Eclypsium White Papers

Firmware and Frameworks: MITRE ATT&CK

Ariella Robison — Wed, 18 Oct 2023 14:30:00 +0000

Learn how firmware security fits into this widely used framework that tracks and maps adversary actions. Find out which tactics and techniques are leveraging firmware vulnerabilities and known exploits.

The post Firmware and Frameworks: MITRE ATT&CK appeared first on Eclypsium | Supply Chain Security for the Modern Enterprise.

Network Infrastructure on the Front Line

Chris Garland — Wed, 11 Oct 2023 18:42:35 +0000

Threat actors continually develop new strategies and techniques in order to maximize the impact of their attacks while avoiding cybersecurity defenses. Over the past several years, attackers have found a new class of targets that fits the bill on both fronts—enterprise network infrastructure devices.

The Threat Landscape for Healthcare Organizations

Chris Garland — Fri, 22 Sep 2023 20:08:37 +0000

The threat landscape for healthcare organizations has shifted tremendously since the outset of COVID-19. The means, opportunities, and motives for threat actors targeting the sector have all changed in nature and increased in intensity. While the theft of private data andransomware continues to wreak havoc, there has also been a shift towards disruptive or destructive attacks, namely those that are leveraging vulnerabilities in the technology supply chain. One in four of those vulnerabilities known to be exploited by CISA, are device firmware vulnerabilities, and actors like the Conti/Trickbot group have doubled down on developing TTPs (Tools, Tactics and Procedures) that specifically target vulnerabilities in IT supply chain that allow them to evade traditional defenses found in medical environments.

Ransomware and the Supply Chain

Chris Garland — Thu, 07 Sep 2023 17:43:09 +0000

This white paper discusses the increasing threat of ransomware attacks on the technology supply chain and provides insights on how organizations can protect themselves from these attacks. The supply chain is now a focal point for ransomware attacks because it serves as both a lucrative target and a means to compromise downstream enterprise customers. The paper also provides recommendations for organizations to strengthen their defenses at the supply chain level. It emphasizes the need for specialized tools, expertise, and continuous monitoring to mitigate risks effectively.

Using Eclypsium to Protect Your Data and Align with NIST 800-171

Chris Garland — Tue, 01 Aug 2023 17:23:34 +0000

In the sometimes dizzying world of NIST publications, SP 800-171 plays an increasingly important role in
modern information security. At a high level, there are two things that make 800-171 stand out from other
NIST standards.

The post Using Eclypsium to Protect Your Data and Align with NIST 800-171 appeared first on Eclypsium | Supply Chain Security for the Modern Enterprise.

The Ultimate Guide to Supply Chain Security

Chris Garland — Thu, 25 May 2023 17:47:03 +0000

Eclypsium is tackling arguably the most fundamental challenge in IT and security today – how to make it easy for any organization to independently audit the security of their supply chains and verify the integrity of the products and services that they rely on. While this may sound straightforward on its face, this is a challenge unlike anything the industry has faced before, and one that requires a very unique set of solutions.

Learn More >

The post The Ultimate Guide to Supply Chain Security appeared first on Eclypsium | Supply Chain Security for the Modern Enterprise.

A NIST Blueprint for Securing Digital Supply Chains

Ariella Robison — Thu, 12 Jan 2023 08:00:00 +0000

NIST 800-161 is the foundational guidance for securing all digital supply chains. In this Eclypsium white paper we show how securing device-level “core code” fits into that framework and delivers more secure devices and more resilient supply chains.

The post A NIST Blueprint for Securing Digital Supply Chains appeared first on Eclypsium | Supply Chain Security for the Modern Enterprise.

Need Secure Supply Chains? Start with Their DNA

Ariella Robison — Mon, 14 Nov 2022 08:00:00 +0000

The fastest and most effective path to securing device supply chains – the number one target of both nation states and criminal gangs – is by securing their embedded code.

The post Need Secure Supply Chains? Start with Their DNA appeared first on Eclypsium | Supply Chain Security for the Modern Enterprise.

Firmware, Supply Chain, and Frameworks: NIST SP 800-53

Ariella Robison — Wed, 20 Jul 2022 07:28:00 +0000

Learn the critical roles that supply chain and firmware security play in NIST’s authoritative catalog of security controls.

The post Firmware, Supply Chain, and Frameworks: NIST SP 800-53 appeared first on Eclypsium | Supply Chain Security for the Modern Enterprise.

Applying Zero Trust in the Supply Chain to Prevent DMA Attacks

Ariella Robison — Mon, 07 Mar 2022 19:31:00 +0000

Learn about role of firmware in preventing DMA attacks and achieving a Zero Trust posture.

The post Applying Zero Trust in the Supply Chain to Prevent DMA Attacks appeared first on Eclypsium | Supply Chain Security for the Modern Enterprise.

Making the Case for Firmware in the Context of Zero Trust Security - An Overview of the Eclypsium Platform

Ariella Robison — Thu, 13 Jan 2022 07:37:00 +0000

Understand how firmware security is a critical part of the Zero Trust strategies you’re building to protect your enterprise endpoints, in this research paper from TAG Cyber.

The post Making the Case for Firmware in the Context of Zero Trust Security - An Overview of the Eclypsium Platform appeared first on Eclypsium | Supply Chain Security for the Modern Enterprise.

Firmware: Ransomware’s #1 Enabler

Ariella Robison — Fri, 19 Nov 2021 08:17:00 +0000

Two intersecting trends — the recent firmware explosion and rampant ransomware — have caused havoc and made security teams question their previous strategies. This paper shows how we got here and what informations security teams can do about it.

The post Firmware: Ransomware’s #1 Enabler appeared first on Eclypsium | Supply Chain Security for the Modern Enterprise.