Skip to the content
Share
Many of Memfault’s existing product capabilities already align with emerging IoT security regulations and certifications. Now, we are introducing several new tools to simplify compliance for embedded devices.
The regulatory environment for connected devices is changing around the world. In particular, Europe’s broad-ranging regulations will transform the way companies develop, deploy, and maintain connected devices. If you want to read more about these changes, we recommend taking a look at our guides on the European Cyber Resilience Act and the US Cyber Trust Mark.
Memfault works with customers across all industries to deliver better IoT products, faster. We know how challenging and complex it already is to deliver great connected products to customers. While we see the new regulatory changes as a positive and much-needed step toward securing connected devices, there is no doubt it will make the processes of development and deployment more difficult.
As a result, we’re dedicated to building features that help our customers ease the burden of regulatory compliance, while unlocking opportunities to collect valuable data, keep products secure, and deliver exceptional customer experiences. That’s why this Launch Week, we are excited to announce new features and future plans designed to make all this possible.
Watch our CEO, François Baldassari, discuss these changes, or read on for details.
Memfault’s Toolkit for Compliance
Many of Memfault’s existing product capabilities already align well with the requirements of the emerging regulations and certifications. We won’t spend too much time on those, but as a brief reminder:
1. OTA Update Management and Delivery
Automatic security updates are a consistent requirement across all the new IoT security regulations. While building an in-house solution is an option, it may not be the most effective approach. Leveraging an off-the-shelf solution like Memfault provides the advantage of a proven model that scales to millions of devices, with continuous development to maintain its security and performance.
Related: Learn how Memfault’s OTA Updates work
2. Fleet Health and Behavior Monitoring
Memfault provides comprehensive tools to monitor the critical metrics you care about, empowering you to efficiently track the performance of every device in your fleet. Automatic alerts can be triggered by any behavioral changes, notifying your team so you can immediately investigate.
Related: Dive into performance monitoring
3. Active Device Inventory Tracking
Memfault provides a full list of every device that has checked in to Memfault, as well as its activity status, current software version, and any other custom data you want to attach in the form of attributes. These attributes can include production batch, location, specific hardware components—whatever you need!
If an incident or vulnerability is identified, it’s much easier to understand the exposure across your fleet.
4. Automatic Crash and Error Reporting
Often, the first signal of an exploited vulnerability is instability, making it critical to not only know that something happened, but precisely what has occurred.
When your devices encounter a crash or error, Memfault captures a trace, complete with a coredump and a set of crash logs. You can see the impact of each issue across your fleet and efficiently investigate problems, with all the information you need at your fingertips.
What’s New
Alongside these existing features, we are introducing several new features that will assist in simplifying compliance for embedded devices.
1. Attach Software Bill of Materials (SBOM) to Software Versions
Regulations like the CRA require companies to maintain an SBOM for their products.
Memfault now enables customers to automatically attach an SBOM to each software version. If a vulnerability is identified in an active software version, you can quickly determine how many devices are on that particular version and access the associated SBOM.
This capability streamlines vulnerability reporting and helps ensure compliance with regulatory requirements.
2. OTA Update Management Audit Log
All the new IoT security regulations mandate the ability to deliver automatic updates to devices, making OTA a critical component of compliant solutions. As a result, the capability to closely track and monitor update-related actions across your fleet will also be crucial.
Memfault now provides an automatically generated audit log of every action taken during the deployment of software versions across your fleet, ensuring transparency and traceability.
3. Log Management and Analytics
Investigating potential vulnerabilities requires a variety of tools, with logs often providing the most valuable information for examining devices in the field. Memfault has completely redesigned how we handle log data, making it possible to:
- Search every log collected in one place
- Analyze trends and correlations between log data and other device information
- Track trends and changes in log data over time
This efficient and scalable approach will dramatically simplify issue investigations.
Learn more about Memfault’s log management for embedded devices
It is very nice to have the ability to search for keywords in our logs. We can now categorize logs and link them with issues and it is a very good improvement.
Ahmet Boyali | Embedded Software Engineer | Nuwa
What’s Next?
We’re dedicated to continuing to develop features and capabilities that not only ensure our own compliance, but also reduce our customers’ compliance burden. We have more exciting plans to share, which we will discuss in tomorrow’s blog—so stay tuned! Subscribe now to receive the blog directly in your in-box as soon as it’s published.
If your team is thinking about compliance, let’s talk about how Memfault can help.
To hear more about what we have been working on, tune in to hear our CEO, François Baldassari, as he provides an overview of the regulations and explains how Memfault can help enhance your device security while easing the burden of compliance.
