Securing Digital Supply Chains? Start with Firmware

Securing digital supply chains is of paramount importance to enterprises and government agencies: executive orders demand this security, boards are asking for it, and markets are reacting to it. But with today’s large, comlex, multinational, multi-threaded supply chains, where do we start? 

Securing the firmware in these supply chains – the embedded code that comes with nearly every device, chip, component or “thing” – turns out to be the best place to focus. In this SANS Ask the Expert webinar, experts from Eclypsium will demonstrate how firmware is the “DNA” of digital supply chains, instructing every component how to act, when to act, and where to go for further instructions. They’ll also show how the number of firmware components has increased in recent years to the point where security and infrastructure teams have millions of lines of code in their environments that remain unmonitored and often unaccounted for. And because this embedded firmware lies below the radar of vulnerability management and endpoint security solutions, they’ll give examples of how adversaries have pivoted sharply to take advantage of this invisible attack surface.

Finally, they’ll share new tools and practices that help security and infrastructure teams identify, verify and fortify the firmware embedded through their environments, and in so doing raise the stability and security of the entire supply chain.