Sign up to save your podcasts
Or
Share COREDUMP #008: Navigating the Changing IoT Security Landscape: A Survival Guide for Product Leaders
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
COREDUMP #008: Navigating the Changing IoT Security Landscape: A Survival Guide for Product Leaders
In today's Coredump Session, we dive into the evolving landscape of IoT security regulations with Giovanni Alberto Falcione, CTO at Exine. From the impact of the EU's CRA to the complexities of OTA updates, Giovanni, François, and Thomas unpack what these new requirements mean for product engineers and how to navigate the increasingly stringent security landscape.
Speakers:
- François Baldassari: CEO & Founder, Memfault
- Thomas Sarlandie: Field CTO, Memfault
- Giovanni Alberto Falcione: CTO, Exein
Key Takeaways:
- The EU's Cyber Resilience Act (CRA) mandates stringent security measures for all connected devices marketed after December 2027, with a particular focus on runtime security monitoring.
- OTA updates are essential for mitigating vulnerabilities in the field but can also introduce challenges in regulatory compliance.
- Giovanni highlights that less than 1% of IoT device manufacturers actively monitor cybersecurity state awareness, a critical area of compliance under CRA.
- Implementing a Software Bill of Materials (SBOM) and tracking Common Vulnerabilities and Exposures (CVEs) are low-hanging fruit for product teams to start bolstering security.
- eBPF technology offers powerful, low-impact monitoring capabilities that can detect unauthorized activities at the syscall level without kernel-level intervention.
- Companies need to plan for at least five years of security updates under CRA, with potential for longer support based on device lifecycles.
- Even seemingly innocuous devices, like coffee makers, can pose significant cybersecurity risks as entry points for broader attacks.
- Giovanni emphasizes that while regulation can stifle innovation, it also raises the bar for security practices across the board.
Chapters:
00:00 Introduction and Guest Introduction02:30 The Unseen Costs of Cybersecurity Regulation04:40 OTA Updates: Security Savior or Hidden Risk07:21 CRA vs. Other Regulations: What Matters Most10:30 The Rise of Runtime Security Monitoring12:23 Why Manufacturers Are Freaking Out About CRA15:09 The Hidden Cost of Legacy Firmware17:30 Inside the Automotive Cybersecurity Playbook21:22 eBPF: The Next Frontier in IoT Security55:38 Coffee Machines, Coffee Attacks, and Unexpected Entry Points
Join the Interrupt Slack
Watch this episode on YouTube
Follow Memfault
- LinkedIn
- Bluesky
- Twitter
Other ways to listen:
Apple Podcasts
iHeartRadio
Amazon Music
GoodPods
Castbox
Visit our website
View all episodes
By MemfaultIn today's Coredump Session, we dive into the evolving landscape of IoT security regulations with Giovanni Alberto Falcione, CTO at Exine. From the impact of the EU's CRA to the complexities of OTA updates, Giovanni, François, and Thomas unpack what these new requirements mean for product engineers and how to navigate the increasingly stringent security landscape.
Speakers:
- François Baldassari: CEO & Founder, Memfault
- Thomas Sarlandie: Field CTO, Memfault
- Giovanni Alberto Falcione: CTO, Exein
Key Takeaways:
- The EU's Cyber Resilience Act (CRA) mandates stringent security measures for all connected devices marketed after December 2027, with a particular focus on runtime security monitoring.
- OTA updates are essential for mitigating vulnerabilities in the field but can also introduce challenges in regulatory compliance.
- Giovanni highlights that less than 1% of IoT device manufacturers actively monitor cybersecurity state awareness, a critical area of compliance under CRA.
- Implementing a Software Bill of Materials (SBOM) and tracking Common Vulnerabilities and Exposures (CVEs) are low-hanging fruit for product teams to start bolstering security.
- eBPF technology offers powerful, low-impact monitoring capabilities that can detect unauthorized activities at the syscall level without kernel-level intervention.
- Companies need to plan for at least five years of security updates under CRA, with potential for longer support based on device lifecycles.
- Even seemingly innocuous devices, like coffee makers, can pose significant cybersecurity risks as entry points for broader attacks.
- Giovanni emphasizes that while regulation can stifle innovation, it also raises the bar for security practices across the board.
Chapters:
00:00 Introduction and Guest Introduction02:30 The Unseen Costs of Cybersecurity Regulation04:40 OTA Updates: Security Savior or Hidden Risk07:21 CRA vs. Other Regulations: What Matters Most10:30 The Rise of Runtime Security Monitoring12:23 Why Manufacturers Are Freaking Out About CRA15:09 The Hidden Cost of Legacy Firmware17:30 Inside the Automotive Cybersecurity Playbook21:22 eBPF: The Next Frontier in IoT Security55:38 Coffee Machines, Coffee Attacks, and Unexpected Entry Points
Join the Interrupt Slack
Watch this episode on YouTube
Follow Memfault
- LinkedIn
- Bluesky
- Twitter
Other ways to listen:
Apple Podcasts
iHeartRadio
Amazon Music
GoodPods
Castbox
Visit our website