The guideline "NIST SP800-171" published by the U.S. National Institute of Standards and Technology is one of the guidelines that has become most important in the Japanese market in recent years. NIST SP800-171 is a guideline that covers a very wide range of countermeasures, so we believe that there are many areas that tend to be blind spots in terms of countermeasures. Among these, this time we will focus on the firmware built into all IT devices such as PCs, servers, and network devices, and introduce countermeasures that comply with NIST SP800-171. In recent years, security threats to firmware, the layer below the OS, have been increasing, and this is an area that tends to become a blind spot. In this seminar, we will introduce the latest threat information and countermeasures regarding firmware based on NIST SP800-171.

Since 2019, vulnerabilities in critical operating systems such as SSL-VPN devices have been reported one after another. This makes it extremely easy for attackers to invade by bypassing perimeter-based multi-layered defenses and monitoring, which had been considered difficult until now, so they launch attacks that exploit OS vulnerabilities. Now In addition, attackers are beginning to turn their attention to "vulnerabilities in layers lower than the OS (firmware vulnerabilities)," which have not been addressed until now. In this video, a new genre of security measures called Vulnerabilities Below the Operating System (VBOS) is gaining attention as a security solution for vulnerabilities that exist in layers lower than the OS. I will explain the company's products and features.