Preview Text — More Preview Text

Greetings - 

As I recover from a very successful trip for the Singapore International Cyber Week and GovWare where I spoke about building trust in the digital supply chain, I’m reflecting on the heightened level of awareness about third-party risk both in that region and in the global conversation. The need for rapid interconnectivity can make vendors a ‘black box’ for teams looking to identify third-party hardware, software and firmware risks. A typical PC is built from 65 direct suppliers in 39 countries with 200+ subordinate suppliers and 300+ factories. The problem grows exponentially larger when you consider other parts of your IT infrastructure - servers running critical workloads, network equipment, external cloud services, smart IOT devices, and software. New guidelines and regulations emerged recognizing the need for more resilient, transparent and trustworthy infrastructure and the supply chain, such as the new Govern category in the NIST CSF 2.0, CISA’s Call to Action for improved UEFI security, NSA’s Device pillar of DOD Zero Trust, and specific policies such as SI-7 requiring that IT firmware be verified for integrity and monitored for unauthorized changes. 

The threat landscape is also rapidly evolving. In recent months, we’ve seen UNC4841 attacks on Barracuda ESG, FIN8 conducting a large-scale exploitation of Citrix Netscaler, as well as Akira ransomware and BlackTech malware groups exploiting Cisco gear. The recent update to our platform was focused on protecting network infrastructure from these attacks.

There’s a growing need for better intelligence and tools such as our award-winning supply chain security platform to manage security risks to organizations and nations emerging from complex supply chains of external hardware and software products used in IT, ICT and OT infrastructure. 

As always, I love to hear ideas from this community on supply chain security, zero trust, and device integrity or any other relevant topics - you can find me on LinkedIn.

- Yuriy, CEO and Co-Founder, Eclypsium 

• Chinese Gov Hackers Caught Hiding in Cisco Router Firmware
• Cisco Finds Second Zero-Day as Number of Hacked Devices Apparently Drops
• Rampant Abuse of Zero-Day and One-Day Vulnerabilities Leads to 143% Increase in Victims of Ransomware
• Congressional U.S.- China Commissioner Warns of Global Tech Supply Chain Risk

• Eclypsium Named Winner of Coveted Top InfoSec Innovator Award for 2023 and a Black Unicorn Award Finalist
• Eclypsium’s Supply Chain Security Platform Adds New Capabilities to Protect Network Infrastructure From Compromise
• Eclypsium Collaborates with Lenovo on Digital Supply Chain Assurance

Version 3.2 of the Eclypsium supply chain security platform is here! Some of the highlights include:

• Improved Password Policy Management
• Threat detection for F5 Big-IP, Citrix Netscaler, and more
• Dell Automatic Firmware Updates via Redfish
• New Detections: CVE-2021-22986, AMD's Inception and Zenbleed

• White Paper: Firmware and Frameworks: MITRE ATT&CK
• White Paper: Network Infrastructure on the Front Line
• White Paper: The Threat Landscape for Healthcare Organizations
• OnDemand Webinar: Spooky Experiments: Building Your Own Security Research Lab
• OnDemand Webinar: Getting the Gist of CJIS: Understanding the New Requirements
• Event: Intel Public Sector Summit - November 14, 2023

Demo the Eclypsium Supply Chain Security Platform

The Eclypsium SaaS platform builds trust in every device by identifying, verifying and fortifying software, firmware and hardware through enterprise infrastructure.