Today, we are proud to announce the availability of the Eclypsium platform beta version! We have been engaged in private testing with select organizations for several months, and the experience and insights have been invaluable. Based on our experience with firmware and the associated vulnerabilities and threats, we knew that we were facing a broad problem and that is exactly what we found.
Over the course of our private testing, we found that organizations had little to no visibility into their firmware state, threats, and vulnerabilities. As a result, most devices are running outdated firmware with vulnerable configurations. Overall, we found that the majority (over 77%) of the devices Eclypsium analyzed had outdated firmware, and nearly all of the devices we tested were vulnerable to a known attack.
We are now expanding to more organizations and networks. Here is some information to help you decide if you would like to apply and how to get started:
Devices That Are In Scope
The Eclypsium Beta supports the following devices:
|Device Type||Supported Versions||Why You Should Care|
|PC and Mac Laptops and Desktops||Windows (7 through 10, 64-bit) and macOS (10.12 – 10.13)||Protect high-value laptops and ensure they stay safe from tampering and “evil maid” attacks during travel.
Detect advanced malware attacks that hide in firmware and evade detection.
|Servers and IT Infrastructure||Windows (Server 2012 – 2016) and Linux (Ubuntu, Debian, Red Hat, CentOS)||Monitor critical servers supporting your data center and private cloud for threats persisting in firmware.
Detect tampering in your hardware supply chain.
Monitor for BMC and IPMI and other hardware risks.
|Network Devices||Cisco IOS||Protect your switches, routers and firewalls, recently reported to be “attack vector of choice” by the DHS.|
Key Capabilities of the Beta
The Eclypsium Beta includes core functionality to support the following business use cases.
|Device Management||Inventory of low-level details about firmware and hardware, including vendor, firmware level, internal components, and other details.||Know exactly what hardware and firmware is in your environment. When a new vulnerability is found, know exactly where you are exposed and what actions to take.|
|Vulnerability and Risk Assessment||Find outdated firmware, firmware vulnerabilities, and missing device protections.||Actively manage and assess this strategic attack surface.|
|Detection of Threats||Verify firmware integrity and detect firmware implants and backdoors||Identify sophisticated attacks persisting in your environment. Verify that devices haven’t been backdoored in the supply chain.|
How to Apply
If you are interested in trying Eclypsium beta, please contact us. A member of our team will connect to learn more about your environment, understand your specific needs, and arrange next steps.