Hi [[ session.user.profile.firstName ]]

Threats Below The Surface in High-Risk Devices

As cybersecurity improves, attackers are seeking new methods to subvert traditional security controls - going below the surface to penetrate vulnerable firmware and hardware components inside today’s servers, laptops and networking equipment. Most organizations lack visibility into this attack surface. They can’t easily see which hardware and firmware components are in their fleet or determine which devices are vulnerable to known threats — much less detect a hidden implant or backdoor. These blind spots allow attackers to subvert traditional security controls and persist undetected, leaving organizations exposed to device tampering, ransomware, and data breaches.

In this presentation, you’ll learn

- What’s at risk under the hood in your devices
- How the threat landscape is changing
- How TrickBot malware locates UEFI vulnerabilities
- Why attackers are targeting firmware
- The importance of addressing supply chain risk
- How to protect devices at scale
Recorded Apr 14 2021 24 mins
Your place is confirmed,
we'll send you email reminders
Presented by
John Loucaides, VP Federal Technology, Eclypsium
Presentation preview: Threats Below The Surface in High-Risk Devices

Network with like-minded attendees

  • [[ session.user.profile.displayName ]]
    Add a photo
    • [[ session.user.profile.displayName ]]
    • [[ session.user.profile.jobTitle ]]
    • [[ session.user.profile.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(session.user.profile) ]]
  • [[ card.displayName ]]
    • [[ card.displayName ]]
    • [[ card.jobTitle ]]
    • [[ card.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(card) ]]
  • Channel
  • Channel profile
  • New Research from Eclypsium Jun 30 2021 7:00 pm UTC 45 mins
    John Loucaides, VP Federal Technology, Eclypsium
    In this webinar, Eclypsium will share information on multiple new vulnerabilities that our research team has identified in enterprise devices. We will discuss the significant risks this poses to the integrity of these devices, and what steps can be taken to mitigate this threat. Details of the research are presently embargoed and will not be made public until shortly before this webinar.
  • A New Approach to Protecting Network and Unmanaged Devices Jun 15 2021 6:00 pm UTC 60 mins
    Ed Amoroso, CEO & Founder, TAGCyber, and Scott Scheferman, Principal Cyber Strategist, Eclypsium
    Enterprise IT and security teams today must navigate the risk of a constantly evolving landscape of networking equipment, connected devices, and personal-use employee devices in remote work environments. Many of these devices simply can’t be managed using traditional security tools, with recent studies estimating that up to 90% of enterprise devices can’t support a traditional security agent.

    This unmanaged attack surface is actively under attack. VPNs and networking infrastructure have been some of the most popular targets, as adversaries use them to gain access to organizations and spread ransomware and other malware. CISA has repeatedly issued alerts concerning a wide range of state-based actors targeting enterprise network infrastructure, including a recent joint advisory warning of active scanning and exploitation of leading vendors such as Cisco, Citrix, F5, Fortigate, Pulse Secure, and others.

    What’s a security team to do? Maybe it’s time for a new approach to protecting network appliances and other ‘unmanaged” appliances. In this webinar you’ll learn:

    - Why VPNs and networking infrastructure are targeted for attack
    -Who is behind these attacks and what they hope to gain
    -What kinds of vulnerabilities - such as unpatched firmware - attackers are seeking
    -How certain types of critical devices are targeted by ransomware actors in a way that leverages the concept of supply chain dynamics.
    -Why traditional security tools may leave you blind to this threat
    -How you can get ahead of attackers with a new distributed approach to network device discovery and analysis that provides agentless visibility into all corners of an enterprise



    Speakers:
    Ed Amoroso, Founder and CEO of TAG Cyber, former CISO of AT&T
    Scott Scheferman, Principal Cyber Strategist, Eclypsium
  • What Auditors Need to Know When Evaluating Firmware Compliance Recorded: May 26 2021 51 mins
    John Loucaides, VP of Federal Technology
    Recent updates to NIST 800-53 and other compliance standards emphasize that controls must extend down to firmware and hardware. To keep pace with widespread attacks and new standards, organizations must incorporate firmware security into risk management and compliance processes and address blind spots that have given attackers a new foothold. But what does this mean, and what should you be looking for?

    In a follow-on to his popular ISACA presentation, Eclypsium’s John Loucaides will delve deeper into the questions auditors should ask, and the tools that are available to implement controls and verify due diligence within an organization.

    Eclypsium’s VP of Federal Technology, John Loucaides will discuss:

    - What is firmware, and why is it important?
    - Why firmware and hardware security is being called out in compliance frameworks
    - What questions to ask when conducting your audit
    - Evidence of compliance that can be produced
    - How Eclypsium is helping businesses collect this evidence
  • Q2 Threat Briefing - New Developments in Device Security Recorded: Apr 29 2021 49 mins
    Yuriy Bulygin, CEO of Eclypsium & Scott Scheferman Principal Cyber Strategist
    A recent Microsoft study says 83% of all businesses have experienced a firmware attack in the past two years. The NIST National Vulnerability Database has shown more than a five-fold increase in firmware vulnerabilities in the last four years. How real is the threat to enterprise devices in Q2? Are organizations taking the right approaches to address it?

    In this quarterly device security threat briefing, Yuriy Bulygin, CEO of Eclypsium, and Scott Scheferman, Principal Cyber Strategist discuss the latest news in firmware and hardware security - from the Microsoft report to the most recent attacks in the wild - and what security leaders can do to defend their organizations.

    We’ll ask:


    - How real is the threat of firmware attacks?
    - What do recent attacks tell us about who is at risk?
    - What devices and vulnerabilities are attackers targeting now?
    - Are APTs and ransomware attackers converging?
    - What kinds of attacks can we expect going forward?
    - Why is it so difficult to get visibility into this attack surface?
    - What measures are enterprises taking to protect themselves?
    - How can we close the gap on device security?
  • Threats Below The Surface in High-Risk Devices Recorded: Apr 14 2021 24 mins
    John Loucaides, VP Federal Technology, Eclypsium
    As cybersecurity improves, attackers are seeking new methods to subvert traditional security controls - going below the surface to penetrate vulnerable firmware and hardware components inside today’s servers, laptops and networking equipment. Most organizations lack visibility into this attack surface. They can’t easily see which hardware and firmware components are in their fleet or determine which devices are vulnerable to known threats — much less detect a hidden implant or backdoor. These blind spots allow attackers to subvert traditional security controls and persist undetected, leaving organizations exposed to device tampering, ransomware, and data breaches.

    In this presentation, you’ll learn

    - What’s at risk under the hood in your devices
    - How the threat landscape is changing
    - How TrickBot malware locates UEFI vulnerabilities
    - Why attackers are targeting firmware
    - The importance of addressing supply chain risk
    - How to protect devices at scale
  • APT & Criminal Attackers Converge Below the Surface Recorded: Mar 30 2021 56 mins
    Scott Scheferman - Principal Cyber Strategist, Eclyspium
    Both criminal and Advanced Persistent Threat actors have been leveraging each other’s techniques, tactics, and procedures (TTP’s) for quite some time. Yet, as we look upon the 2021 threat landscape, there are two alarming trends that are rapidly unfolding, and for which organizations are not yet prepared: 1) the convergence of nation-state and criminal focus on the advantages of targeting firmware, and 2) the impacts and advantages to attackers associated with supply chain campaigns. 2020 saw both the alarming discovery of TrickBoot (criminal ransomware group’s UEFI-targeting module) as well as the SUNBURST and Accellion supply chain campaigns that continue to unfold. Now that those TTP’s have been burned, and those actors need to adapt, what do we need to anticipate and prepare for, ahead of this firmware convergence in the threat landscape? Finally, we’ll lean in to anticipate what comes next, if 2020’s activity has been an indicator of what is to come.
  • Threats Below The Surface in High-Risk Devices Recorded: Mar 30 2021 24 mins
    John Loucaides, VP Federal Technology, Eclypsium
    As cybersecurity improves, attackers are seeking new methods to subvert traditional security controls - going below the surface to penetrate vulnerable firmware and hardware components inside today’s servers, laptops and networking equipment. Most organizations lack visibility into this attack surface. They can’t easily see which hardware and firmware components are in their fleet or determine which devices are vulnerable to known threats — much less detect a hidden implant or backdoor. These blind spots allow attackers to subvert traditional security controls and persist undetected, leaving organizations exposed to device tampering, ransomware, and data breaches.

    In this presentation, you’ll learn

    - What’s at risk under the hood in your devices
    - How the threat landscape is changing
    - How TrickBot malware locates UEFI vulnerabilities
    - Why attackers are targeting firmware
    - The importance of addressing supply chain risk
    - How to protect devices at scale
  • Improve Device Security Using The CMMC Framework Recorded: Mar 23 2021 54 mins
    John Loucaides, VP R&D, Eclypsium
    Build device security into your overall cybersecurity plan with simple steps that help you progress from basic cyber hygiene to preventing advanced persistent threats using the Cybersecurity Maturity Model Certification (CMMC) framework as a guideline. John Loucaides, VP of R&D at Eclypsium, will share insights on how attackers compromise device integrity and how you can defeat them by designing device security into your cybersecurity practices. Whether you are part of the defense industry, the broader federal government or a commercial entity, you’ll benefit from this approach to securing critical devices.

    This webinar will cover:

    - Real-World Attacks Against Device Integrity
    - How Attackers Compromise Device Integrity
    - Designing Device Security Into Your Security Practices
    - NIST, FISMA & CMMC Cybersecurity Requirements for Device Security
    - Device Security and the Cybersecurity Maturity Model Certification (CMMC)
  • Put Zero Trust in Your Devices Recorded: Mar 17 2021 61 mins
    Steve Mancini, CISO and Ryan Clarke, Principal Security Scientist, Eclypsium
    The recent shift to a remote work environment has created new challenges for many businesses and government institutions with profound impacts on organizational security models. Suddenly, many users are no longer protected by the many layers of security found on-premise in the corporate network. Instead, security policies must evolve to support a new reality where users are remote by default and massive amounts of untrusted, inbound connections are the norm. Incorporating security concepts like Zero Trust can be a critical part of securing these remote work environments, which often include a mix of corporate laptops, BYOD devices, and home networking gear. If the integrity of these devices isn’t assured, then it is impossible to assure the safety of the operating systems and other software running on them. Yet for many organizations, device integrity remains a blindspot where Zero Trust principles are not yet applied, and as a result, security is assumed instead of verified.

    In this webinar, Steve Mancini, CISO of Eclypsium, and Ryan Clarke, Principal Security Scientist at Eclypsium will discuss:

    Device Integrity and Zero Trust
    Identifying Device Level Vulnerabilities
    Looking for Signs of Compromise
    Secure Access for Remote Workers
    Device Best Practices for Zero Trust
  • Top Five Threats to Firmware Security Recorded: Mar 9 2021 61 mins
    Yuriy Bulygin, CEO Eclypsium and John Loucaides, VP R&D Eclypsium
    As firmware-level threats continue to gain popularity in the wild, security teams need to understand how these threats work and the real-world risks they pose to an organization’s security. In this live briefing, Eclypsium will update you on the latest threats to firmware and hardware that need to be on your radar for 2021. You’ll learn:

    - The most common types of firmware attacks used in the wild today.
    - What malware, ransomware, and APT campaigns are targeting devices ranging from traditional laptops and servers to networking gear and VPN appliances.
    - How firmware attacks enable adversaries to gain control of enterprise devices, subvert security controls, and persist invisibly, undetected by traditional security solutions.
    - How to detect and defend against firmware threats in the supply chain, in operational use, and as part of incident response.
  • Safeguarding Device Integrity in the Supply Chain and Beyond Recorded: Mar 3 2021 61 mins
    Andrew Regenscheid (NIST), John Loucaides (Eclypsium)
    While most organizations are accustomed to dealing with external threats such as malware, the technology supply chain itself has rapidly emerged as an important source of risk. Proliferating vulnerabilities at the firmware and hardware level have opened the door for nation-state and ransomware attackers to gain control over laptops, servers, and network devices. Vulnerabilities or compromises in the supply chain can affect devices long before they are delivered and unboxed by the eventual owner, as well as during the update process.

    In this live webinar, our expert panel will discuss:

    - How the complex technology supply chain creates concentrations of risk
    - Recent supply chain threats and their implications for enterprise risk management
    - What a supply chain disaster scenario might look like
    - What organizations can do today to begin verifying device integrity in the supply chain and throughout the lifecycle of their devices
    - What’s coming down the road as part of the NIST project for “Validating the Integrity of Computing Devices.”

    Panelists:
    John Loucaides - Vice President of Research and Development at Eclypsium
    Andrew Regenscheid - Project Lead for Applied Cryptography within the Computer Security Division at the National Institute of Standards and Technology (NIST).
  • Assessing Enterprise Firmware Security Risk - 2021 Recorded: Feb 18 2021 61 mins
    Steve Mancini, Malcolm Harkins, Ed Amoroso
    2020 saw a dramatic increase in firmware level threats, including widespread attacks against VPN devices, newly discovered UEFI implants, and a new TrickBot module scanning for firmware vulnerabilities. And, while analysis of the SolarWinds Orion supply chain SUNBURST campaign is ongoing, multiple threat actors, including those currently suspected in this campaign by public sources, have demonstrated the ability to introduce firmware-based persistence that evades majority endpoint protection or detection as well as traditional host-forensic detection. In this environment, how should CISOs assess their firmware security risk in 2021?

    Our panel of experts discusses how to evaluate and improve your firmware security posture.

    Speakers:
    Steve Mancini, CISO, Eclypsium
    Malcolm Harkins, Chief Security & Trust Officer at Cymatic, and formerly CISO at Intel
    Ed Amoroso, Founder & CEO TAG Cyber, and formerly CISO at AT&T
  • Safeguarding Device Integrity in the Supply Chain and Beyond Recorded: Feb 16 2021 62 mins
    Andrew Regenscheid (NIST), John Loucaides (Eclypsium)
    While most organizations are accustomed to dealing with external threats such as malware, the technology supply chain itself has rapidly emerged as an important source of risk. Proliferating vulnerabilities at the firmware and hardware level have opened the door for nation-state and ransomware attackers to gain control over laptops, servers, and network devices. Vulnerabilities or compromises in the supply chain can affect devices long before they are delivered and unboxed by the eventual owner, as well as during the update process.

    In this live webinar, our expert panel will discuss:

    - How the complex technology supply chain creates concentrations of risk
    - Recent supply chain threats and their implications for enterprise risk management
    - What a supply chain disaster scenario might look like
    - What organizations can do today to begin verifying device integrity in the supply chain and throughout the lifecycle of their devices
    - What’s coming down the road as part of the NIST project for “Validating the Integrity of Computing Devices.”

    Panelists:
    John Loucaides - Vice President of Research and Development at Eclypsium
    Andrew Regenscheid - Project Lead for Applied Cryptography within the Computer Security Division at the National Institute of Standards and Technology (NIST).
  • Top Five Threats to Firmware Security Recorded: Feb 3 2021 61 mins
    Eclypsium
    As firmware-level threats continue to gain popularity in the wild, security teams need to understand how these threats work and the real-world risks they pose to an organization’s security. In this live briefing, Eclypsium will update you on the latest threats to firmware and hardware that need to be on your radar for 2021. You’ll learn:

    - The most common types of firmware attacks used in the wild today.
    - What malware, ransomware, and APT campaigns are targeting devices ranging from traditional laptops and servers to networking gear and VPN appliances.
    - How firmware attacks enable adversaries to gain control of enterprise devices, subvert security controls, and persist invisibly, undetected by traditional security solutions.
    - How to detect and defend against firmware threats in the supply chain, in operational use, and as part of incident response.
  • Assessing Enterprise Firmware Security Risk - 2021 Recorded: Jan 20 2021 62 mins
    Steve Mancini, Malcolm Harkins, Ed Amoroso
    2020 saw a dramatic increase in firmware level threats, including widespread attacks against VPN devices, newly discovered UEFI implants, and a new TrickBot module scanning for firmware vulnerabilities. And, while analysis of the SolarWinds Orion supply chain SUNBURST campaign is ongoing, multiple threat actors, including those currently suspected in this campaign by public sources, have demonstrated the ability to introduce firmware-based persistence that evades majority endpoint protection or detection as well as traditional host-forensic detection. In this environment, how should CISOs assess their firmware security risk in 2021?

    Our panel of experts discusses how to evaluate and improve your firmware security posture.

    Speakers:
    Steve Mancini, CISO, Eclypsium
    Malcolm Harkins, Chief Security & Trust Officer at Cymatic, and formerly CISO at Intel
    Ed Amoroso, Founder & CEO TAG Cyber, and formerly CISO at AT&T
  • What’s Really Down Under - Threats to Devices Below The Operating System Recorded: Dec 17 2020 55 mins
    Scott Scheferman - Principal Cyber Strategist, Eclypsium
    Lying below the traditional operating system (Windows, Linux, Mac) is an entire "world down under" ripe for attacking. The firmware and hardware attack surface is diverse and wrought with vulnerabilities that are increasingly being exploited to great effect. Attackers have learned to fly under the radar, dip down underneath the traditional security stack, and persist indefinitely, all while enjoying the omnipotence and flexibility that firmware-level attacks provide.

    In this webinar, Scott Scheferman, Principal Cyber Strategist at Eclypsium, will share insights from recent attacks that challenge how we think about device security. You’ll learn:

    - Why APTs and criminal gangs are increasingly targeting firmware and hardware
    - Examples of firmware level vulnerabilities being used in the wild
    - How gaps in visibility - from supply chain to continuous operational risk management - undermine our defenses, and what we are doing about it
    - Why proactive risk management needs to incorporate hardware and firmware security
    -How defenders can meet the challenge down under

    Hackers have moved down for a reason. Now, defenders must too.
  • What's Under The Hood In Your Devices Recorded: Dec 15 2020 75 mins
    Maggie Jauregi, Intel, Jesse Michael & Scott Scheferman, Eclypsium
    How well do you know what's inside your computer? Today's laptops and servers are powered by dozens of components with their own complex programming that runs independently of the operating system. Attackers increasingly target vulnerabilities in firmware and hardware, and most organizations lack visibility into this attack surface. In this webinar we'll explore what manufacturers are doing to improve platform security, what kinds of vulnerabilities attackers are targeting, and what IT and security professionals need to do to protect their devices.
  • Trickbot’s NewTrickboot Module Targets Your Firmware Recorded: Dec 9 2020 76 mins
    Vitali Kremez, CEO of Advanced Intelligence, Jesse Michael, Principal Researcher at Eclypsium, Scott Scheferman, Principal Cy
    Collaborative research between Advanced Intelligence (AdvIntel) and Eclypsium has discovered that TrickBot malware now has functionality designed to inspect and potentially target the UEFI/BIOS firmware of targeted systems. This new functionality, dubbed “TrickBoot,” makes use of open-source tools to check devices for a vulnerability that can allow Trickbot operators to read, write, or erase the UEFI/BIOS firmware of a device. This new capability targets all Intel-based systems produced in recent years and is one line of code away from bricking any device it finds to be vulnerable.

    In this webinar, Vitali Kremez, one of the world’s leading authorities on TrickBot and the cybercriminal threat landscape, joins industry thought leader Scott Scheferman and esteemed Principal Researcher Jesse Michael to provide key insights, implications, and mitigations for one of the biggest discoveries of 2020: Trickboot. You’ll learn:

    - How Trickbot’s new TrickBoot module works and why it’s so dangerous
    - Which systems are vulnerable and how to assess your risk
    - What the risk implications are for missions, enterprises, and critical infrastructure
    - What steps you need to take to get ahead of this development and keep Trickbot from bricking your devices or planting persistence at the firmware level.
  • Protecting Your Organization From MosaicRegressor and Other UEFI Implants Recorded: Dec 3 2020 69 mins
    Yuriy Bulygin, CEO of Eclypsium & Scott Scheferman Principal Cyber Strategist
    The recent discovery of MosaicRegressor spyware is the latest in an ongoing trend of UEFI implants observed in the wild. These threats are particularly powerful because their malicious code runs before and supersedes the operating system, while also allowing the threat to persist within firmware even after a system is reimaged. The implant code itself is universal and easy to build and the UEFI file system format is largely unmodified by individual OEMs. This creates a relatively low barrier to entry for attackers making it likely we will see this type of capability show up in other campaigns.


    In this webinar, you’ll learn:
    - How MosaicRegressor and other UEFI attacks work
    - Why these attacks are so dangerous and difficult to detect
    - Why this discovery is significant, and what it portends for future threats
    - How Eclypsium is able to detect these threats even before they are public
    - What strategies you can use to protect and defend your devices from UEFI attacks.
  • Managing the Hole in Secure Boot - Security Briefing Recorded: Oct 27 2020 75 mins
    Yuriy Bulygin, CEO Eclypsium and John Loucaides, VP R&D Eclypsium
    Eclypsium researchers have discovered an arbitrary code execution vulnerability - dubbed BootHole - in the GRUB2 bootloader that can bypass UEFI and OS Secure Boot, impacting other OS defenses. The vulnerability has been rated as High Severity (CVSS 8.2) and is being tracked as CVE-2020-10713. Attackers exploiting this vulnerability can install persistent and stealthy bootkits or malicious bootloaders that could give them near-total control over the victim device. The majority of laptops, desktops, servers and workstations are affected, as well as network appliances and other special purpose equipment used in industrial, healthcare, financial and other industries.


    In this webinar Yuriy Bulygin, CEO and John Loucaides, VP of Research and Development at Eclypsium, will provide a briefing on the key issues enterprise IT and security leaders need to know in order to effectively mitigate this issue.
Enterprise Firmware Security
Eclypsium is the industry’s leading enterprise firmware protection platform - providing a new layer of security to protect your IT infrastructure from firmware attacks. Eclypsium defends enterprises and government agencies from vulnerabilities and threats hidden within firmware that are invisible to most organizations today.

Embed in website or blog

Successfully added emails: 0
Remove all
  • Title: Threats Below The Surface in High-Risk Devices
  • Live at: Apr 14 2021 4:00 pm
  • Presented by: John Loucaides, VP Federal Technology, Eclypsium
  • From:
Your email has been sent.
or close