Eclypsium | Enterprise Firmware Security

Forbes: Critical Windows 10 Warning: Millions Of Users At Risk
READ MORE   |   More News
Firmware Component Icon Firmware Component Icon Firmware Component Icon

Eclypsium is the industry’s leading enterprise firmware protection platform—providing a new layer of security to protect your IT infrastructure from firmware attacks. Eclypsium defends enterprises and government agencies from vulnerabilities and threats hidden within firmware that are invisible to most organizations today.

THE FIRMWARE SECURITY CHALLENGE

Firmware is the unguarded attack surface of the enterprise. Today’s servers, laptops and networking equipment include dozens of components, each of which has their own complex software programming with millions of lines of code. Known as firmware, this ubiquitous component-level software is developed by a wide variety of manufacturers, runs independently from the operating system and is essential to the proper functioning of system hardware. As firmware has become more sophisticated, manufacturers have added new methods of maintaining and updating it, and that has introduced new attack vectors into enterprise devices.

Most organizations lack visibility into this attack surface. They can’t see what version of firmware is running in each component of an enterprise device, or determine whether it is vulnerable to known threats, much less detect a hidden implant or backdoor. Once compromised, this blind spot allows attackers to subvert traditional security controls and persist undetected, leaving you exposed to device failures, ransomware and data breaches.

That’s why global financial services firms, critical infrastructure providers, leading manufacturers, and the US federal government have turned to Eclypsium. We provide the most complete defense against firmware attacks available—enabling you to see and manage risk across enterprise devices, and stop active threats from device-level implants and backdoors.


Firmware is under attack

"By 2022, 70% of organizations that do not have a firmware upgrade plan in place will be breached due to a firmware vulnerability.”

Source: Gartner Research
FBI warns that high-impact ransomware attacks threaten US businesses, organizations. Advises patching operating system, software, and firmware on devices as part of cyber defense best practices.

Source: FBI Alert I-100219-PSA
Analysis of ransomware distribution methods implicated compromised firmware as the 3rd most common infection vector in 1H 2019, accounting for 12% of attacks disrupting companies, public entities and other organizations.

Source: F-Secure Attack Landscape H1 2019

Server Icon
Laptop Icon
Network Icon

In August 2019, Eclypsium’s security research team highlighted a common flaw impacting more than 20 vendors and over a billion devices. Learn More >

The USBAnywhere BMC vulnerability opens servers to remote attack. Learn More >

As firmware-level threats continue to gain traction in the wild, security teams need to quickly get up to speed on how these threats work and how their devices can be targeted and attacked. To learn more, read this research report on “The Top 5 Firmware and Hardware Attack Vectors”.

Compliance standards like the NIST Cyber Security Framework and PCI DSS repeatedly underscore the importance of firmware security as part of a modern security program. Yet, this area remains one of the most overlooked and poorly understood areas of risk within government agencies and enterprise security teams. Learn how to measure compliance to NIST SP 800-53 and other controls from our compliance white papers.

“Firmware vulnerability gives attackers entry into systems that is invisible and persistent with total control of the server, storage or network device. I&O leaders must deliver an infrastructure, whether on-site, outsourced or in the public cloud, that is protected from firmware-based attacks.”

ECLYPSIUM PROTECTS ENTERPRISE FIRMWARE

Eclypsium provides the most complete solution for protecting your enterprise from firmware threats. Our software platform provides full visibility into the firmware running on all the key components of your laptops, servers and network devices. At a glance, you’ll see if there are implants or backdoors in your firmware, if it’s vulnerable to known threats, or if it’s just out of date and in need of patching. You’ll get expert guidance on the severity of vulnerabilities, and links to the latest firmware updates, so that you can mitigate threats and protect your assets.

Bug Icon

Detect compromised firmware such as implants, backdoors and rootkits that are invisible to traditional security solutions.

Warning Icon

Identify out of date firmware, hardware misconfigurations, vulnerabilities and risks to firmware and hardware.

Shield Icon

Mitigate threats with expert insights on severity, in-the-wild exploits, guidance on patching and the latest firmware updates.

Visibility Icon

Manage your firmware risk with enterprise-wide visibility into laptops, servers and network devices.


Enterprise Firmware Today

Firmware Security with Eclypsium

Enterprise Firmware Today

Unprotected by Traditional Security
Firmware attacks can exist undetected in your IT infrastructure, subverting OS and traditional security controls, and even surviving reimaging, poised to damage your systems and compromise your security.

Firmware Security with Eclypsium

Protected from Firmware Threats
Alerts warn you when implants and backdoors have compromised your IT infrastructure. You get advance warning of firmware vulnerabilities and expert guidance on mitigation.

Enterprise Firmware Today

Hard to Manage
New firmware vulnerabilities are common, but nearly impossible to manage without knowing which of your devices are affected. And misconfigured hardware settings can leave you open to attacks that are easily prevented.

Firmware Security with Eclypsium

Firmware Management Simplified
At a glance, you can see the impact of a new vulnerability across all your devices, assess the severity of threats, identify misconfigured hardware settings or out of date firmware, and get guidance on mitigation.

Enterprise Firmware Today

Out of Compliance
NIST and other standards identify firmware as a critical part of a security program. Although most compliance requirements already apply to firmware, many organizations lack the tools and experience to assess and measure compliance.

Firmware Security with Eclypsium

Meet Firmware Security Standards
Eclypsium equips you with the tools you need to assess your firmware security vulnerabilities and risks, take action and demonstrate your compliance with NIST, PCI, or FISMA requirements down to the firmware and hardware level.

Enterprise Firmware Today

Behind the Attack Curve
Firmware security is constantly changing with new vulnerabilities every day and new threats from advanced actors as well as large-scale opportunistic campaigns. Most organizations lack the expertise to assess and defend against active firmware attackers.

Firmware Security with Eclypsium

A Step Ahead of Attackers
Eclypsium’s world-class firmware security researcher team leads the industry in identifying threats and vulnerabilities that impact enterprise devices. Their insights power the Eclypsium Platform, putting you ahead of the curve on firmware security.
Supply Chain Security
Continuous Firmware Monitoring
Firmware Visibility and Risk Assessment
Remote Users and Travel Laptop Protection

The Eclypsium Platform is driven by years of experience and ongoing cutting-edge research into the foundations of computing systems and the threats that target them. By deeply understanding attacks against firmware and hardware, we are able to develop mechanisms that enable detection, protection, and response. Our team includes many of the world’s leading firmware security researchers, who continue to publish in this area and are active in the security research community.

Check out our latest work in the research section >



Firmware Component Icon Firmware Component Icon Firmware Component Icon