Defending the Foundation of the Cybersecurity Mission


Eclypsium has been awarded a U.S. Air Force, AFWERX Small Business Innovation Research (SBIR) Phase 1 contract. The contract will allow Eclypsium to conduct feasibility studies with the Department of Defense (DoD) to demonstrate how the company’s enterprise device security platform supports unprecedented device visibility, risk management, and threat detection. Contact our federal team at usg@eclypsium.com to find out how your group can participate, or learn more here.

Servers, network infrastructure, and end-user endpoints are at the heart of every federal agency’s mission. Firmware is both the first code to run and the most fundamental code for the health and security of each of these essential devices.

A wide range of both nation-state “APT” and criminal/destructive adversaries target this firmware layer in order to compromise endpoints and devices while subverting the rest of the security stack that lies above. This allows for persistence inside compromised mission environments for indefinite amounts of time, and even the ability to survive last-resort efforts such as restoring from backups or performing OS level forensics during an incident. Most importantly, attacking the firmware layer also gives today’s adversaries complete control over the OS and applications of the device, and allows them to easily pivot from a surveillance posture to a destructive one easily.
Users and OS environments are not the only things under threat anymore. Firmware, expansion devices, and sensitive memory locations also need protection from attack.

This rapidly evolving threat vector and the critical impact it has upon missions makes firmware security a key component of federal regulations and frameworks including FISMA, CMMC, NIST’s Cybersecurity Framework, and the Risk Management Framework.

Additionally, a wide range of national adversaries have consistently sought to compromise the integrity of devices at this fundamental level as a way to subvert or bypass higher-layer security, maintain operational persistence, and gain complete control over a device and its data.

Eclypsium extends security to this critical, yet often overlooked part of an agency’s attack surface. Security teams can easily gain visibility into their devices and component inventory, find and patch vulnerabilities, and detect known and unknown threats including device-level implants, backdoors, firmware rootkits, malicious bootloaders, and more.

The firmware layer of government agencies is increasingly under attack by ransomware and a wide range of state-sponsored adversaries including APT 28, APT 29, and APT 41. Eclypsium provides visibility and control over your firmware risk and enables teams to proactively verify the integrity of your critical devices.

Eclypsium empowers security teams with the tools to keep their most critical and high-risk devices safe, and reveal the hiding spots in neighboring devices that adversaries use to persist over time.

Visibility Into Firmware and Components

Security is predicated on visibility, and Eclypsium gives security teams the tools to ensure they always have visibility and awareness of their environment at the firmware and device level. Device-level scans automatically reveal and document exactly what components, versions of firmware, drivers, and configurations are used in each device so that the agency can make informed security decisions.

Device Vulnerability and Risk Assessments

Current generations of vulnerability scanners lack visibility into the firmware and hardware layers of devices. Eclypsium scans for outdated firmware, firmware vulnerabilities, and low-level device configurations that can put devices at risk. Each finding is supported with critical information to help understand the issue and prioritize the risk to the organization.

Device Patching and Updates

When outdated or vulnerable firmware is found, Eclypsium helps organizations take appropriate action. Firmware updates can be applied through the Eclypsium UI, and updates can be performed via the cloud to ensure remote users and assets stay protected.

Integrity Checking and Firmware Threat Detection

Firmware implants and backdoors have become favorite tools of some of the nation’s most sophisticated adversaries as well as large-scale malware and ransomware campaigns. Eclypsium verifies the integrity of a device’s firmware, checks for known firmware threats, and monitors firmware and device behavior to identify unknown threats.

Eclypsium delivers device-level visibility, risk management, and advanced threat detection and prevention. These capabilities allow organizations to support a wide variety of use cases including:

Eclypsium extends core security disciplines such as risk management and threat prevention to the hardware and firmware layer of devices. These broad capabilities allow organizations to apply Eclypsium to a wide range of federal use cases.

Zero Trust
Extend Zero Trust access decisions to the root of trust on each device. Leverage device integrity, device configurations, and firmware vulnerabilities as new contexts for Zero Trust access policies.
Compliance and Governance
Eclypsium lets organizations easily incorporate firmware into their existing security frameworks and compliance efforts including FISMA, CMMC, NIST’s Risk Management Framework, Cybersecurity Framework, and more.
Verify Supply Chain Integrity
Instead of simply relying on vendor certifications, Eclypsium allows agencies to proactively verify the integrity of all newly acquired devices at the firmware level. Easily verify that systems and their underlying components are free from vulnerabilities and haven’t been tampered with in the supply chain.
Securing Remote Workers
Easily ensure the integrity of remote work devices including BYOD devices. Apply device checks before granting inbound VPN access, and verify that VPN appliances have not been compromised.
Incident Response and Threat Hunting
Attackers use firmware implants as a way to indefinitely survive even after a system re-imaging. Easily check a device for implants before returning it to service after a security incident, and include firmware level analysis into host forensic playbooks for better RCA (root cause analysis), high-fidelity pivoting, and correlation.
Contract Number: FA8649-21-P-1282
DUNS Number: 081023218
CAGE Code: 8GXX1
Company Street Address: 920 SW Sixth Avenue, Suite 375
Company City: Portland
Company State: Oregon
Company Postal Code: 97204
Company Country: United States