Firmware Fiascos and the Supply Chain’s Weakest Link

Presented by

John Loucaides, VP of Federal Technology and Michael Thelander, Director of Product Marketing

About this talk

The technology supply chain supports virtually every aspect of modern-day organizations: from software and services to servers, switches, laptops, and virtual machines. As a result, any compromise or vulnerability in the supply chain is amplified by hundreds of downstream users and dozens of downstream use cases. Worse, this can bring invisible and potent risks into an organization under the guise of a trusted asset. While the firmware layer is often overlooked, it’s increasingly under fire from both financially motivated hackers and determined nation-states. It often represents a single point of failure in devices and is the stealthiest way an attacker can compromise a vast number of devices at scale. A firmware attack in the supply chain ensures that the attacker’s code is the first to run and has the highest privileges from the moment a device turns on. Commercial and government organizations alike are left wondering how they can trust vendor tools and checks when the vendor itself (or one of its upstream component providers) may be compromised in the supply chain? Join Eclypsium’s Director of Product Marketing, Michael Thelander, and VP of Federal Technology, John Loucaides, as they discuss: - Hardware/firmware/software supply chain complexity - Firmware’s critical role in the four key phases of hardware and software lifecycles - Current and recent attacks (interdiction/tampering vs. backdoor) - Ongoing SBOM efforts - Practical firmware mitigation and hardening defenses for your organization
Related topics:

More from this channel

Upcoming talks (0)
On-demand talks (49)
Subscribers (3262)
Eclypsium is the industry’s leading enterprise firmware protection platform - providing a new layer of security to protect your IT infrastructure from firmware attacks. Eclypsium defends enterprises and government agencies from vulnerabilities and threats hidden within firmware that are invisible to most organizations today.