New service: IoT product security audit

checklist with items ticked

Cerberus is now providing a fast, affordable, independent security audit of connected IoT products for manufacturers to ensure that their products have the appropriate level of security.

We’ve performed a large number of security assessments and reviews for companies of all sizes over the years, but when we first talk with IoT product manufacturers about security, they usually want answers to the following questions:

  • Have I identified the right things to protect?
  • Do I have enough security to protect these things and what are my risks?
  • Are there any security gaps in my product?
  • Have I met all the security requirements for my market area?
  • Have I added too much security or can I cost-reduce the security to save money?
  • Is my security level better or worse than others in my market segment?

The purpose of our Connected Product Security Audit service is to answer these questions by reviewing your product and how you design, develop, manufacture and maintain it.

We have developed a consistent process to evaluate the security of your device and the business areas required to support this security and will provide a report that scores each area and provides practical recommendations for improvement where required.

This report can be used to demonstrate to your customers or certifiers that you understand the security implications for your product.

If your market segment does not have specific regulations then we can additionally use a recognised scheme of your choice (for example, the IoT Security Foundation Security Compliance Framework for consumer products).

In some cases further in-depth analysis or testing may be required for your product for a particular market segment, but this service will provide a “top level” on which to build further security traceability documentation and we can advise on what further work is required.

We can also customise the service if you need to be compliant with proprietary purchaser supply chain cybersecurity requirements.

This service is suitable even if you have not performed any security analysis yet on your product as we can work with you to identify what security you will need

Please see our Connected Product Security Audit page for more information.