Eclypsium, the supply chain security company protecting critical hardware, firmware, and software announced its collaboration with Lenovo to support ThinkShield, the global technology company’s portfolio of cybersecurity solutions. The new offering, ThinkShield Firmware Defense, provides customers with scalable zero trust for every device, continuous monitoring, vulnerability and risk management, and digital supply chain assurance.
Read More About Cioinfluence Interview: CIO Influence Interview with Michael Berthold, CEO at KNIME
“Attacks on IT infrastructure have risen sharply over the past several years and are now one of the leading categories of exploited vulnerabilities, with nearly half of all ransomware infections exploiting vulnerabilities in common software and devices”
Powered by Eclypsium, ThinkShield Firmware Defense is a single platform that aims to address key aspects of firmware and device-level supply chain risks. Unlike vulnerability management and endpoint detection and response (EDR) tools that focus primarily on the user application software layer “above the OS” installed on the device, this solution provides comprehensive vulnerability and patch management, integrity monitoring, and threat detection capabilities for the device itself with the firmware and software “below the OS.”
“Attacks on IT infrastructure have risen sharply over the past several years and are now one of the leading categories of exploited vulnerabilities, with nearly half of all ransomware infections exploiting vulnerabilities in common software and devices,” said Eclypsium CEO and founder, Yuriy Bulygin. “ThinkShield Firmware Defense powered by Eclypsium evaluates critical endpoint devices and identifies those with weaknesses with the potential to be exploited in the wild. The solution includes the ability to update vulnerable device firmware so that even as new threats emerge, the attack surface remains protected. Essentially, ThinkShield Firmware Defense identifies, verifies, and fortifies all endpoint devices in an organization, significantly reducing the risk of attack, minimizing downtime, and helping to better secure an organization’s device supply chain.”
Latest Cioinfluence Interview: CIO Influence Interview with Joe Ramieri, VP of North America at Instabase
The global digital supply chain is increasingly complex, consisting of multiple underlying suppliers, sub-suppliers, and intermediaries, and each is a potential point of compromise. Nearly 88% of organizations have been the victim of a firmware-level cyber attack in the past two years, and 25% of known exploited vulnerabilities cataloged by the U.S. Cybersecurity & Infrastructure Security Agency are in pre-installed software & firmware.
ThinkShield Firmware Defense powered by Eclypsium helps secure and protect the third-party infrastructure code on which an organization depends. It helps address risk to organizations by extending threat detection to the firmware layer, enabling enterprises to identify firmware vulnerabilities in their devices, including servers, laptops, and workstations. The solution provides continuous monitoring and reporting of firmware threats, as well as proactive tools to protect against potential attacks, without requiring manual effort or specialized security skills from IT teams.
“It is very difficult for enterprises to defend against or manage what they cannot see. Firmware data resides in multiple systems and formats, making the capture and synchronization of meaningful component information difficult and costly. The rise of the remote workforce has compounded the problem, with asset accountability similarly expensive and hard to manage,” said Nima Baiati, Lenovo’s Executive Director and General Manager, Commercial Cybersecurity Solutions. “ThinkShield Firmware Defense provides a detailed inventory of device traits. It can scan for out-of-date firmware, vulnerabilities, and device misconfigurations, implement device sorting by risk level and searching by specific vulnerabilities. The software can also detect changes to the device baseline, unknown binaries, and known threats, such as rootkits and anomalous behavior. We’re excited to collaborate with Eclypsium to provide these capabilities.”
ThinkShield Firmware Defense gives IT teams a custom-fitted solution to help protect and manage the entire fleet — even remotely — and the use cases are numerous. The solution provides employers the ability to directly ship new devices to remote workers, validating that their firmware is uncompromised in the supply chain. It also offers additional security by monitoring the integrity of end-user devices that are deployed remotely, sending automated alerts for any changes in device integrity and finding weaknesses in posture that could put the device at risk.
ThinkShield Firmware Defense also provides ransomware and advanced threat protection, allowing organizations to proactively detect the presence of firmware-focused ransomware and malware, integrating directly into enterprise processes and tools for risk management and security operations to automate these efforts. Cloud-based remote updates and patching of outdated or vulnerable firmware helps keep devices in a secure state. Eclypsium can deploy updates directly or integrate with existing processes and tools to make patching more efficient for large organizations.
Browse The Complete Interview About Cioinfluence: CIO Influence Interview with Filip Verloy, Field CTO for the EMEA Region at Noname Security
[To share your insights with us, please write to sghosh@martechseries.com]