Firmware is the unguarded attack surface of the enterprise. Learn how to defend your critical infrastructure with white papers, videos and other resources from Eclypsium®.
Company Information
Learn how to extend Zero Trust practices to every device in your supply chain. The Eclypsium platform provides security at the lowest layer of the supply chain: where raw code meets bare metal, and where laptops, servers and network devices need to be protected from firmware- and hardware-level attacks.
Learn how to extend Zero Trust practices to every device in the federal supply chain. Eclypsium defends the supply chains of civilian agencies and defense teams from the deep implants, exploits and sub-OS attacks that have become the “vector of choice” for modern adversaries.
A comprehensive look at the firmware security challenge and how the Eclypsium platform addresses it.
Solution Briefs
Learn how the FFIEC is actively auditing financial services organization for firmware-level protections and security controls in their critical devices, and how you can prepare your team.
New federal requirements make it critical to establish trust in every device. Learn how to make this kind of chip-level security a reality in federal networks.
Learn how Zero Trust principles apply to enterprise IT devices and why these principles need to extend down to the base hardware of chips, processors and system components
With the increase in firmware-focused threats, many cybersecurity teams are wondering why their VM tools can’t keep up. The bottom line? They were ever meant to. Here are 5 reasons why firmware security solutions fill these gaps.
Endpoints are the favored beachhead for ransomware, APTs and modern attacks, and tools like EDR, EPP and XDR have been designed to protect them. But when it comes to below-the-OS, firmware-level attacks and exploits, endpoint tools are at a loss.
The cybersecurity teams who defend financial services organizations are engaged in what often feels like hand-to-hand combat with financially and politically motivated adversaries. Here are five reasons why firmware security can be the place they gain the upper hand.
Network devices are often an organization’s most overlooked area of attack surface, and their embedded firmware the most attack-prone point in that surface. This solution brief outlines the critical firmware issues with networked and connected devices, and discusses how Eclypsium users can identify, verify and fortify the firmware in their vulnerable network devices.
A recent update to Singapore's Cybersecurity Act of 2018 highlights the need for firmware security, and calls out specific requirements to ensure firmware integrity.
Compliance standards have and will continue to include firmware and hardware security is becoming more relevant. NIST 800-53 Rev. 5, PCI DSS, FedRAMP, NIST 800-171, and Cybersecurity Maturity Model Certification mention firmware and hardware compliance. With new enterprise tools available, auditors can ask how a company is achieving compliance at the firmware and hardware layer.
As remote work becomes the default, attackers are setting their sights on end user devices and the ways that users connect back to the enterprise. Learn how Eclypsium ensures the integrity and health of the devices that remotely access corporate resources over VPN and other secure remote access mechanisms.
The National Institute of Standards and Technology (NIST) cybersecurity framework helps organizations to better understand and improve their management of cybersecurity risk. In this brief we outline the NIST requirements that pertain to firmware security and provide guidance for organizations seeking to achieve compliance with these standards.
The Federal Information Security Management Act (FISMA) defines the information security requirements for all federal agencies and spans the fundamental pillars of information security (confidentiality, integrity, and availability). This 2-page overview explains how FISMA relates to firmware security.
Eclypsium introduces a new type of enterprise security that defends the underlying hardware and firmware layer of the enterprise.
Product Briefs
Endpoints are increasingly dependent on the security and integrity of their underlying firmware to remain protected and secure themselves. Learn how Eclypsium for Endpoints identifies, verifies and fortifies endpoint firmware.
Your servers are the backbone of your business and your mission. Their firmware is the key to their security. Eclypsium for Servers ensures your server firmware retains integrity and remains free of vulnerbailities.
Network devices are the nervous system of your enterprise, keeping your networks, services and applications running. Eclypsium for Network Devices makes sure their embedded firmware remains secure and protected.
White Papers
NIST 800-161 is the foundational guidance for securing all digital supply chains. In this Eclypsium white paper we show how securing device-level "core code" fits into that framework and delivers more secure devices and more resilient supply chains.
The fastest and most effective path to securing device supply chains – the number one target of both nation states and criminal gangs – is by securing their embedded code.
Learn the critical roles that supply chain and firmware security play in NIST's authoritative catalog of security controls.
Learn how firmware security fits into this widely used framework that tracks and maps adversary actions. Find out which tactics and techniques are leveraging firmware vulnerabilities and known exploits.
Learn about role of firmware in preventing DMA attacks and achieving a Zero Trust posture.
Network devices have become primary targets for both advanced and financially motivated attacks. This white paper breaks down the role firmware vulnerabilities play in those device attacks, and outlines how new solutions can reduce risks amid a wave of new adversary tactics.
Understand how firmware security is a critical part of the Zero Trust strategies you're building to protect your enterprise endpoints, in this research paper from TAG Cyber.
Two intersecting trends -- the recent firmware explosion and rampant ransomware -- have caused havoc and made security teams question their previous strategies. This paper shows how we got here and what informations security teams can do about it.
What does the Executive Order on Cybersecurity mean for security teams tasked with protecting endpoints, servers and network devices? We look at the new Zero Trust requirements, their implications for device integrity and what it takes to identify, verify and fortify enterprise devices.
In 2020, APT and ransomware threat actors targeted enterprise VPNs en masse, the widespread BootHole vulnerability put virtually all Windows and Linux devices at risk for bootkits, and some of the most popular malware and ransomware added firmware-specific capabilities. This whitepaper provides five questions to ask to assess your organization’s firmware security risk, with recommendations for evaluating and improving your firmware security posture.
As firmware-level threats continue to gain popularity in the wild, security teams need to understand how these threats work and the real-world risks they pose to an organization’s security. Updated for 2021, this paper demystifies the most common types of firmware attacks used in the wild today.
How much trust can you put in your devices? Security concepts like Zero Trust can provide an important framework for securing the remote work environment. Learn more in this Eclypsium white paper.
Build device security into your overall cybersecurity plan with simple steps that help you progress from basic cyber hygiene to preventing advanced persistent threats using the Cybersecurity Maturity Model Certification (CMMC) framework as a guideline.
Explore the techniques of successful firmware attacks as they apply to stages of a kill chain in this new Eclypsium report designed to help you assess and defend enterprise devices from firmware and hardware threats.
Case Studies
Credit unions face increasingly sophisticated attacks. This study highlights the work of one of New Mexico's largest credit unions — First Financial Credit Union — as they sealed firmware gaps in their digital supply chains.
Videos
Introduced in 2012, Secure Boot - the OG trust in boot - has become a foundational rock in modern computing and is used by millions of UEFI-enabled computers around the world due to its integration in their BIOS. In this presentation, Jesse and Mickey discuss past and current flaws in valid bootloaders, including some which misuse built-in features to inadvertently bypass Secure Boot. They also discuss how in some cases malicious executables can hide from TPM measurements used by BitLocker and remote attestation mechanisms as well as how to use the custom tools they created to allow for a consistent bypass for secure boot effective against every X86-64 UEFI platform.
Firmware is the most pervasive, persistent and painful blind spot in your digital supply chain and in your endpoint and network security programs. In this short video, see how an Identity, Verify, Fortify strategy, when applied to firmware, can close the gap.
Network devices and their embedded firmware have become the vector-of-choice for the most disabling ransomware attacks as well as new exploits that can cripple an organization’s communication infrastructure. Learn how new technologies combat these attacks on crucial devices.
Scott Schefferman, principal security strategist at Eclypsium, provides a crash course on the power, privilege and pervasiveness of the firmware in their network infrastructures.
In 2022, the Technology Association of Oregon recognized Eclypsium as the Rising Star Technology Company of the Year. This video outlines the reasons – including the problems solved and the technologies delivered – the TAO team decided to declare Eclypsium the winner.
Security Weekly’s Paul Asadoorian talks to Eclypsium CEO Yuriy Bulygin about why firmware is the biggest gap in security today, and what to do about it. Hard drives, network cards, BIOS and other components all have their own software stacks, forming a hidden attack surface beneath the operating system layer. Update mechanisms have made firmware accessible remotely, and now attacks in the wild are taking advantage. Nerd out with Paul and Yuriy as they explore the topic of firmware security in this 15-minute video.
Baseboard management controllers (BMCs) are the “remote brains” enabling real-time updates, configuration changes and operational inspection of our most important servers. But due to recently discovered BMC attacks via firmware, they’re also now the most attractive attack surface in the cloud-based or on-prem data center.
Best Practices
A disciplined process of firmware updates is an essential element of good cybersecurity hygiene but can be challenging for many enterprises. This report provides IT and security leaders with insights into firmware update management and guidance on best practices.
Part two of Eclypsium’s series on best practices for firmware updates focuses on the tools and techniques used by the enterprise IT teams tasked with implementing update processes.
"Firmware vulnerability gives attackers entry into systems that is invisible and persistent with total control of the server, storage or network device. I&O leaders must deliver an infrastructure, whether on-site, outsourced or in the public cloud, that is protected from firmware-based attacks." Learn how in this report from Gartner Research.
Firmware- and hardware-level attacks can compromise laptops in minutes and persist undetected after reimaging. To close the firmware security gap in traveler laptop programs consider a new approach that protects IT assets in high-risk countries from firmware implants and backdoors.
As malware in the wild increasingly targets firmware for persistence, it is critical that IR and threat hunting efforts extend to the firmware as well.
The rise of bare-metal cloud service offerings brings new security challenges for customers and providers. While physical servers are dedicated to one customer at a time, they don’t stay that way forever. Vulnerabilities in a device’s firmware and weaknesses in the reclamation process open the door for firmware implants and rootkits to be passed from one customer to the next. We explore the security implications, present original research, and provide guidance on best practices.
FISMA, and the NIST documents supporting it, repeatedly underscore the importance of firmware security as part of a modern security program. Yet, this area remains one of the most overlooked and poorly understood areas of risk within government agencies. This document walks through the requirements and guidance that the law establishes in regard to firmware, and provides practical guidance and recommendations that organizations can use to not only comply with FISMA, but also to build a stronger security program.
Industry Resources
A 2022 global survey of cybersecurity decision makers in the financial services industry that highlights awareness of firmware exploits, future spending, and remediation strategies.
This annual survey, now in its ninth year, shows how CISOs and infosec leaders across the world are making their cybersecurity investments and provides insight into their current concerns and challenges.
Insights, perspectives and commentary on cyber risks, security safeguards and technology innovations from TAG Cyber.
Education
A visual introduction to the firmware attack surface of enterprise devices, this resource describes the dozens of components in modern laptops and servers that are vulnerable to firmware and hardware attacks and documents real-world threats for each category of component.