Hi [[ session.user.profile.firstName ]]

Enterprise Best Practices for Firmware Updates

Enterprises typically spend significant resources managing, patching and updating their software. The same processes and thoroughness are often not in place for the firmware that underpins the fundamental behavior of system hardware. Many times the device firmware is never updated or only updated in light of a threat. While most CISOs and security teams would like to improve their firmware security hygiene, there are a variety of real-world challenges to keeping firmware updated. In this webinar, Eclypsium experts John Loucaides, VP of Research and Development, and Steve Mancini, CISO, discuss the findings of a new report on Enterprise Best Practices for Firmware Updates.


This Q&A style webinar explores the following topics:

- The current state of firmware and firmware updates.
- How the industry is evolving to meet the need for consistent firmware
update management.
- The barriers to establishing firmware update management.
- Recommended steps that security leaders can use to begin building a
safe and reliable process for managing firmware updates.
Recorded Apr 7 2020 63 mins
Your place is confirmed,
we'll send you email reminders
Presented by
John Loucaides, VP of Research and Development and Steve Mancini, CISO, Eclypsium
Presentation preview: Enterprise Best Practices for Firmware Updates

Network with like-minded attendees

  • [[ session.user.profile.displayName ]]
    Add a photo
    • [[ session.user.profile.displayName ]]
    • [[ session.user.profile.jobTitle ]]
    • [[ session.user.profile.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(session.user.profile) ]]
  • [[ card.displayName ]]
    • [[ card.displayName ]]
    • [[ card.jobTitle ]]
    • [[ card.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(card) ]]
  • Channel
  • Channel profile
  • Improve Device Security Using The CMMC Framework Jun 30 2020 5:00 pm UTC 60 mins
    John Loucaides, VP R&D, Eclypsium
    Build device security into your overall cybersecurity plan with simple steps that help you progress from basic cyber hygiene to preventing advanced persistent threats using the Cybersecurity Maturity Model Certification (CMMC) framework as a guideline. John Loucaides, VP of R&D at Eclypsium, will share insights on how attackers compromise device integrity and how you can defeat them by designing device security into your cybersecurity practices. Whether you are part of the defense industry, the broader federal government or a commercial entity, you’ll benefit from this approach to securing critical devices.

    This webinar will cover:

    - Real-World Attacks Against Device Integrity
    - How Attackers Compromise Device Integrity
    - Designing Device Security Into Your Security Practices
    - NIST, FISMA & CMMC Cybersecurity Requirements for Device Security
    - Device Security and the Cybersecurity Maturity Model Certification (CMMC)
  • Protecting Device Integrity in the Supply Chain Recorded: May 13 2020 61 mins
    Dr. Ed Amoroso - TAG Cyber, Dickie George - Johns Hopkins, Andrew Regenscheid - NIST, Yuriy Bulygin - Eclypsium
    While vulnerabilities in software often steal headlines, hardware vulnerabilities pose a major cyber security risk. Hardware is comprised of numerous components, which are often sourced globally, and are difficult to track along the supply chain. A single vulnerability in any of the components could cause the device to be compromised by cyber criminals.

    Protecting the integrity of devices and ensuring firmware is hardened to attack can be challenging when using traditional security controls and processes. Join our panel of experts on May 13, 2020 at 1 pm ET to learn:

    - How to improve visibility into your device supply chain
    - Why firmware vulnerabilities need to be prioritized
    - Common weak spots for the introduction of tampering and modifications

    Our panelists will be:

    Dr. Edward Amoroso - CEO of research and advisory firm TAG Cyber and former CISO for AT&T

    Richard M. (Dickie) George - Senior Advisor for Cyber Security at the Johns Hopkins University Applied Physics Lab, with a focus on cyber strategy for protection of critical national systems.

    Andrew Regenscheid - Project Lead for Applied Cryptography within the Computer Security Division at the National Institute of Standards and Technology (NIST).

    Dr. Yuriy Bulygin - CEO and founder of Eclypsium. Previously he led the Advanced Threat Research team at Intel, and created CHIPSEC, the open-source firmware security framework.
  • Detecting & Defeating Persistent Attacks Recorded: Apr 16 2020 65 mins
    Ron Talwalkar, Vice President Product and Jesse Michael, Principal Researcher
    System firmware and dozens of other components that contain millions of lines of firmware are vulnerable to attacks that have capabilities which persist and survive operating system reinstalls and even hard drive replacements. These attacks can go unnoticed by traditional security and can provide access to high-value targets allowing the highest of privilege. Moreover, cleaning a system’s firmware means re-flashing it, an operation not quickly done nor guaranteed. In this webinar, Eclypsium's VP of Product, Ron Talwalkar and Principal Researcher, Jesse Michael, will discuss persistent attacks, what are the vulnerabilities and techniques that lead to these attacks and how the Eclypsium solution can help defend against these types of threats.
  • Enterprise Best Practices for Firmware Updates Recorded: Apr 7 2020 63 mins
    John Loucaides, VP of Research and Development and Steve Mancini, CISO, Eclypsium
    Enterprises typically spend significant resources managing, patching and updating their software. The same processes and thoroughness are often not in place for the firmware that underpins the fundamental behavior of system hardware. Many times the device firmware is never updated or only updated in light of a threat. While most CISOs and security teams would like to improve their firmware security hygiene, there are a variety of real-world challenges to keeping firmware updated. In this webinar, Eclypsium experts John Loucaides, VP of Research and Development, and Steve Mancini, CISO, discuss the findings of a new report on Enterprise Best Practices for Firmware Updates.


    This Q&A style webinar explores the following topics:

    - The current state of firmware and firmware updates.
    - How the industry is evolving to meet the need for consistent firmware
    update management.
    - The barriers to establishing firmware update management.
    - Recommended steps that security leaders can use to begin building a
    safe and reliable process for managing firmware updates.
  • Anatomy of a Firmware Attack Recorded: Mar 3 2020 49 mins
    Ron Talwalkar and John Loucaides
    Explore the techniques of successful firmware attacks as they apply to stages of a kill chain in this Eclypsium webinar designed to help you assess and defend enterprise devices from firmware and hardware threats.
  • Perilous Peripherals - The Hidden Dangers Inside Windows and Linux Computers Recorded: Feb 21 2020 61 mins
    Jesse Michael, Principal Researcher, Eclypsium and Rick Altherr, Principal Engineer, Eclypsium
    Eclypsium researchers Jesse Michael and Rick Altherr will describe new research showing how unsigned firmware in WiFi adapters, USB hubs, trackpads, laptop cameras and network interface cards provides pathways for malicious attackers to compromise laptops and servers.
  • How Direct Memory Access Attacks Bypass Hardware Protections Recorded: Feb 5 2020 55 mins
    Jesse Michael and Mickey Shaktov, Principal Researchers, Eclypsium
    New research from Eclypsium shows that high-speed DMA attacks can bypass built-in hardware protections on enterprise devices. Jesse Michael and Mickey Shkatov recently demonstrated that, even in the presence of protections such as UEFI Secure Boot, Intel Boot Guard, HP Sure Start, and Microsoft Virtualization-Based Security, laptops from Dell & HP were susceptible to pre-boot DMA attacks. In this webinar, they describe their research, and discuss the ramifications for enterprise security.
  • Screwed Drivers - New Vulnerabilities Found in Windows Drivers Recorded: Nov 14 2019 60 mins
    Jesse Michael and Mickey Shaktov, Principal Researchers, Eclypsium
    Drivers that provide access to system BIOS or system components for the purposes of updating firmware, running diagnostics, or customizing options on the component can allow attackers to turn the very tools used to manage a system into powerful threats that can escalate privileges and persist invisibly on the host. There are multiple examples of attacks in the wild that take advantage of this class of vulnerable drivers, such as the Slingshot APT or LoJax malware campaigns.

    Research conducted by Eclypsium found that the problem of insecure drivers is widespread, affecting more than 40 drivers from at least 20 different vendors* – including every major BIOS vendor, as well as hardware vendors like ASUS, Toshiba, NVIDIA, and Huawei. However, the widespread nature of these vulnerabilities highlights a more fundamental issue – all the vulnerable drivers we discovered have been certified by Microsoft.

    In this webinar, Eclypsium researchers Jesse Michael and Mickey Shaktov will teach you how these drivers work, show you the unbelievable risk they pose, and discuss methods that security professionals can use to protect their organizations from device driver vulnerabilities.

    This webinar will reveal new information on additional drivers impacted by this design flaw, which were undisclosed when Eclypsium's earlier research into Screwed Drivers was presented at DEF CON.
Enterprise Firmware Security
Eclypsium is the industry’s leading enterprise firmware protection platform - providing a new layer of security to protect your IT infrastructure from firmware attacks. Eclypsium defends enterprises and government agencies from vulnerabilities and threats hidden within firmware that are invisible to most organizations today.

Embed in website or blog

Successfully added emails: 0
Remove all
  • Title: Enterprise Best Practices for Firmware Updates
  • Live at: Apr 7 2020 5:00 pm
  • Presented by: John Loucaides, VP of Research and Development and Steve Mancini, CISO, Eclypsium
  • From:
Your email has been sent.
or close