Macnica (Headquarters: Yokohama City, Kanagawa Prefecture, President: Kazumasa Hara, hereinafter referred to as Macnica) is a total service and solution provider in semiconductors, networks, cybersecurity, and AI/IoT, including PCs, servers, and network equipment. We have entered into an agency agreement in Japan with Eclypsium Inc. (Headquarters: Portland, Oregon, USA; CEO: Yuriy Bulygin; hereinafter referred to as Eclypsium), a leading provider of security solutions that protect the firmware of all types of devices from cyber threats. We are pleased to announce that we have signed a contract for the first time. Through this, we will take measures against vulnerabilities and tampering that exist in the firmware (BIOS, controllers, etc.) of terminals, servers, network devices, etc. managed by companies, and will support the improvement of firmware security, which is often overlooked. .

Since 2019, vulnerabilities in critical operating systems such as SSL-VPN devices have been reported one after another. This makes it extremely easy for attackers to invade by bypassing perimeter-based multi-layered defenses and monitoring, which had been considered difficult until now, so they launch attacks that exploit OS vulnerabilities. Now In addition, attackers are beginning to turn their attention to "vulnerabilities in layers lower than the OS (firmware vulnerabilities)," which have not been addressed until now. A particular blind spot is this firmware vulnerability.

The reason why the firmware should take countermeasures is as follows.

Reasons why you should take measures against firmware
●By running malware before the OS starts, it is possible to be compromised by using administrator-level privileges.
● Existing security solutions operate at the OS level, making it difficult to detect exploitation of firmware vulnerabilities and tampering.
●If the firmware is tampered with, it is difficult to restore by reinstalling the OS or replacing the hard disk.
● By destroying the firmware, it is possible to make the device permanently unusable.

For these reasons, a new genre of security measures called Vulnerabilities Below the Operating System (VBOS) is attracting attention as a security solution for vulnerabilities that exist in layers lower than the OS.

VBOS countermeasures visualize terminals, servers, network devices, etc. managed by companies, and provide a function to continuously check mainly firmware settings and compliance with various compliances. Companies that had insufficient management of terminals, servers, network devices, etc. managed by companies will be able to easily realize the approach to VBOS.

Among them, the Eclypsium solution that we contracted this time has the following major features.

Eclypsium Product Features
● Inventory of network devices, visualization of firmware risks, and their management
○ It is possible to create SBOM (Software Bill of Materials) of firmware
○Simple and easy-to-understand user interface
●Firmware vulnerability detection (RISK)
○Displays an overview of detection, attack cases, impact at the time of damage, and presents repair methods
●Firmware tampering and setting change detection (INTEGRITY)
○ Application of patch for vulnerable firmware (BIOS, controller, etc.) from Eclipse console

Commenting on this announcement, Eclipsium CEO & Founder Yuriy Bulygin said:
“Our vision at Eclipsium is to help improve the reliability of our customers' hardware infrastructure and supply chain.We partnered with Macnica, which has a strong track record of selling security solutions and has strong technological capabilities, to provide advanced technology to our Japanese customers. We are proud to offer enterprise firmware security solutions and services. This is a major step in Eclipsium's continued growth and we look forward to a long-term partnership with Macnica."

In addition to the APT/incident response-related solutions we have been handling, Macnica will add Eclipsium to its product lineup, and by covering the VBOS area, we will support companies in strengthening their security.