Securing IT assets demands continuous effort from both technology vendors and purchasing organizations. Vendors must deliver secure offerings with timely updates and defenses against known threats, and it’s up to end-users to apply those patches and configure security features correctly.
However, this model often breaks down when we look below the OS and into the supply chain of system components. The industry has witnessed a surge in low-level UEFI implants and attacks targeting code within network gear, security appliances, and server BMCs. These and countless other techniques play a key role across the attack lifecycle (PDF) from initial access through taking complete, persistent control of virtually any class of asset. Naturally, OS vendors, hardware vendors, and OEMs have added new platform-level security features to resist these threats. And while initiatives such as Microsoft’s Secured-core PCs and Apple’s Secure Enclave are important, these efforts do not remove the need for independent, cross-platform security tools.
The post 7 Reasons Why Vendor Platform Security Is Not Enough appeared first on Eclypsium | Supply Chain Security for the Modern Enterprise.
*** This is a Security Bloggers Network syndicated blog from Eclypsium | Supply Chain Security for the Modern Enterprise authored by Chris Garland. Read the original post at: https://eclypsium.com/solution-briefs/7-reasons-why-vendor-platform-security-is-not-enough/