Cybersecurity experts commented on this week’s new report from Microsoft on global enterprise firmware attacks, New Security Signals study shows firmware attacks on the rise; here’s how Microsoft is working to help eliminate this entire class of threats.
Information Security Buzz (aka ISBuzz News) is an independent resource that provides the experts comments, analysis and opinion on the latest Information Security news and topics
<p>This report does not surprise me at all. End-user devices, whether managed or not, are the new IT perimeter, and with the paradigm shift to work from anywhere, both IT and security teams need to consider the added threat landscape, both at the software and firmware level of these devices. This is why implementing a Zero Trust Security model is crucial now and into the future. It’s not enough to just validate the end-users\’ credentials, you must evaluate the trust status of the devices as well, before granting access to critical resources. Coupling it with anomaly detection across device endpoints and continuing to expand the detection capability will help strengthen the protection required for this new frontier.</p>
<p>Firmware vendors and OEMs should not only rely on external protection mechanisms implemented at the OS level to stop exploitations, but improve their firmware and device security by design. This should be done by continuously analyzing the firmware security posture during the SDLC process and, even more importantly, in its production state before distribution because this is the state in which attackers see it when they search for vulnerabilities. Firmware analysis tools enable both vendors and asset owners to detect security issues early in the process, thus simplifying and lowering their remediation cost.</p>