Embedded Product Security

Security requirements are nowadays considered as a design goal in the development of networked products in order to ensure the reliable and trouble-free operation of systems. For renowned manufacturers, it is essential to prevent their branded products from becoming an entry point for malware in the field. The Critical Infrastructure Protection (CIP) even requires legal measures that affect the utility industry, the health sector and the transport industry. Especially in industrial IT, espionage, and targeted attacks on data as well as intellectual property constitute new risk and threat scenarios.

The challenge for development lies in the limited resources of embedded products compared to IT. embeX is the leading development service provider for OT security and offers a comprehensive range of services: From the moment your idea is born all the way to the end of the product life cycle.

Certified Products by Certified Developers

Our employees are certified according to the following security norms and standards:

  • ISO 31000 “Risk Management” (TÜV Rheinland)
  • Certified Ethical Hacker CEHv11 (EC Council)

Engineering Services

For the consistent implementation of the security-by-design concept, embeX works systematically according to a proven development process that is also available to customers for adoption. Our offer covers all aspects of development and product life cycle management:

Security Risk Analysis

  • According to CIA Modell
    • Confidentiality
    • Integrity
    • Availablity
  • According to AAA Modell
    • Authentication
    • Authorisation
    • Accounting

Secure Communication

  • OPC-UA
  • MQTT as basis
  • Modbus TCP as basis
  • Bluetooth
  • WiFi
  • ProfiNet as basis
  • Customer specific solutions

Services during the Product Life Cycle

  • Pen Tests
  • Product Security Incidence Response Team (PSIRT)

Protecting Functional Safety by Cybersecurity

Standards and Directives

We work according to the following guidelines and standards:

  • ISO 31000: “Risk management - Guidelines”
  • IEC 27033: “Information technology - Security techniques - Network security”
  • IEC 27034: “Information technology - Application security”
  • IEC 15408: “Common criteria”
  • IEC 62443: “Industrial communication networks - Network and system security”
  • NIST SP 800: “Cybersecurity framework”
  • ETSI Cyber Security Technical Committee (ETSI TC)
  • Medical Device Certification Group: MDCG 2019-16: “Guidance on Cybersecurity”
  • Guidances for FDA
    • “Premarket Submissions for Management of Cybersecurity in Medical Device”
    • “Postmarket Management of Cybersecurity in Medical Device”
  • PNO: “PROFINET Security Class 1 Guideline
  • TS 50701: “Railway applications - Cybersecurity”

Who to contact

Lukas Fey

Head of Department Cybersecurity

Fon:     +49 761 479799-301


Download vCard

For secure communication please use the Open PGP Public Key

Hashwert SHA1: 15AD15CE1FCA1B2ECFD3A7B8CA251835CFF0B071


Tel.: +49 761 479799-301