Supply Chain Security

Supply Chain Risk Management

Cybersecurity risk begins long before a new device ever arrives at the enterprise. Modern technology supply chains are increasingly complex and dynamic, with OEMs relying a constantly rotating network of component suppliers and downstream sub-suppliers. Vulnerabilities or threats at any point of the supply chain can undermine the integrity of the device and lead to a compromise of unsuspecting customers.

Eclypsium gives enterprises the tools to verify that the devices they buy are authentic, free from vulnerabilities, and haven’t been tampered with in the supply chain. With a simple scan, organizations can verify the integrity of new devices and have the detailed insight to hold their suppliers accountable.

Evaluate Vendors Before Buying

Spec sheets and price lists don’t give the full story behind a device. With Eclypsium, organizations can perform a deep audit of prospective devices to verify exactly what’s inside and to identify potential security issues.

Deep visibility of components and firmware
Automatically learn baselines for all devices and component firmware.

Evaluate prospective devices for firmware vulnerabilities or misconfigurations that could put the device at risk.

Verify the Integrity of the Supply Chain

Today’s supply chains typically involve dozens of suppliers and sub-suppliers, with each organization being a potential point of compromise. These supply chains are also often in flux as OEMs regularly need to pivot from supplier to supplier based on availability or cost issues. Eclypsium lets organizations easily verify the integrity of their devices and critical components and ensure devices have not been tampered with prior to delivery.

Verify New Device Firmware
Easily verify that system and component firmware matches the valid, approved firmware published by the vendor.

Secure and Verify Firmware Updates
Detect insecure firmware update mechanisms on devices. Verify the integrity of new firmware before updating.

Detect Known and Unknown Threats
Proactively identify known firmware threats such as implants, backdoors, and malware. Identify anomalous firmware behavior to detect unknown threats.

Establish and Monitor Firmware SBOM

The recent Executive Order on Improving the Nation’s Cybersecurity highlights the need for a Software Bill of Materials (SBOM) for all critical software in a system. Firmware is some of the most critical and privileged code on any device, yet often overlooked when it comes to the SBOM. Eclypsium supports both OEMs and enterprises, making it easy to establish and verify SBOMs at the firmware level to verify the integrity of the supply chain and the provenance of all components.

OEMs and technology vendors can use Eclypsium to build detailed firmware SBOMs including systems and subsystems of downstream suppliers.

Enterprises can use Eclypsium to quickly scan firmware to verify all newly acquired devices meet the vendor’s SBOM.

Securely Support Remote Workers and Sites

Organizations need to ensure that their many workers and facilities have the right equipment when they need it. With Eclypsium, IT teams can directly ship devices to locations or workers, then easily verify the posture and integrity of the device.

Eclypsium’s cloud-based approach lets organizations remotely analyze devices to ensure they are in a secure state and have not been compromised.

Directly ship new devices to the locations where they will be used, then remotely verify the posture and integrity of the device. Get new devices into user’s hands faster without sacrificing security and control.