secure from inception to deployment and beyond.

Understanding the Cybersecurity Regulatory Landscape

The cybersecurity regulatory landscape is more complex than ever before. The EU has introduced new regulations, including the Network and Information Security Directive 2 (NIS2), Radio Equipment Directive, Delegated Act Cybersecurity (RED DA CS), and Cyber Resilience Act (CRA), which impose stricter demands on cybersecurity. To build secure products, security must be integrated from the outset, utilizing a repeatable Secure Product Development Lifecycle process covering software, testing, and hardware (if applicable). 

We at IoT & Product Security, guide you in navigating these complexities. Our deep understanding of EU product security regulations, especially the CRA, combined with our expertise in implementing, developing, and testing products compliant with the IEC 62443 standard, ensures that your products not only meet compliance but are also resilient and secure.

Why Choose Us?

By partnering with us, you will increase the value and trust in your product and enable sales in your main market areas, such as the EU. With our tailored and comprehensive services, you can be confident that your products are secure, compliant, and ready to perform in an increasingly connected world.

Let us help you build the secure products of the future. Contact us today to learn more about how we can support and advise you in creating products that stand the test of time.

Services

Product Life Cycle Partnership

Product Life Cycle Partnership

Our Product Life Cycle Partnership service is your comprehensive solution for all cyber security needs throughout your product's life cycle. This value-based, security-driven partnership encompasses a wide range of services, from essential compliance to advanced security capabilities. Whether you're starting from scratch or enhancing existing processes, we can build, operate, and transfer the necessary teams and capabilities to your organization. Product Life Cycle Partnership will be tailored to fit your needs and environment. It consists of modular services, which are introduced below.

 

Governance and Compliance

Navigating the complex cybersecurity regulatory landscape can be daunting, but you're not alone. Our Governance and Compliance services are designed to guide you through EU product security legislations such as NIS2RED DA CS, and CRA. By adhering to globally recognized standards like IEC 62443ETSI EN 303 645, and FIPS 140-3, we ensure your products are not only compliant but also resilient against evolving cyber threats. 

We strengthen your knowledge and capabilities with the following services:

  • Gap Analysis
  • Compliance Roadmap
  • Process and Documentation Development
  • Compliance Implementation Support
  • Internal Audit
  • Training and Knowledge Transfer
  • Compliance Monitoring

IoT and Product Security

Security should be at the core of every product. Our IoT and Product Security services help you build the required secure product and software development lifecycle (SSDL) capabilities and processes, including: 

  • Threat Modelling and Risk Assessment
  • Secure Component Selection and Review
  • DevSecOps Pipelines
  • Secure Design and Architecture
  • Vulnerability Management
  • Supply Chain Management
  • Secure Software Development and Training

  • We also provide technical testing and assessments through our device lab, verifying your product's security level and ensuring your source code is fortified against known and potential threats.

     

Product Security Tooling

Automation is key to staying ahead in cyber security. Our Product Security Tooling service offers both automated tooling and professional services designed to enhance product security. From Code Security Reviews such as SAST, DAST, and SCA to meticulous manual assessments, we cover all aspects of securing your product's software and hardware. We can also provide tools to fulfil the EU requirements for the software bill of materials (SBOM) and offer a solution where you can centralize monitoring and management of all your software’s vulnerabilities.  

  • Quick guide on how to make IoT a security enabler
    Download
  • Jukka Leskio

    Jukka Leskio

    Head of IoT & Product Security
    CONTACT ME

Related blogs

The internet of things or the internet of everything?

People are increasingly relying on IoT-devices, without realizing that these gadgets can cause consumers to be extremely vulnerable to security breaches. In 2012 Mattijs van Ommeren, Principal Security Consultant at Nixu, illustrated that many vulnerabilities could be demonstrated in Network Attached Storage devices (NAS).
May 2, 2019 at 09:04

Questions to ask your IoT supplier

Recently a client wanted to introduce a new type of presentation gateway. These devices provide a means of making audio-video presentations via Wi-Fi. The user logs in to a website provided by the presentation gateway instead of plugging in a video cable. It would solve the problem of having to provide all kinds of different cables to connect laptops and tablets. A quick search on the internet revealed a set of vulnerabilities complete with exploits.

by Nixu Blog
January 11, 2018 at 16:13