To give you the best possible experience, this site uses cookies. Review our Privacy Policy and Terms of Service to learn more. Got it!
Search a title or topic

Over 20 million podcasts, powered by 

Player FM logo
Artwork

Tech Memfault
Content provided by Memfault. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by Memfault or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://podcastplayer.com/legal.
Player FM - Podcast App
Go offline with the Player FM app!
Get it on App Store Get it on Google Play

Coredump Sessions « »
#008: Navigating the Changing IoT Security Landscape: A Survival Guide for Product Leaders

58:04
 
Play
Playing
Share
 

MP3Episode home
Manage episode 497253983 series 3680416
Content provided by Memfault. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by Memfault or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://podcastplayer.com/legal.

In today's Coredump Session, we dive into the evolving landscape of IoT security regulations with Giovanni Alberto Falcione, CTO at Exine. From the impact of the EU's CRA to the complexities of OTA updates, Giovanni, François, and Thomas unpack what these new requirements mean for product engineers and how to navigate the increasingly stringent security landscape.

Speakers:

  • François Baldassari: CEO & Founder, Memfault
  • Thomas Sarlandie: Field CTO, Memfault
  • Giovanni Alberto Falcione: CTO, Exein

Key Takeaways:

  • The EU's Cyber Resilience Act (CRA) mandates stringent security measures for all connected devices marketed after December 2027, with a particular focus on runtime security monitoring.
  • OTA updates are essential for mitigating vulnerabilities in the field but can also introduce challenges in regulatory compliance.
  • Giovanni highlights that less than 1% of IoT device manufacturers actively monitor cybersecurity state awareness, a critical area of compliance under CRA.
  • Implementing a Software Bill of Materials (SBOM) and tracking Common Vulnerabilities and Exposures (CVEs) are low-hanging fruit for product teams to start bolstering security.
  • eBPF technology offers powerful, low-impact monitoring capabilities that can detect unauthorized activities at the syscall level without kernel-level intervention.
  • Companies need to plan for at least five years of security updates under CRA, with potential for longer support based on device lifecycles.
  • Even seemingly innocuous devices, like coffee makers, can pose significant cybersecurity risks as entry points for broader attacks.
  • Giovanni emphasizes that while regulation can stifle innovation, it also raises the bar for security practices across the board.

Chapters:

00:00 Introduction and Guest Introduction02:30 The Unseen Costs of Cybersecurity Regulation04:40 OTA Updates: Security Savior or Hidden Risk07:21 CRA vs. Other Regulations: What Matters Most10:30 The Rise of Runtime Security Monitoring12:23 Why Manufacturers Are Freaking Out About CRA15:09 The Hidden Cost of Legacy Firmware17:30 Inside the Automotive Cybersecurity Playbook21:22 eBPF: The Next Frontier in IoT Security55:38 Coffee Machines, Coffee Attacks, and Unexpected Entry Points

⁠⁠Join the Interrupt Slack

Watch this episode on YouTube

⁠Suggest a Guest⁠

⁠⁠

Follow Memfault

Other ways to listen:

⁠⁠Apple Podcasts

iHeartRadio⁠⁠

⁠⁠Amazon Music

GoodPods

Castbox

⁠⁠

⁠⁠Visit our website

  continue reading

16 episodes

#Tech #Memfault
Artwork

#008: Navigating the Changing IoT Security Landscape: A Survival Guide for Product Leaders

Coredump Sessions

published

Play Playing
iconShare
 
MP3Episode home
Manage episode 497253983 series 3680416
Content provided by Memfault. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by Memfault or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://podcastplayer.com/legal.

In today's Coredump Session, we dive into the evolving landscape of IoT security regulations with Giovanni Alberto Falcione, CTO at Exine. From the impact of the EU's CRA to the complexities of OTA updates, Giovanni, François, and Thomas unpack what these new requirements mean for product engineers and how to navigate the increasingly stringent security landscape.

Speakers:

  • François Baldassari: CEO & Founder, Memfault
  • Thomas Sarlandie: Field CTO, Memfault
  • Giovanni Alberto Falcione: CTO, Exein

Key Takeaways:

  • The EU's Cyber Resilience Act (CRA) mandates stringent security measures for all connected devices marketed after December 2027, with a particular focus on runtime security monitoring.
  • OTA updates are essential for mitigating vulnerabilities in the field but can also introduce challenges in regulatory compliance.
  • Giovanni highlights that less than 1% of IoT device manufacturers actively monitor cybersecurity state awareness, a critical area of compliance under CRA.
  • Implementing a Software Bill of Materials (SBOM) and tracking Common Vulnerabilities and Exposures (CVEs) are low-hanging fruit for product teams to start bolstering security.
  • eBPF technology offers powerful, low-impact monitoring capabilities that can detect unauthorized activities at the syscall level without kernel-level intervention.
  • Companies need to plan for at least five years of security updates under CRA, with potential for longer support based on device lifecycles.
  • Even seemingly innocuous devices, like coffee makers, can pose significant cybersecurity risks as entry points for broader attacks.
  • Giovanni emphasizes that while regulation can stifle innovation, it also raises the bar for security practices across the board.

Chapters:

00:00 Introduction and Guest Introduction02:30 The Unseen Costs of Cybersecurity Regulation04:40 OTA Updates: Security Savior or Hidden Risk07:21 CRA vs. Other Regulations: What Matters Most10:30 The Rise of Runtime Security Monitoring12:23 Why Manufacturers Are Freaking Out About CRA15:09 The Hidden Cost of Legacy Firmware17:30 Inside the Automotive Cybersecurity Playbook21:22 eBPF: The Next Frontier in IoT Security55:38 Coffee Machines, Coffee Attacks, and Unexpected Entry Points

⁠⁠Join the Interrupt Slack

Watch this episode on YouTube

⁠Suggest a Guest⁠

⁠⁠

Follow Memfault

Other ways to listen:

⁠⁠Apple Podcasts

iHeartRadio⁠⁠

⁠⁠Amazon Music

GoodPods

Castbox

⁠⁠

⁠⁠Visit our website

  continue reading

16 episodes

#Tech #Memfault

All episodes

×
 
Loading …

Welcome to Player FM!

Player FM is scanning the web for high-quality podcasts for you to enjoy right now. It's the best podcast app and works on Android, iPhone, and the web. Signup to sync subscriptions across devices.

 

Listen to 500+ topics
Player FM - Podcast App
Go offline with the Player FM app!
Get it on App Store Get it on Google Play
icon
Help/FAQ | Advertise with Us
Arts|Business|Comedy|Economics|Entertainment|News|Politics|Religion
Science|Soccer|Sports|Storytelling|Technology|True Crime
Copyright 2025 | Privacy Policy | Terms of Service | | Copyright
Episode being played series thumbnail
icon icon
Speed
Series settings
1x
1x
Volume
100%
icon
icon icon
/

View Player FM in...
Player FM
Browser
Chrome
Safari
Firefox
Listen to this show while you explore
Play