Eclypsium Firmware Protection Platform

Promote this Nomination

Additional Info

Company (that provides the nominated product / solution / service)Eclypsium
Company size (employees)50 to 99
Type of solutionCloud/SaaS

In 3 bullets, summarize why this product or service is different from the competition and deserves recognition:

Eclypsium provides the most complete solution for protecting your organization from threats down to the firmware level. Our platform provides full visibility into the firmware running on all the key components of your laptops, servers, and network devices. At a glance, you’ll see if there are implants or backdoors in your firmware, if it’s vulnerable to known threats, or if it’s just out of date and in need of patching. You’ll get expert guidance on the severity of vulnerabilities, and links to the latest firmware updates so that you can mitigate threats and protect your assets.

Unlike traditional software, firmware should remain predictable and in “known good” states. The Eclypsium Platform checks firmware against millions of firmware hashes across dozens of enterprise hardware vendors to identify changes to baselines, find outdated firmware, and expose tampering. Eclypsium’s world-class firmware security researcher team leads the industry in identifying threats and vulnerabilities that impact enterprise devices. Their insights power the Eclypsium Platform, putting you ahead of the curve on firmware security.

Virtually every component within a modern device has its own firmware that can be compromised in an attack. Eclypsium extends visibility and protection to all the components that make up this internal attack surface including processors, network interface cards, UEFI and EFI firmware, Baseboard Management Controllers (BMCs), Intel Security Management Engine, Trusted Platform Modules, and more. This reach and level of granularity ensure visibility into areas most enterprises cannot see, exposing risk due to vulnerabilities and misconfigurations, unpatched firmware, and compromise from implants and backdoors.

Brief Overview

Eclypsium is the industry’s leading enterprise firmware protection platform—providing a new layer of security to protect your IT infrastructure from firmware attacks. Eclypsium defends enterprises and government agencies from vulnerabilities and threats hidden within firmware that are invisible to most organizations.

That’s important because every enterprise device contains dozens of components – each with millions of lines of proprietary firmware code- that traditional security solutions leave unprotected.

Most organizations lack visibility into this attack surface. They can’t easily see which hardware and firmware components are in their fleet or determine which devices are vulnerable to known threats — much less detect a hidden implant or backdoor.

And once compromised, this blind spot allows attackers to subvert traditional security controls and persist undetected, leaving organizations exposed to device tampering, ransomware, and data breaches.

In 2020, this threat has grown significantly, with the shift to remote work moving employees beyond the traditional protections of the corporate network and attacks at the firmware level proliferating. In the past year widespread attacks on VPNs exploited firmware vulnerabilities, new UEFI implants were discovered in the wild, and the prolific TrickBot malware team began targeting firmware. Meanwhile, the SolarWinds Orion SUNBURST campaign revealed the danger of stealthy supply chain attacks.

That’s why global financial services firms, critical infrastructure providers, leading manufacturers, and the US federal government have turned to Eclypsium. Our comprehensive cloud-based platform protects laptops, servers, and networking equipment down to the firmware and hardware level with security capabilities ranging from basic device health and patching at scale to protection from the most persistent and stealthiest threats. We provide the most complete defense against firmware attacks available – enabling organizations to see and manage risk across enterprise devices and stop active threats from device-level implants and backdoors in the supply chain and in operations.