2020 saw a dramatic increase in firmware level threats, including widespread attacks against VPN devices, newly discovered UEFI implants, and a new TrickBot module scanning for firmware vulnerabilities. And, while analysis of the SolarWinds Orion supply chain SUNBURST campaign is ongoing, multiple threat actors, including those currently suspected in this campaign by public sources, have demonstrated the ability to introduce firmware-based persistence that evades majority endpoint protection or detection as well as traditional host-forensic detection. In this environment, how should CISOs assess their firmware security risk in 2021?
Our panel of experts discusses how to evaluate and improve your firmware security posture.
Steve Mancini, CISO, Eclypsium
Malcolm Harkins, Chief Security & Trust Officer at Cymatic, and formerly CISO at Intel
Ed Amoroso, Founder & CEO TAG Cyber, and formerly CISO at AT&T