Name: Protecting Your Organization From MosaicRegressor and Other UEFI Implants
Start: 2020-10-30T16:00:00Z
End: 2020-10-30T16:01:09.000Z
Location: BrightTALK
Rating: 5

Eclypsium is the industry’s leading enterprise firmware protection platform - providing a new layer of security to protect your IT infrastructure from firmware attacks. Eclypsium defends enterprises and government agencies from vulnerabilities and threats hidden within firmware that are invisible to most organizations today.

Enterprises typically spend significant resources managing, patching and updating their software. The same processes and thoroughness are often not in place for the firmware that underpins the fundamental behavior of system hardware. Many times the device firmware is never updated or only updated in light of a threat. While most CISOs and security teams would like to improve their firmware security hygiene, there are a variety of real-world challenges to keeping firmware updated. In this webinar, Eclypsium experts John Loucaides, VP of Research and Development, and Steve Mancini, CISO, discuss the findings of a new report on Enterprise Best Practices for Firmware Updates. 


This Q&A style webinar explores the following topics:

- The current state of firmware and firmware updates.
- How the industry is evolving to meet the need for consistent firmware 
   update management.
- The barriers to establishing firmware update management.
- Recommended steps that security leaders can use to begin building a 
  safe and reliable process for managing firmware updates.

Enterprise Best Practices for Firmware Updates

While most organizations are accustomed to dealing with external threats such as malware, the technology supply chain itself has rapidly emerged as an important source of risk. Proliferating vulnerabilities at the firmware and hardware level have opened the door for nation-state and ransomware attackers to gain control over laptops, servers, and network devices. Vulnerabilities or compromises in the supply chain can affect devices long before they are delivered and unboxed by the eventual owner, as well as during the update process.

In this live webinar, our expert panel will discuss:

- How the complex technology supply chain creates concentrations of risk
- Recent supply chain threats and their implications for enterprise risk management
- What a supply chain disaster scenario might look like
- What organizations can do today to begin verifying device integrity in the supply chain and throughout the lifecycle of their devices
- What’s coming down the road as part of the NIST project for “Validating the Integrity of Computing Devices.”

Panelists: 
John Loucaides - Vice President of Research and Development at Eclypsium
Andrew Regenscheid - Project Lead for Applied Cryptography within the Computer Security Division at the National Institute of Standards and Technology (NIST).

Safeguarding Device Integrity in the Supply Chain and Beyond

Build device security into your overall cybersecurity plan with simple steps that help you progress from basic cyber hygiene to preventing advanced persistent threats using the Cybersecurity Maturity Model Certification (CMMC) framework as a guideline. John Loucaides, VP of R&D at Eclypsium, will share insights on how attackers compromise device integrity and how you can defeat them by designing device security into your cybersecurity practices. Whether you are part of the defense industry, the broader federal government or a commercial entity, you’ll benefit from this approach to securing critical devices. 

This webinar will cover: 

 - Real-World Attacks Against Device Integrity
 - How Attackers Compromise Device Integrity
 - Designing Device Security Into Your Security Practices
 - NIST, FISMA & CMMC Cybersecurity Requirements for Device Security
 - Device Security and the Cybersecurity Maturity Model Certification (CMMC)

Improve Device Security Using The CMMC Framework

Eclypsium researchers have identified multiple vulnerabilities affecting the BIOSConnect feature within Dell Client BIOS. This chain of vulnerabilities has a cumulative CVSS score of 8.3 (High) because it allows a privileged network adversary to impersonate Dell.com and gain arbitrary code execution at the BIOS/UEFI level of the affected device. Such an attack would enable adversaries to control the device’s boot process and subvert the operating system and higher-layer security controls. The issue affects 128 Dell models of consumer and business laptops, desktops, and tablets, including devices protected by Secure Boot and Dell Secured-core PCs. 

In this webinar, we will discuss the significant risks this poses to the integrity of these devices, and what steps can be taken to mitigate this threat.

BIOS Disconnect - New Research from Eclypsium

A few years ago, a casual Google search on the term “zero trust” would have returned hundreds of thousands of hits. Search for the same term today, and you’ll get about 4 billion hits -- that’s “billion” with a “B.” It’s possible that no other cybersecurity approach has matured so fast and received such widespread adoption in such a short time.

But can a Zero Trust security strategy be effective without accounting for the needs of firmware security? What does it even mean to apply Zero Trust principles to something as difficult to assess and secure as firmware? And who owns this initiative, the vulnerability management team? The CIO’s team? 

In this webinar, John Loucaides, Eclypsium VP of R&D, and Michael Thelander, Director of Product Marketing, will discuss the four pillars of Zero Trust security: 

 1. Default deny
 2. Contextual authentication
 3. Granular control
 4. Dynamic response

They will tie each of these pillars to the unique security requirements of firmware across the modern enterprise.

John and Michael will discuss how firmware is under fire by commercially motivated and nation-state attackers today and reveal the gap between modern infosec tools and firmware-based exploits. Then they’ll outline an approach to identify, verify, and fortify the firmware underneath every organization’s current technology stack–sustainably and cost-effectively.

The Mark of Zero: The Role of Firmware in Zero Trust Strategies

The technology supply chain supports virtually every aspect of modern-day organizations: from software and services to servers, switches, laptops, and virtual machines. As a result, any compromise or vulnerability in the supply chain is amplified by hundreds of downstream users and dozens of downstream use cases. Worse, this can bring invisible and potent risks into an organization under the guise of a trusted asset. 

While the firmware layer is often overlooked, it’s increasingly under fire from both financially motivated hackers and determined nation-states. It often represents a single point of failure in devices and is the stealthiest way an attacker can compromise a vast number of devices at scale. A firmware attack in the supply chain ensures that the attacker’s code is the first to run and has the highest privileges from the moment a device turns on. 

Commercial and government organizations alike are left wondering how they can trust vendor tools and checks when the vendor itself (or one of its upstream component providers) may be compromised in the supply chain? Join Eclypsium’s Director of Product Marketing, Michael Thelander, and VP of Federal Technology, John Loucaides, as they discuss:

  - Hardware/firmware/software supply chain complexity
  - Firmware’s critical role in the four key phases of hardware and software lifecycles 
  - Current and recent attacks (interdiction/tampering vs. backdoor)
  - Ongoing SBOM efforts
  - Practical firmware mitigation and hardening defenses for your organization

Firmware Fiascos and the Supply Chain’s Weakest Link

2020 saw a dramatic increase in firmware level threats, including widespread attacks against VPN devices, newly discovered UEFI implants, and a new TrickBot module scanning for firmware vulnerabilities. And, while analysis of the SolarWinds Orion supply chain SUNBURST campaign is ongoing, multiple threat actors, including those currently suspected in this campaign by public sources, have demonstrated the ability to introduce firmware-based persistence that evades majority endpoint protection or detection as well as traditional host-forensic detection. In this environment, how should CISOs assess their firmware security risk in 2021?  

Our panel of experts discusses how to evaluate and improve your firmware security posture.

Speakers:
Steve Mancini, CISO, Eclypsium
Malcolm Harkins, Chief Security & Trust Officer at Cymatic, and formerly CISO at Intel 
Ed Amoroso, Founder & CEO TAG Cyber, and formerly CISO at AT&T

Assessing Enterprise Firmware Security Risk - 2021

As firmware-level threats continue to gain popularity in the wild, security teams need to understand how these threats work and the real-world risks they pose to an organization’s security. In this live briefing, Eclypsium will update you on the latest threats to firmware and hardware that need to be on your radar for 2021. You’ll learn:

- The most common types of firmware attacks used in the wild today. 
- What malware, ransomware, and APT campaigns are targeting devices ranging from traditional laptops and servers to networking gear and VPN appliances.
- How firmware attacks enable adversaries to gain control of enterprise devices, subvert security controls, and persist invisibly, undetected by traditional security solutions. 
- How to detect and defend against firmware threats in the supply chain, in operational use, and as part of incident response.

Top Five Threats to Firmware Security

Recent updates to NIST 800-53 and other compliance standards emphasize that controls must extend down to firmware and hardware. To keep pace with widespread attacks and new standards, organizations must incorporate firmware security into risk management and compliance processes and address blind spots that have given attackers a new foothold. But what does this mean, and what should you be looking for?

In a follow-on to his popular ISACA presentation, Eclypsium’s John Loucaides will delve deeper into the questions auditors should ask, and the tools that are available to implement controls and verify due diligence within an organization. 

Eclypsium’s VP of Federal Technology, John Loucaides will discuss:

 - What is firmware, and why is it important?
 - Why firmware and hardware security is being called out in compliance frameworks
 - What questions to ask when conducting your audit
 - Evidence of compliance that can be produced
 - How Eclypsium is helping businesses collect this evidence

What Auditors Need to Know When Evaluating Firmware Compliance

Digital extortionists have learned how to continue to up the stakes by multiplying their leverage and reducing the time window of negotiation. Join Rick McElroy, Principal Cyber Security Strategist at VMware Carbon Black, and Scott Scheferman, Office of the CTO at Eclypsium as we explore where they are headed, and ask the hard questions about what it will take to get ahead of them. We will discuss:
 
  - What is the future of digital extortion campaigns?
  - What is the nature and magnitude of impacts associated with these?
  - Where and how does firmware and device trust come into play here?
  - How do organizations that have fully migrated to 3rd party cloud infrastructure and SaaS services, proactively mitigate risks in this new future?
  - What can present-day research and attacker campaigns teach us about what is next to come?
  - What is the next ‘North Star’ for us to aspire to? Is it still Zero Trust? 
 
Together, Rick and Scott bring a combined 50 years of industry experience -  the majority of which has been spent on the front lines of military, commercial, education, and federal spaces. They will harness a discussion that aims to “call it like they see it”, discern whether we are on the right path, and ask the hard questions about what it will take for us to get there, collectively, as an industry that might be in dire need of a wake-up call as we head into this great unknown together.
 
One thing is for certain; if we don’t anticipate and prepare for the future, we will surely succumb to its folly.

The Future State of Ransomware is Closer Than We Think

When hospitals are barely able to keep up with basic cyber hygiene, what must they still get ahead of in order to best protect patient safety and the uptime of critical medical devices and related workflows? How can hospitals still move the needle to protect patient life against hyper-evolving cyber threats that threaten more than just privacy and reputation? 

We’ll take a close look at how some of the most active, widespread, and notorious cybercriminal gangs, as well as their nation-state affiliate counterparts, continue to join forces to attack hospitals. We’ll expose newer highly destructive, automated, worming threats that have already evolved from where they left off in 2020’s pandemonium. More importantly, we’ll cover things hospitals of various sizes can actually do to get ahead of these threats by leveraging groundwork already laid, and by asking the harder questions that need to be answered anew in 2021. 

This recorded video was first presented at the H-ISAC Spring Summit in May 2021

Modern Threat Developments Affecting Patient Safety & What To Do About Them

The president’s recent “Executive Order on Improving the Nation’s Cybersecurity” presents new perspectives and directions on preventing increasingly destructive ransomware and cyber attacks. While all ten sections in the executive order provide instructions for federal agencies and CISOs in the commercial sector, one in particular breaks away from traditional best practices and calls for new approaches:  

Section 4, “Enhancing Software Supply Chain Security,” concentrates on strengthening and securing the complex, multi-headed software supply chain and puts a considerable emphasis on defining and detailing “critical software.”  

Firmware is “critical software” in every sense of the term. But in NIST’s follow-up white paper detailing the term “critical software,” firmware was intentionally left for “later.”   

In this session, Eclypsium’s Director of Product Marketing, Michael Thelander, and VP of Federal business, John Loucaides, will discuss:

  - How firmware security is central to both the spirit and the letter of the executive order
  - What it means to “kick the firmware can down the road,” why it’s counter to current attack trends, and what needs to be done when it’s included soon. 
  - What you can do–today–to build a Software Bill of Materials (SBOM) that includes critical and increasingly vulnerable firmware details

We’ll also explain how to break a huge executive order into immediately actionable and valuable chunks that deliver real value.

The Cybersecurity EO, Firmware, and Kicking the Can

Enterprise IT and security teams today must navigate the risk of a constantly evolving landscape of networking equipment, connected devices, and personal-use employee devices in remote work environments. Many of these devices simply can’t be managed using traditional security tools, with recent studies estimating that up to 90% of enterprise devices can’t support a traditional security agent. 

This unmanaged attack surface is actively under attack. VPNs and networking infrastructure have been some of the most popular targets, as adversaries use them to gain access to organizations and spread ransomware and other malware. CISA has repeatedly issued alerts concerning a wide range of state-based actors targeting enterprise network infrastructure, including a recent joint advisory warning of active scanning and exploitation of leading vendors such as Cisco, Citrix, F5, Fortigate, Pulse Secure, and others.
 
What’s a security team to do?  Maybe it’s time for a new approach to protecting network appliances and other ‘unmanaged” appliances.  In this webinar you’ll learn:

- Why VPNs and networking infrastructure are targeted for attack
-Who is behind these attacks and what they hope to gain
-What kinds of vulnerabilities - such as unpatched firmware - attackers are seeking
-How certain types of critical devices are targeted by ransomware actors in a way that leverages the concept of supply chain dynamics.
-Why traditional security tools may leave you blind to this threat
-How you can get ahead of attackers with a new distributed approach to network device discovery and analysis that provides agentless visibility into all corners of an enterprise



Speakers:
Ed Amoroso, Founder and CEO of TAG Cyber, former CISO of AT&T
Scott Scheferman, Principal Cyber Strategist, Eclypsium

A New Approach to Protecting Network and Unmanaged Devices

A recent Microsoft study says 83% of all businesses have experienced a firmware attack in the past two years. The NIST National Vulnerability Database has shown more than a five-fold increase in firmware vulnerabilities in the last four years.  How real is the threat to enterprise devices in Q2? Are organizations taking the right approaches to address it? 

In this quarterly device security threat briefing, Yuriy Bulygin, CEO of Eclypsium, and Scott Scheferman, Principal Cyber Strategist discuss the latest news in firmware and hardware security  - from the Microsoft report to the most recent attacks in the wild - and what security leaders can do to defend their organizations. 

We’ll ask: 


- How real is the threat of firmware attacks? 
- What do recent attacks tell us about who is at risk?
- What devices and vulnerabilities are attackers targeting now? 
- Are APTs and ransomware attackers converging? 
- What kinds of attacks can we expect going forward? 
- Why is it so difficult to get visibility into this attack surface? 
- What measures are enterprises taking to protect themselves? 
- How can we close the gap on device security?

Q2 Threat Briefing - New Developments in Device Security

The recent discovery of MosaicRegressor spyware is the latest in an ongoing trend of UEFI implants observed in the wild. These threats are particularly powerful because their malicious code runs before and supersedes the operating system, while also allowing the threat to persist within firmware even after a system is reimaged. The implant code itself is universal and easy to build and the UEFI file system format is largely unmodified by individual OEMs. This creates a relatively low barrier to entry for attackers making it likely we will see this type of capability show up in other campaigns.


In this webinar, you’ll learn:
- How MosaicRegressor and other UEFI attacks work 
- Why these attacks are so dangerous and difficult to detect
- Why this discovery is significant, and what it portends for future threats
- How Eclypsium is able to detect these threats even before they are public
- What strategies you can use to protect and defend your devices from UEFI attacks.

Protecting Your Organization From MosaicRegressor and Other UEFI Implants

UEFI

Firmware

Implants

Attack Vectors

MosaicRegressor

Threat Detection

Threat Hunting

Threat Analysis

Security Awareness

Breach Prevention

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

IT Security

Increasing expectations for good governance, effective risk management and complex demands for corporate compliance are presenting a growing challenge for organizations of all sizes. Join industry thought leaders as they provide you with practical advice on how to implement successful risk and compliance management strategies across your organization. Browse risk management resources in the form of interactive webinars and videos and ask questions of expert GRC professionals.

IT Governance, Risk and Compliance

The data center management community focuses on the holistic management and optimization of the data center. From technologies such as virtualization and cloud computing to data center design, colocation, energy efficiency and monitoring, the BrightTALK data center management community provides the most up-to-date and engaging content from industry experts to better your infrastructure and operations. Engage with a community of your peers and industry experts by asking questions, rating presentations and participating in polls during webinars, all while you gain insight that will help you transform your infrastructure into a next generation data center.

Data Center Management

Network infrastructure professionals understand that a reliable and secure infrastructure is crucial to enabling business execution. Join the network infrastructure community to interact with thousands of IT professionals. Browse hundreds of on-demand and live webinars and videos to learn about the latest trends in network computing, SDN, WAN optimization and more.

Network Infrastructure

Get powerful end user computing insights from influential EUC experts. Connect with thought leaders and colleagues to get the most up-to-date knowledge on effective approaches to get non-programmers to create working applications.

End User Computing

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

Protecting Your Organization From MosaicRegressor and Other UEFI Implants

Presented by

About this talk

More from this channel