Eclypsium has been awarded a U.S. Air Force, AFWERX Small Business Innovation Research (SBIR) Phase 1 contract. The contract will allow Eclypsium to conduct feasibility studies with the Department of Defense (DoD) to demonstrate how the company’s enterprise device security platform supports unprecedented device visibility, risk management, and threat detection. Contact our federal team at firstname.lastname@example.org to find out how your group can participate, or learn more here.
Comprehensive Device Security
A wide range of both nation-state “APT” and criminal/destructive adversaries target this firmware layer in order to compromise endpoints and devices while subverting the rest of the security stack that lies above. This allows for persistence inside compromised mission environments for indefinite amounts of time, and even the ability to survive last-resort efforts such as restoring from backups or performing OS level forensics during an incident. Most importantly, attacking the firmware layer also gives today’s adversaries complete control over the OS and applications of the device, and allows them to easily pivot from a surveillance posture to a destructive one easily.
This rapidly evolving threat vector and the critical impact it has upon missions makes firmware security a key component of federal regulations and frameworks including FISMA, CMMC, NIST’s Cybersecurity Framework, and the Risk Management Framework.
Additionally, a wide range of national adversaries have consistently sought to compromise the integrity of devices at this fundamental level as a way to subvert or bypass higher-layer security, maintain operational persistence, and gain complete control over a device and its data.
Eclypsium extends security to this critical, yet often overlooked part of an agency’s attack surface. Security teams can easily gain visibility into their devices and component inventory, find and patch vulnerabilities, and detect known and unknown threats including device-level implants, backdoors, firmware rootkits, malicious bootloaders, and more.
The Eclypsium Solution for Federal Government
Eclypsium empowers security teams with the tools to keep their most critical and high-risk devices safe, and reveal the hiding spots in neighboring devices that adversaries use to persist over time.
Security is predicated on visibility, and Eclypsium gives security teams the tools to ensure they always have visibility and awareness of their environment at the firmware and device level. Device-level scans automatically reveal and document exactly what components, versions of firmware, drivers, and configurations are used in each device so that the agency can make informed security decisions.
Current generations of vulnerability scanners lack visibility into the firmware and hardware layers of devices. Eclypsium scans for outdated firmware, firmware vulnerabilities, and low-level device configurations that can put devices at risk. Each finding is supported with critical information to help understand the issue and prioritize the risk to the organization.
When outdated or vulnerable firmware is found, Eclypsium helps organizations take appropriate action. Firmware updates can be applied through the Eclypsium UI, and updates can be performed via the cloud to ensure remote users and assets stay protected.
Firmware implants and backdoors have become favorite tools of some of the nation’s most sophisticated adversaries as well as large-scale malware and ransomware campaigns. Eclypsium verifies the integrity of a device’s firmware, checks for known firmware threats, and monitors firmware and device behavior to identify unknown threats.
Key product capabilities
Continuously maintain visibility into the health and security posture of all devices. Proactively find weaknesses and patch devices as needed to ensure high availability and security. Build device risk management into your NIST 800-53 and CMMC compliance programs.
Learn More >
Use cloud-based scanning and remediation to ensure remote workers, BYOD devices, and networking gear are secure before granting remote access. Zero Trust access policies can include device integrity and posture.
Learn More >
Ensure the security of critical server infrastructure whether in locally hosted data centers or cloud service providers. Detect problems or threats in server components. Verify the integrity of bare-metal servers.
Learn More >
Eclypsium Use Cases for Federal Agencies
Eclypsium extends core security disciplines such as risk management and threat prevention to the hardware and firmware layer of devices. These broad capabilities allow organizations to apply Eclypsium to a wide range of federal use cases.
Extend Zero Trust access decisions to the root of trust on each device. Leverage device integrity, device configurations, and firmware vulnerabilities as new contexts for Zero Trust access policies.
Federal Purchasing Information
DUNS Number: 081023218
CAGE Code: 8GXX1
Company Street Address: 920 SW Sixth Avenue, Suite 375
Company State: Oregon
Company Postal Code: 97204
Company Country: United States