What is Eclypsium?

Eclypsium is a security solution that visualizes vulnerabilities and signs of tampering that exist in firmware areas such as firmware, BIOS, UEFI, and boot loaders in terminals, servers, and network devices managed by a company.

Why is it necessary to address firmware vulnerabilities?

Since 2019, many critical vulnerabilities in the operating systems and applications of terminals and network devices have been reported. If an attacker exploits these vulnerabilities, they may bypass perimeter-type defense in depth and monitoring to infiltrate the corporate network, steal information after the intrusion, and perform lateral expansion. Countermeasures against OS and application vulnerabilities are an urgent need. In addition to this, attackers are beginning to pay more attention to firmware vulnerabilities that have not received much attention in the past.

Why are existing solutions like EDR insufficient?

Current security measures, such as EDR, focus on quickly discovering and fully visualizing an intrusion that has already occurred, rather than preventing the intrusion itself 100% in advance against unknown threats. In contrast, if an intrusion affects firmware, it is difficult to fully visualize it with OS-level security measures, giving attackers time to operate undetected by the target of the attack. Against this background, vulnerabilities at the firmware and hardware levels are attracting the attention of attackers. The specific reasons why attackers target firmware are mainly as follows:

• By running malware before the OS boots, it can be compromised using admin-level privileges
• Since existing security solutions operate at the OS level, it is difficult to detect exploitation of firmware vulnerabilities and tampering with firmware.
• If the firmware is tampered with, it is difficult to restore by reinstalling the OS or replacing the hard disk.
• Corrupting the firmware can render the device permanently unusable

These firmware vulnerabilities are a new security area, and the need for countermeasures is gaining attention.

Firmware Security and the Software Supply Chain

Firmware-level vulnerabilities and tampering also have implications for software supply chain security.

Attack scenarios in which a supplier of software embedded in devices used by companies is compromised and companies that use that software are affected are becoming a reality. Since 2019, multiple attack methods have been confirmed in which software developers have been compromised by nation-state cyber attackers, resulting in the distribution and execution of malware on users' devices using the online update function of the software. In many of these cases, the tools used in the attacks were also those used to update BIOS and UEFI. If attackers exploit the firmware update function via the supplier and tamper with the firmware, it is possible that threats that are difficult to detect with existing security measures will be embedded in the device, as mentioned above.

Eclypsium Firmware Security Features

Eclypsium's firmware security solution scans terminals, servers, network devices, etc. managed by a company, and provides the ability to continuously check for vulnerabilities at the firmware and hardware level, whether or not they have been tampered with by attackers, and whether or not they comply with various compliance standards.

• Visualization
  • Vulnerability (Risk) in firmware can be visualized, and the inventory of terminals and network devices and the status of their firmware can be centrally managed on a single dashboard.
  • Vulnerabilities in firmware can also be visualized, and an overview of the vulnerabilities, attack cases, and repair methods can be presented.
• detection
  • It is possible to detect whether the firmware has been tampered with or changed (Integrity)
• handle
  • If there is a vulnerability that needs to be addressed, it is possible to check the details of the vulnerability and apply a patch.
• Simple and easy-to-understand UI
  • Eclypsium lists the terminals, servers, and network devices that exist in the environment, and scores their firmware status from the two perspectives of risk (presence of vulnerabilities) and integrity (presence of tampering). Also, if there is a vulnerability that needs to be addressed, you can check the details of the vulnerability and apply a patch.

Evaluation from a third party

Serving Global 2000 companies as well as state and federal government agencies, Eclypsium is the choice of many.

• 『Gartner Cool Vendor in Security Operations and Threat Intelligence』
• 『TAG Cyber Distringuished Vendor』
• "Fast Company's World's 10 Most Innovative Security Companies"