Enterprise Firmware Security | Eclypsium

PRODUCTS

Firmware is under fire.
It’s your job to protect it.

Eclypsium secures and protects the firmware your enterprise depends on: endpoints, network equipment, servers and connected devices.

The Eclypsium platform identifies, verifies, and fortifies the mission-critical firmware that lies beneath every device. Eclypsium does it easily, in a SaaS platform with low or no overhead. Better still, it does it without drowning you in extra noise and useless alerts.




Eclypsium for Endpoints

The endpoints used by your employees, contractors and partners -- laptops, desktops, notebooks, or tablets -- are the enemy’s favored beachhead. They’re magnets for ransomware and malware and the stealthy, low-and-slow attacks that will cripple your business.

Every endpoint device has dozens of components that rely on firmware. Each piece of firmware has its own unique vulnerabilities and is exposed to different threat models. Eclypsium ensures you can identify, verify, and fortify the firmware in every endpoint component, including system UEFI and BIOS, processors and chipsets, PCI devices, server BMCs, networking components, peripheral devices, Trusted Platform Module, Intel’s Management Engine and more.

Eclypsium for Endpoints analyzes devices to proactively reveal any risks within embedded firmware and hardware. The solution quickly reveals vulnerabilities, configuration problems, and any missing protections.
Protect Against Ransomware
Proactive scanning and alerting detects the presence of firmware-originated ransomware, automated mitigation can help you eradicate it.
Cloud-Based Remote Updates and Patching
Keep devices in a secure state by remotely patching or updating out-of-date or vulnerable device firmware.
Verify Device Integrity
Ensure devices have not been tampered with or compromised and are free from firmware implants and backdoors. Receive automated alerts to any firmware integrity changes.
Validate New Devices from the Supply Chain
Directly ship new devices to remote workers, while validating their firmware is safe and has not been compromised in the supply chain.
Device Health and Patch Level
Check corporate and BYOD devices used remotely for firmware vulnerabilities and misconfigurations that can put the device at risk. Ensure that all devices including BYOD devices are configured to use hardened firmware settings.
Eclypsium for Endpoints is a cloud-based security solution that gives teams full visibility into remote endpoints to ensure they are in a secure state and have not been compromised. When problems are found, Eclypsium can remotely patch or update endpoint devices to get them back into a safe state.
Comprehensive Firmware & Hardware Integrity Monitoring
Visibility into all the key components in laptops and endpoints, including CPU, DRAM, Option ROM, UEFI, BIOS, ME/AMT, SMM, BMC, PCI, NIC, TPM and more to identify risk associated with vulnerabilities, misconfigurations and outdated or changed firmware.
Global Firmware Reputation Database
The Eclypsium Platform checks firmware against millions of firmware hashes across dozens of enterprise hardware vendors to identify changes to baselines, find outdated firmware, and expose tampering with catalogued details for over 3M hashes across 23+ hardware vendors.
Firmware Runtime Assessment
Assess and protect firmware at runtime, with active scanning, using detailed device profiles that include firmware and hardware details to threats such as rootkits or implants.
Advanced Threat Detection
Eclypsium identifies known and unknown endpoint threats using IOCs, behavioral and static analysis by comparing baseline details using the global firmware white list and reputation database,highlighted above.
Dynamic Alerting
Configurable alerts let you monitor groups of devices for specific vulnerabilities or indications of compromise, and notify endpoint operation or incident response teams when they are detected.
Risk Visibility & Mitigation
Eclypsium provides recommendations on how to mitigate vulnerabilities and risks with detailed mappings to advisory information such as CVSS scores, missing security features and latest vendor firmware updates.
Configurable Scanning
Weekly scanning is typically recommended, but the frequency, timing and priority of firmware scanning is fully adjustable to meet the varying needs and threat profiles of enterprise data centers, network infrastructure and endpoint protection.
Auditing and Reporting
The Software Bill of Materials -- the SBOM -- has become the de-facto way to assess and assure the integrity of servers, network devices, and endpoints devices. It provides the provenance we need to assure the integrity of complex, overlapping supply chains. But since most SBOMs lack any way to assess firmware -- or track exceptions or annotate compensating controls -- they remain incomplete.
Endpoint Firmware Updates
Eclypsium accelerates patching and update efforts, enabling staff to address weaknesses and save time.
Endpoints Supported for Eclypsium Scanners: Operating Systems
  • Windows 7, 8, 8.1, 10
  • Ubuntu Desktop 16.04 - 20.04
  • Debian Desktop 8.x - 11.x
  • macOS 10.12 (“Sierra”), through 10.15 (“Catalina”)
(For supported versions of Windows Server, RHEL and SLES see Eclypsium for Servers)

Endpoint Hardware
  • Intel Core- and Core M-based systems (laptops, desktops, workstations, servers), 2nd generation or later
  • Intel Atom-based systems
  • Debian Desktop 8.x - 11.x
  • AMD Zen-based servers, desktops, and laptops supported with basic device, risk and integrity information, Zen and Zen2 generation CPUs.
Eclypsium Analytics Service
  • True SaaS architecture: The Eclypsium Analytics Service runs on a public or private cloud instance
  • On-prem as required: a physical system on-premises can be deployed where required for security purposes
Supported Firmware and Devices (a partial list):
The solution supports monitoring many different types of firmware and hardware components:
  • PC Unified Extensible Firmware Interface (UEFI) firmware
  • Mac EFI firmware
  • x86 System Management Mode (SMM) firmware (for UEFI and legacy firmware)
  • Baseboard Management Controller (BMC)
  • Intel Management Engine (ME) and Active Management Technology (AMT)
  • PCI and PCI Express devices (such as GPGPU, NIC, etc.)
  • Network Interface Cards (NIC) firmware
  • Linux distributed firmware binaries
  • EFI Operating System Bootloaders (Linux and Windows) and GPT
  • Legacy OS Master Boot Record (MBR)
  • Legacy Basic Input/Output System (BIOS)
  • Other add-on cards Option/Expansion ROM firmware
  • CPU microcode updates
  • Solid State Drives and Hard Disk Drives

Eclypsium for Servers

The servers supporting your organization -- physical, virtual, owned or leased -- are the workhorses of your business and your mission. They’re also magnets for ransomware and malware and the stealthy, low-and-slow attacks that will cripple your business.

Every server has scores of components that rely on firmware. Each piece of firmware has its own unique vulnerabilities and is exposed to different threat models. Eclypsium ensures you can identify, verify, and fortify the firmware in every server component, including system UEFI and BIOS, processors and chipsets, PCI devices, server BMCs, networking components, peripheral devices, Trusted Platform Modules, management engines and more.

Eclypsium for Servers analyzes critical systems to proactively reveal any risks within embedded firmware and hardware. Eclypsium for Servers quickly reveals vulnerabilities, configuration problems, and any missing protections on the systems that deliver your digital presence.
Bare Metal Cloud Provisioning
Do you know if your cloud platform provider has completely re-flashed all the underlying firmware drivers that make your cloud workloads run? Firmware is a favorite conduit for malicious server code.
Evaluate Cloud Servers Before Deploying
Before pushing all workloads to cloud platforms, test sample servers for firmware configuration errors, vulnerabilities and malicious microcode.
Protect Against Ransomware
Proactive scanning and alerting detects the presence of firmware-originated ransomware, automated mitigation can help you eradicate it.
Automate Firmware Updates and Patching
Cloud providers need to keep servers in a secure state by remotely patching or updating out-of-date or vulnerable firmware. Eclypsium makes this easy.
Verify Server Integrity
Ensure servers have not been tampered with or compromised and are free from firmware implants and backdoors. Receive automated alerts to any firmware integrity changes between customers.
Validate New Servers from the Supply Chain
Directly ship new servers to remote teams, while validating their firmware is safe and has not been compromised in the supply chain. .
Server Health and Patch Level
Check corporate and remote servers for firmware vulnerabilities and misconfigurations that can put systems at risk. Ensure that all servers including virtual hosts are configured to use hardened firmware settings.
Eclypsium for Servers is a cloud-based security solution that gives teams full visibility into physical and virtual servers to ensure they are in a secure state and have not been compromised. When problems are found, Eclypsium can remotely patch or update servers to get them back into a safe state.
Comprehensive Firmware & Hardware Integrity Monitoring
Gain visibility into all the key components in servers, including CPU, DRAM, Option ROM, UEFI, BIOS, ME/AMT, SMM, BMC, PCI, NIC, TPM and more, to identify risks associated with vulnerabilities, misconfigurations and outdated or changed firmware.
Server Firmware Updates
Eclypsium accelerates patching and update efforts, enabling staff to address weaknesses and save time.
Global Firmware Reputation Database
The Eclypsium Platform checks firmware against millions of firmware hashes across dozens of enterprise hardware vendors to identify changes to baselines, find outdated firmware, and expose tampering with catalogued details for over 3M hashes across 23+ hardware vendors.
Firmware Runtime Assessment
Assess and protect servers firmware at runtime, with active scanning, using detailed device profiles that include firmware and hardware details to threats such as rootkits or implants.
Advanced Threat Detection
Eclypsium identifies known and unknown endpoint threats using IOCs, behavioral and static analysis by comparing baseline details using the global firmware white list and reputation database.
Dynamic Alerting
Configurable alerts let you monitor groups of servers for specific vulnerabilities or indications of compromise, and notify operations or incident response teams when they are detected.
Risk Visibility & Mitigation
Eclypsium provides recommendations on how to mitigate vulnerabilities and risks with detailed mappings to advisory information such as CVSS scores, missing security features and latest vendor firmware updates.
Configurable Scanning
Weekly scanning is typically recommended, but the frequency, timing and priority of firmware scanning is fully adjustable to meet the varying needs and threat profiles of enterprise data centers, network infrastructure and endpoint protection.
Auditing and Reporting
The Software Bill of Materials -- the SBOM -- has become the de-facto way to assess and assure the integrity of servers, network devices, and endpoints devices. It provides the provenance we need to assure the integrity of complex, overlapping supply chains. But since most SBOMs lack any way to assess firmware -- or track exceptions or annotate compensating controls -- they remain incomplete.
Servers Supported for Eclypsium Scanners:
Operating Systems
  • Windows Server 2012, 2016, 2019
  • Ubuntu 16.04 - 20.04
  • Debian 8.x - 11.x
  • RHEL/CentOS 6 - 7, Current Fedora distributions
  • SLES 11 - 12, OpenSuse Leap 15, OpenSuse Leap 42.3
  • macOS 10.12 (“Sierra”), through 10.15 (“Catalina”)
Endpoint Hardware
  • Intel Core- and Core M-based systems (laptops, desktops, workstations, servers), 2nd generation or later
  • Intel Atom-based systems
  • AMD Zen-based servers, Zen and Zen2 generation CPUs.
Eclypsium Analytics Service
  • True SaaS architecture: The Eclypsium Analytics Service runs on a public or private cloud instance
  • On-prem as required: a physical system on-premises can be deployed where required for security purposes
Supported Firmware and Devices (a partial list):
The solution supports monitoring many different types of firmware and hardware components:
  • PC Unified Extensible Firmware Interface (UEFI) firmware
  • Mac EFI firmware
  • x86 System Management Mode (SMM) firmware (for UEFI and legacy firmware)
  • Baseboard Management Controller (BMC)
  • Intel Management Engine (ME) and Active Management Technology (AMT)
  • PCI and PCI Express devices (such as GPGPU, NIC, etc.)
  • Network Interface Cards (NIC) firmware
  • Linux distributed firmware binaries
  • EFI Operating System Bootloaders (Linux and Windows) and GPT
  • Legacy OS Master Boot Record (MBR)
  • Legacy Basic Input/Output System (BIOS)
  • Other add-on cards Option/Expansion ROM firmware
  • CPU microcode updates
  • Solid State Drives and Hard Disk Drives

Eclypsium for Network Devices

The network devices supporting your organization -- from switches and routers to VPNs, concentrators, gateways, firewalls, application delivery controllers, and others -- are the nervous systems of your business and your mission. They’re also a new favorite for ransomware and malware and the stealthy, low-and-slow attacks that will cripple your business.

Every network device has firmware. And each piece of firmware has its own unique vulnerabilities and is exposed to different threat models. In 2020, CISA issued an alert that vulnerabilities in Citrix and Pulse Secure VPNs had become top targets for state-based threat actors. Criminal and ransomware-based attackers were of course right behind, and exploited an array of enterprise network devices and vendors.

Eclypsium for Network Devices analyzes critical systems to proactively reveal any risks within embedded firmware and hardware. Eclypsium for Network devices quickly reveals risks, vulnerabilities and configuration problems in the devices enabling your network.
Protect Against Ransomware
Proactive scanning and alerting detects the presence of firmware-originated ransomware, automated mitigation can help you eradicate it.
Automate Firmware Updates and Patching
Cloud providers need to keep network devices in a secure state by remotely patching or updating out-of-date or vulnerable firmware. Eclypsium makes this easy.
Verify Device Integrity
Ensure network devices have not been tampered with or compromised and are free from firmware implants and backdoors. Receive automated alerts to any firmware integrity changes between customers.
Server Health and Patch Level
Check corporate and local networks for firmware vulnerabilities and misconfigurations that can put systems at risk. Ensure that all devices including VPNs and switches are configured to use hardened firmware settings.
Virtually every critical business or operational function directly depends on the switches, routers, VPNs, concentrators, gateways, firewalls, application delivery controllers, and other network devices at the heart of an organization. Eclypsium for Network Devices uses multiple network scanning techniques in order to identify network and connected devices and then sends the returned information to the Eclypsium Platform for analysis, alerting, and presentation.
Agentless Security for Network Devices
A unique distributed approach means security teams don’t have to install a security agent on their network devices and provides security visibility into devices without adding additional code or waiting on change windows.
Ransomware and Botnet Protection
Ransomware and advanced threats now target network and connected devices in earnest. Netwalker, REvil, DoppelPaymer, Cring, Mirai, and Clop are just a few of the attackers or exploits focused on network devices like file transfer appliances (FTAs).
Comprehensive Firmware & Hardware Integrity Monitoring
Many network device vulnerabilities, including those exploited in the wild, are tied to the firmware of the device. Eclypsium provides deeper visibility into these layers that are typically not seen by traditional scanners.
Automated Discovery of Network Devices
Leverages Eclypsium-managed endpoints to automatically discover network devices in the enterprise environment, making it easy to get up and running quickly while being tightly controlled to protect user privacy in non-corporate environments.
Global Firmware Reputation Database
The Eclypsium Platform checks firmware against millions of firmware hashes across dozens of enterprise hardware vendors to identify changes to baselines, find outdated firmware, and expose tampering with catalogued details for over 3M hashes across 23+ hardware vendors.
Multi-Vendor Firmware Support
Organizations may have multiple types of infrastructure, each with their own unique tools and processes. Eclypsium provides a single tool to support an ever growing set of vendors including Cisco, Citrix, F5, Juniper, and Pulse Secure.
Advanced Threat Detection
Eclypsium analyzes a variety of code and firmware to ensure devices are only running valid, vendor-approved code. The solution verifies that the “known good” code from vendors hasn’t been modified and checks for the presence of known threats. .
Dynamic Alerting
Configurable alerts let you monitor groups of servers for specific vulnerabilities or indications of compromise, and notify operations or incident response teams when they are detected.
Converged Visibility & Mitigation
Eclypsium provides a unified view of the enterprise that includes laptops, servers, and network devices. This ensures that staff have a single place to see all their device-related risks without important context being locked away in separate silos.
Vulnerabilities and Risk Managed
Eclypsium analyzes network devices for vulnerabilities with a special focus on CVEs actively exploited in the wild. This surfaces important overlooked vulnerabilities without adding extraneous noise to the organization’s existing patch management process.
Remediation and Mitigation
The Eclypsium platform provides easy to use mitigation and remediation support for many firmware vulnerabilities or required updates. Instead of only telling you what’s broken, Eclypsium helps you get back to full strength.
Prerequisites
The Network Scanner is an application that is installed on a host that is connected to an active Eclypsium Platform. The prerequisite are:
  • Eclypsium Platform 2.5.2 or above
  • Eclypsium Endpoint Scanner 2.4.0 or above on the scanning host
  • Eclypsium Endpoint Scanner registered into the Eclypsium Platform
Supported Operating Systems
The Eclypsium Network Devices Scanner is supported on the following Operating Systems and versions:
  • Windows 10
  • Ubuntu 16.04 - 20.04
  • Debian 11.x

Eclypsium Platform and Integrations

Your IT ecosystem is complex and interdependent. It’s also a favored target for ransomware and malware and the stealthy, low-and-slow attacks that will cripple your business.

Firmware is the new battleground. The Eclypsium platform allows you to identify, verify, and fortify the firmware throughout your IT stack through a comprehensive, common platform. The Eclypsium platform secures firmware in servers and microservers, laptops, desktops and workstations, network appliances such as routers, switches, gateways, VPN appliances, security appliances, Cisco IOS devices, and even specialized equipment like Automated Teller Machines and Point-of-Sale Terminals.

The Eclypsium Platform integrates with hundreds of information security and IT operations tools, and its individual point solutions can be deployed as unique components or as part of an end-to-end firmware security suite.
Flexible Deployment Options
Eclypsium’s SaaS-based platform is available in multiple configuration and deployment options. Varying levels of firmware scanning and assessment can be done through installed agents, agentless remote access, and hybrid approaches that transform select endpoints into network scanners.
Simplified, Robust Architecture
The Eclypsium solution consists of two primary components:

  1. Eclypsium Administration and Analytics Service, hosted in the cloud or self-hosted on-premises. The Analytics Service analyzes data received from monitored systems and provides a web-based management interface to administrators.


  2. Eclypsium Device Scanner (including kernel module/driver), deployed temporarily or permanently on target systems to monitor. The Scanner collects firmware and hardware information and uploads it to the Analytics Service.
Multi-mode Device Scanning
Eclypsium Scanners are part of the core platform and can be deployed in two different ways: in ephemeral mode or persistent mode, as a continuously running service. In ephemeral deployment mode, the Scanner is launched by an administrator or a third-party tool must launch it. In persistent mode, the Scanner uses a service which periodically collects data and scans firmware and hardware of the monitored system. It also performs a scan every time the monitored system boots. Device scanners can also be deployed as portable executables for Windows and Linux systems.
SSO and Enterprise Authentication
Users have the option to leverage OAuth2 authentication, either with Google SSO, Okta SSO or Ping SSO. Additionally, for environments that use Active Directory (AD), there is an option to configure user logins using LDAP/AD. A PKI-based authentication method allowing for single or multiple certificates per user is also available.
Centralized Device Management
Whether your organization is using the Eclypsium Platform to secure firmware in endpoints, servers, network devices or an entire fleet of enterprise of assets, it provides one consistent view of firmware integrity, vulnerabilities, and threats.
Compliance Mapping and Configuration
The Eclypsium Platform supports configuration and mapping of enterprise deployments to NIST standards (and compatible) standards such as NIST 800-53, NIST 800-147, NIST-155, NIST-193.
Multiple Host Registration Methods
Eclypsium hosts are registered using a Host Registration Token or a Data Collection Token, depending on your organization’s security and workflow requirements.
Global Reputation Database
The Eclypsium Platform leverages multiple types of reputation data in order to verify that all firmware components match vendors and haven't been tampered with. Local reputation can be used to automatically build and apply reputation for firmware components based on specifics of a customer environment to improve accuracy and minimize false positives.
Today’s modern defense-in-depth and Zero Trust architectures require consistent, easy and tight integration between IT tools and security systems. The Eclypsium Platform integrates ...
Deployment Integrations
Eclypsium scanners can leverage a wide range of deployment options, including Microsoft SCCM / SMS and Intune, as well as Tanium, Airwatch, Jamf, and many others, to simplify and streamline asset and agent management.
Vulnerability Management Integrations
Eclypsium integrates with leading vulnerability management solutions our common customers see vulnerabilities not just in applications and operating systems, but in firmware and hardware as well. Our integration with Kenna.VM is an example of this customer-driven integration.
Patch and Orchestration Solutions
Patch management systems have proven their ROI, but none handle the tricky and sensitive process of patching firmware. Eclypsium accelerates patching and update efforts, enabling staff to address weaknesses and save time.
SIEM and Analytics Integrations
Solutions like Splunk and QRadar are the incident response team’s go-to system for security analytics and insight. Eclypsium provides SIEM and analytics solutions with detailed event information at the firmware and hardware levels.
Virtualization Integrations
The Eclypsium platform automatically collects and analyzes firmware configuration in the VMWare ESX platform data, to identify, verify and fortify that firmware and report on vulnerabilities.
Network Security
Every device has firmware, and all firmware needs to be secured. This includes network devices like VPNs, CDNs, WAN, WAF and more. Eclypsium integrations with vendors like Cloudflare make this not only possible, but easy.
A Rich, Flexible REST API
If you have a favored infosec or IT solution and it’s not shown on this page, don’t worry: Eclypsium adds new integrations constantly. Plus, our rich, full-featured API allows you to extend our capabilities for identifying, verifying and fortifying firmware to other solutions and partners.
Endpoints, Servers and Network Devices Supported: Device Types
  • Servers and microservers
  • Laptops
  • Desktops and workstations
  • Network appliances (routers, switches, gateways, VPN appliances, security appliances, e.g.Cisco IOS devices)
  • Other specialized equipment based on modern computing platforms (e.g., Automated Teller Machines, Point-of-Sale Terminals, etc.)
  • Basic visibility of devices running VMWare ESX through manual upload
Endpoints Supported for Eclypsium Scanners: Operating Systems
  • Windows 7, 8, 8.1, 10
  • Windows Server 2012, 2016, 2019
  • Ubuntu 16.04 - 20.04
  • Debian 8.x - 11.x
  • RHEL/CentOS 6 - 7, Current Fedora distributions
  • SLES 11 - 12, OpenSuse Leap 15, OpenSuse Leap 42.3
  • macOS 10.12 (“Sierra”), through 10.15 (“Catalina”)
Endpoint Hardware
  • Intel Core- and Core M-based systems (laptops, desktops, workstations, servers), 2nd generation or later
  • Intel Atom-based systems
  • Debian Desktop 8.x - 11.x
  • AMD Zen-based servers, desktops, and laptops supported with basic device, risk and integrity information, Zen and Zen2 generation CPUs.
Eclypsium Analytics Service
  • True SaaS architecture: The Eclypsium Analytics Service runs on a public or private cloud instance
  • On-prem as required: a physical system on-premises can be deployed where required for security purposes
Supported Firmware and Devices (a partial list):
The solution supports monitoring many different types of firmware and hardware components:
  • PC Unified Extensible Firmware Interface (UEFI) firmware
  • Mac EFI firmware
  • x86 System Management Mode (SMM) firmware (for UEFI and legacy firmware)
  • Baseboard Management Controller (BMC)
  • Intel Management Engine (ME) and Active Management Technology (AMT)
  • PCI and PCI Express devices (such as GPGPU, NIC, etc.)
  • Network Interface Cards (NIC) firmware
  • Linux distributed firmware binaries
  • EFI Operating System Bootloaders (Linux and Windows) and GPT
  • Legacy OS Master Boot Record (MBR)
  • Legacy Basic Input/Output System (BIOS)
  • Other add-on cards Option/Expansion ROM firmware
  • CPU microcode updates
  • Solid State Drives and Hard Disk Drives

Products for Today’s Firmware Challenges

Firmware Security is the cybersecurity discipline that goes where your vulnerability management, patch management and supply chain management tools are afraid to go: deep down to the firmware and hardware layers of your organization's devices and networks.
Stop Ransomware Attacks
Firmware is now a favored ingress point for ransomware that uses off-the-shelf attack kits like TrickBoot and other delivery packages.
Secure Your Supply Chains
As reported by the Atlantic Council, firmware attacks have become commonplace in the extended technology supply chain.
Protect Remote Workers
Just as the “perimeter” has disappeared from the data center, the “central office” is gone.
Cut Costs
Managing and auditing firmware is critical in the face of modern attacks, but it’s also costly, error-prone, and anxiety-producing.
Secure High-risk Travelers
We’re becoming mobile again, and we’re carrying our secrets with us as we do. Drive-by attacks on travelling laptops are on the rise.
Automate Firmware Updates
A recent Gartner report states that “By 2022, 70% of organizations that do not have a firmware upgrade plan in place will be breached due to a firmware vulnerability.”
Prevent Advanced Attacks
New attacks like REvil, NetWalker, and Maze have focused on flaws inVPN firmware that traditional security tools can’t see or defend.