Eclypsium | Enterprise Firmware Security

Firmware Security For
Ransomware Protection
Supply Chain Assurance
Zero Trust
Servers & Network Devices
Click here for a list of ways to support Ukraine.

Eclypsium protects devices and supply chains by identifying, verifying, and fortifying firmware code throughout the enterprise.

Firmware is the Foundation
of the Enterprise Tech Stack

Today’s enterprise is widely distributed and diverse. So is the information technology it relies on. It’s in the cloud and on-premises, but it’s also at home and on the road. Eclypsium secures the firmware every device relies on, from corporate laptops to network equipment and servers.
Eclypsium’s customers know their devices need to be protected not just at the application and OS levels, but all the way down to the firmware and hardware levels where ransomware and advanced attacks are focused.

The Eclypsium platform secures the enterprise by ensuring the integrity of every device at the firmware and hardware levels, from basic device health and patching to real-time protection against persistent threats.

Identify, Verify, and Fortify Systems
Down to Firmware and Bare Metal

Eclypsium’s firmware security platform protects the modern enterprise below the operating system: across servers and endpoints, and from network devices to connected peripherals, and down to hard-to-assess configurations of bare metal hardware.
Identify >
Identify and fingerprint your firmware by discovering and profiling every device that contains it, whether endpoint, server, or network device.
Discover firmware in every device and build enterprise-wide inventories.
Verify >
Verify firmware profiles against the world’s largest database of vendors and configurations and assure alignment to security standards and policies.
Assess compliance with frameworks, review and prioritize risks.
Fortify >
Proactively and automatically update your firmware and ensure proper, secure configurations for any exploitable options and settings.
Strengthen and update firmware across devices, servers and endpoints.

The Firmware Security Gap

Why Traditional Tools Can’t Keep Up
Cybersecurity evolves fast. But the attackers have evolved faster and our traditional tools can’t keep up. Even if they could keep up they weren’t designed for the sub-zero battleground of today’s firmware and hardware attacks.

Vulnerability Management?
VM tools can’t keep up with firmware. With Eclypsium you’re getting a purpose-built solution that focuses on the sub-zero spaces of firmware, hardware and microcode... where attackers are concentrating.
Supply Chain Security?
Supply chain security tools can’t keep up with firmware. With Eclypsium you’re getting a complete solution that lets you inventory and track the increasingly complex firmware supply chain.
Endpoint Protection?
EPP tools can’t keep up with firmware. Gartner said in Roadmap for Improving Endpoint Security, “Firmware may well be the next endpoint battleground for advanced adversaries.” With Eclypsium, you’re ready for it. *
Patch Management? Patch tools can’t keep up with firmware. With Eclypsium you can automate the error-prone firmware updating process and end your reliance on distant OEMs.

The industry’s new, deep, firmware- and hardware-level attacks require a new approach. The Eclypsium platform is a SaaS-based, specialized solution that Identifies, Verifies, and Fortifies the firmware used throughout your enterprise’s device and hardware fleets.
VPN attacks
largely firmware-enabled are up over 2000%
NIST reports
firmware attacks have increased 500% over the past four years
83% of businesses
have experienced firmware-level attacks
This just scares me to death. There’s a massive gap and we have zero visibility into it right now… Eclypsium’s solutions have the potential to overcome these technology issues by offering a safe, maintained, easy to deploy, and automated analysis capability that fills the gap.

—Leading Financial Services Provider

Business Needs For Firmware Security

Solving Enterprise-level Firmware Security Problems
Firmware is the DNA of every device. It’s the instructional code that tells every component how to act and how to defend itself. This is true across critical components like Unified Extensible Firmware Interfaces or server baseboard management controllers, as well as peripheral devices, Trusted Platform Modules and storage devices.

The average laptop will run dozens of firmware files on bootup. The average server, twenty or more. Each of these firmware components can run millions of lines of code and each is developed by a myriad of vendors in a complex supply chain.

To manage and secure this level of complexity, Eclypsium customers deploy an enterprise firmware security platform that addresses both emerging and persistent cybersecurity problems:
Patch Firmware on Critical Devices >
Patch Firmware on Critical Devices
Embedded firmware and microcode needs continual patching, yet according to recent research, 76% of machines don’t ever update firmware before they reach end-of-life.
Strengthen Ransomware Defenses >
Everything has firmware. VPN appliances, network gear, NAS, laptops, servers... If it’s digital it has firmware. And firmware is the new go-to attack surface for ransomware operators. Don’t let firmware go unmonitored and unpatched.
Secure Server and Cloud Infrastructures >
Secure Server and Cloud Infrastructures
Many security practitioners assume cloud servers and bare-metal systems are free of vulnerabilities and anomalies. But firmware vulnerabilities and implants are persistent, stealthy, and often impossible to expunge.
Assure Supply Chain Integrity >
Assure Supply Chain Integrity
The most potent attacks of the last two years have started in upstream suppliers. Eclypsium customers build a software bill of materials — an SBOM — so they can inventory firmware used by all their devices.
Protect Network and Connected Devices >
Protect Network and Connected Devices
Network and connected devices are the overlooked back doors into well-protected networks. VPNs, routers, firewalls, and CDNs use proprietary OSes and contain subterranean firmware that hides ingress points.
Protect High-Risk Remote Users >
Protect High-Risk Remote Users
Traveling or remote employees may unknowingly expose their laptops to physical tampering and implants. And implanted, malicious firmware persists well beyond encryption controls, drive cleansing, and system rebuilds.

Industry Recognition

Gartner "Cool Vendors in Security Operations and Threat Intelligence," Brad LaPorte, et al, 5 May 2020

The GARTNER COOL VENDOR badge is a trademark and service mark of Gartner, Inc., and/or its affiliates, and is used herein with permission. All rights reserved. Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s Research & Advisory organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.