SecurityBrief Australia - Technology news for CISOs & cybersecurity decision-makers
Story image

Eclypsium pioneers solution to measure risk in digital supply chain security

Reacting to growing concerns about supply chain security in the digital world, Eclypsium, a provider of digital supply chain security solutions, has announced the launch of the industry's first solution designed to measure the risk of IT infrastructure.

The initiative comes in the form of the Eclypsium Guide to Supply Chain Security. The Guide will provide risk assessment insights covering laptops, desktops, servers, network equipment, IoT devices, and software.

The provision of the Guide seeks to address concerns that Eclypsium CEO and Co-founder, Yuriy Bulygin, identifies as board-level.

He states, “Digital supply chain security is a board-level concern for many organisations, and there is an urgent need to provide a central repository for organisations to assess IT product risk.”

Uniquely positioned to generate such innovation, "Eclypsium is able to provide this supply chain intelligence because we have the deepest and broadest library of third-party hardware, firmware, and software component risk data," added Bulygin.

A reflection of the effected shift in professional priorities towards digital safety procedures is illustrated by research conducted by Gartner. They project that by 2025, 60% of supply chain risk management leaders plan to incorporate cybersecurity risk as a significant factor in conducting third-party transactions and business engagements. The Eclypsium Guide is set to satisfy this demand for more quantifiable data during supply chain risk assessments.

“Supply chain threats exploit the intricate network of trust inherent in the technology ecosystem we rely on today," says Ramy Houssaini, a senior Digital Trust executive and chair of The Cyber Poverty Line Institute.

He emphasised the necessity of a platform like the Guide by adding, “It is crucial for us to have a full stack view of the vulnerabilities inherent in this complex ecosystem and to take proactive measures by utilising technology that can provide risk intelligence on IT infrastructure.”

Ransomeware groups and threat actors have already created notable incidents affecting IT infrastructure in 2023. For example, groups including ALPHV, BlackCat, FIN8, and LockBit targeted vulnerabilities in network infrastructure devices and virtualisation infrastructure.

Threat actors such as BlackLotus, Volt Typhoon, and BlackTech attacked the firmware supply chain of PCs, servers, and network equipment. Major infrastructure vendors, including TSMC, MSI, and Western Digital, were also breached, revealing sensitive product information that could be exploited by attackers for supply chain attacks.

Besides revealing weaknesses in the enterprise infrastructure supply chain, these attacks also emphasise the value of the Eclypsium Guide. It is constructed to empower IT, security, and procurement teams to keep tabs on such potential supply chain risks and incidents and allows them to check if the products that they use or plan to purchase have been impacted.

At its launch, this Guide will include verified information about products and components of hardware and software vendors, such as Dell, HP, Lenovo, HPE, Cisco, Intel, AMD, NVIDIA, and others. The Guide will be available as a standalone SaaS offering integrated with the Eclypsium Supply Chain Security Platform.

Follow us on: