• Tech News
    • Games
    • Pc & Laptop
    • Mobile Tech
    • Ar & Vr
    • Security
  • Startup
    • Fintech
  • Reviews
  • How To
What's Hot

Elementor #32036

January 24, 2025

The Redmi Note 13 is a bigger downgrade compared to the 5G model than you might think

April 18, 2024

Xiaomi Redmi Watch 4 is a budget smartwatch with a premium look and feel

April 16, 2024
Facebook Twitter Instagram
  • Contact
  • Privacy Policy
  • Terms & Conditions
Facebook Twitter Instagram Pinterest VKontakte
Behind The ScreenBehind The Screen
  • Tech News
    1. Games
    2. Pc & Laptop
    3. Mobile Tech
    4. Ar & Vr
    5. Security
    6. View All

    Bring Elden Ring to the table with the upcoming board game adaptation

    September 19, 2022

    ONI: Road to be the Mightiest Oni reveals its opening movie

    September 19, 2022

    GTA 6 images and footage allegedly leak

    September 19, 2022

    Wild west adventure Card Cowboy turns cards into weird and silly stories

    September 18, 2022

    7 Reasons Why You Should Study PHP Programming Language

    October 19, 2022

    Logitech MX Master 3S and MX Keys Combo for Business Gen 2 Review

    October 9, 2022

    Lenovo ThinkPad X1 Carbon Gen10 Review

    September 18, 2022

    Lenovo IdeaPad 5i Chromebook, 16-inch+120Hz

    September 3, 2022

    It’s 2023 and Spotify Still Can’t Say When AirPlay 2 Support Will Arrive

    April 4, 2023

    YouTube adds very convenient iPhone homescreen widgets

    October 15, 2022

    Google finishes iOS 16 Lock Screen widgets rollout w/ Maps

    October 14, 2022

    Is Apple actually turning iMessage into AIM or is this sketchy redesign rumor for laughs?

    October 14, 2022

    MeetKai launches AI-powered metaverse, starting with a billboard in Times Square

    August 10, 2022

    The DeanBeat: RP1 simulates putting 4,000 people together in a single metaverse plaza

    August 10, 2022

    Improving the customer experience with virtual and augmented reality

    August 10, 2022

    Why the metaverse won’t fall to Clubhouse’s fate

    August 10, 2022

    How Apple privacy changes have forced social media marketing to evolve

    October 16, 2022

    Microsoft Patch Tuesday October Fixed 85 Vulnerabilities – Latest Hacking News

    October 16, 2022

    Decentralization and KYC compliance: Critical concepts in sovereign policy

    October 15, 2022

    What Thoma Bravo’s latest acquisition reveals about identity management

    October 14, 2022

    What is a Service Robot? The vision of an intelligent service application is possible.

    November 7, 2022

    Tom Brady just chucked another Microsoft Surface tablet

    September 18, 2022

    The best AIO coolers for your PC in 2022

    September 18, 2022

    YC’s Michael Seibel clarifies some misconceptions about the accelerator • DailyTech

    September 18, 2022
  • Startup
    • Fintech
  • Reviews
  • How To
Behind The ScreenBehind The Screen
Home»Security»Firmware is everywhere. Your security should be, too
Security

Firmware is everywhere. Your security should be, too

October 4, 2022No Comments5 Mins Read
Facebook Twitter Pinterest LinkedIn Tumblr Email
Firmware is everywhere. Your security should be, too
Share
Facebook Twitter LinkedIn Pinterest Email

Were you unable to attend Transform 2022? Check out all of the summit sessions in our on-demand library now! Watch here.


There’s no longer any doubt that threat actors are actively exploiting vulnerabilities in device software and firmware — this as opposed to more traditional applications like web browsers. 

And, an increasingly complex global supply chain only increases risk. Vulnerabilities can be introduced at any level. 

“Software and firmware inside devices is the most fundamental and privileged code,” said Yuriy Bulygin, CEO of Eclypsium. “If infected or tampered with, it can provide adversaries a foothold into an organization’s infrastructure, evading detection for long periods of time and even causing permanent damage to device infrastructure.”

For device security or zero-trust principles to be truly effective, organizations must understand all layers of hardware, firmware and software code, he said. To bolster the Eclypsium platform’s capabilities in this area, the company today announced an infusion of $25 million in a series B round. 

Event

MetaBeat 2022

MetaBeat will bring together thought leaders to give guidance on how metaverse technology will transform the way all industries communicate and do business on October 4 in San Francisco, CA.

Register Here

Today’s complicated supply chain “has created an attractive and rapidly growing playing field for threat actors, whose goal is to achieve maximum detrimental impact across many organizations at once,” said Bulygin.

Ever-growing attack surface

The IBM 2022 Cost of a Data Breach Report provided one of the first analyses of supply chain security, revealing that nearly one-fifth of organizations were breached due to a software supply chain compromise. 

See also  Why getting endpoint security right is crucial

Government agencies around the world are increasingly issuing warnings and mandates — for instance, the White House OMB memorandum on enhancing supply chain security. Device software and firmware account for almost a quarter of known exploited vulnerabilities published by the Cybersecurity and Infrastructure Security Agency (CISA).

Bulygin pointed out that the Conti and TrickBot ransomware groups often target endpoint firmware and Russian state actors wipe endpoints and SATCOM satellite terminals. 

Numerous breaches use network, VPN and security equipment built by almost every vendor as initial access vectors, he said, and critical servers are compromised via remote management interfaces like iLOBleed. Also, botnets infect IoT devices and malware targets vulnerable OT systems.

“An increasingly complex global supply chain means that finished devices may have hardware and firmware components sourced from vendors around the world, all of whom add to the risk and complexity of securing a device,” said Bulygin. 

Build trust in devices

Existing companies offering software supply chain security tools include Synopsys, Chainguard, Cycode, Aqua Security and Veracode. 

Eclypsium’s entrance and rapid growth is indicative of increased demand; Bulygin said its offering is unique from other security solutions that only focus on the application layer.

“Whereas, devices and device-level software and firmware is the most fundamental, privileged and unprotected attack surface,” he said, “and malicious exploitation has long shifted to this layer.”

He pointed out that Eclypsium already serves many Fortune and Global 2000 companies, and its platform is used by U.S. government agencies. It was also recently added as the first product to secure hardware, firmware and software supply chain to the CISA Continuous Diagnostics and Mitigation (CDM) Approved Products List. 

See also  Black Hat 2022 – Cyberdefense in a global threats era

The platform mitigates supply chain risks in an automated way, rather than just discovering and highlighting them, said Bulygin. Users can: 

  • Inventory all IT equipment with all hardware components, as well as firmware and software shipped with devices.
  • Create and verify bills of materials. 
  • Discover devices that have been infected by implants or compromised in the supply chain. 
  • Identify supply chain vulnerabilities.
  • Deploy software and firmware updates across entire multi-vendor device fleets. 

Fundamentally, this allows users “to build trust in their devices and their hardware and software supply chains,” said Bulygin. 

Security makes financial sense

For example, credit unions are prime targets for threat actors at all levels. First Financial, a New Mexico credit union with assets over $800 million and more than 85,000 members, is certainly not immune to this.  

“New attacks at the firmware level, like iLOBleed implants in servers and FinSpy bootkits in endpoints, are getting news exposure almost daily,” said Steve Coffey, First Financial’s VP of IT. 

Seeing new firmware-focused attacks, the company’s IT team recently homed in on supply chain security. Their first question was whether their existing tools had visibility and effectiveness in the sub-OS areas of their systems (where firmware lives), according to Coffey.

His team’s research found that there were significant visibility and protection gaps at the device and firmware level — and it wasn’t just powerful nation-states doing the attacking. 

Because firmware is everywhere, First Financial needed to cover endpoints like laptops and desktops, as well as numerous network devices and servers, said Coffey. They would also need to cross organizational boundaries between security and operations teams. 

See also  Apple blocks downgrades to iOS 14.4.1 after patching security vulnerability with iOS 14.4.2

Eclypsium’s platform allows them to stay ahead of low-level threats and have a layered tool “from which we can extract more and more security value as we grow,” he said. Also, they are prepared for auditors asking for evidence of firmware protections, which can happen at any time given the increased threat levels facing credit unions. 

Enhanced capabilities, research

The new funding round brings Eclypsium’s total raised to $50 million. The company will use the new money to expand its product capabilities, accelerate sales momentum and supply chain security research, said Bulygin. 

Since its Series A in 2018, the company has quintupled its headcount and experienced 35 times revenue growth, he said. It has also seen 13-fold growth in its customer base. 

The newest round was led by Ten Eleven Ventures, with participation from Global Brain’s KDDI Open Innovation Fund (KOIF) and J-Ventures, along with Andreessen Horowitz, Madrona Venture Group, Alumni Ventures, AV8 Ventures, Intel Capital, Mindset Ventures, Oregon Venture Fund (OVF), Translink Capital and Ubiquity Ventures. 

Source link

Firmware security
Share. Facebook Twitter Pinterest LinkedIn Tumblr Email

Related Posts

Bitdefender Total Security review

March 6, 2024

Avast Premium Security review

March 6, 2024

Eset Home Security Ultimate review

January 23, 2024

AVG Internet Security review

October 31, 2023
Add A Comment

Comments are closed.

Editors Picks

How Threads’ Privacy Policy Compares to Twitter’s (and Its Rivals’)

July 7, 2023

How to turn off Sticky Keys in Windows 11

August 27, 2022

Eyes within the Darkish interview: How Beetlejuice, psychedelic-trance, and innovation impressed a studio’s first recreation

July 30, 2022

LG Gram 16 (2022) evaluate

July 26, 2022

Subscribe to Updates

Get the latest news and Updates from Behind The Scene about Tech, Startup and more.

Top Post

Elementor #32036

The Redmi Note 13 is a bigger downgrade compared to the 5G model than you might think

Xiaomi Redmi Watch 4 is a budget smartwatch with a premium look and feel

Behind The Screen
Facebook Twitter Instagram Pinterest Vimeo YouTube
  • Contact
  • Privacy Policy
  • Terms & Conditions
© 2025 behindthescreen.uk - All rights reserved.

Type above and press Enter to search. Press Esc to cancel.