Support • (786) 621-8600 Contact us

Recent Posts

  • Home

The Problem with Firmware

Guest BlogJosé González, CEO-Trapezoid, Inc.


Would you secure your windows and doors but leave the basement door wide open?

Well, that’s what organizations are doing with firmware.

Simply put, firmware is the unmonitored and unprotected layer at the bottom of the computer code stack. While existing security tools have a done great job focusing on application and operating system levels, firmware has been overlooked.  Exacerbating the problem: Firmware has the most permissions of any code on your system, which increases the impact of an attack. Firmware is everywhere; from the largest data center to the smallest networked LED light bulb. It is the most powerful code on any system because it controls how other code on a device interacts with its hardware (keyboard, screen, storage, network). Compromised firmware can corrupt or steal data, spy on your environment or even destroy the system it is controlling.

How firmware gets compromised

Compromised firmware takes two forms: bad actors installing malware posing as legitimate firmware on systems, or manufacturers discovering vulnerabilities in their firmware and publishing updates. Compromised firmware can shut down your operations by taking out your critical infrastructure. Unmonitored firmware exposes enterprises to an unacceptable level of risk for devastating financial harm to businesses and life-threatening consequences for consumers. You don’t have to look far for examples of firmware attacks and breaches – they’re in the news daily. From devastating attacks on global routers and national powergrids, to vulnerabilities in medical devices, government and business networks, home computers and devices, smartphones and handheld devices…virtually anything that is part of the “Internet of things”. Because this is a very real risk, all the major cybersecurity and compliance frameworks include controls dictating best practices around firmware patch management, and many include controls for continuous monitoring of firmware integrity. Why do so many organizations leave firmware out of their cybersecurity program?


Some do not know these controls exist and apply directly to them.  Others mistakenly believe their existing security tools (e.g. AV or file integrity monitoring) already address firmware integrity and related controls.  Still others understand the risk, but  lack commercially available tools to effectively monitor firmware. The reality is that regardless of your industry sector, if your aim is to follow cybersecurity and compliance best practices, then you do need a continuous firmware integrity monitoring solution. While traditional security tools do not address this space, Trapezoid’s Firmware Integrity Verification Engine (“T-5”) is expressly designed to help you protect the integrity of your firmware.

The next generation of firmware protection is here

T-5 closes the “basement door” while providing you visibility into an area previously uninspected. It continuously monitors and alerts on changes in firmware integrity, quickly identifies systems that need patching – and provides threat updates for you to stay on top of newly discovered vulnerabilities. T-5 acts like a firmware DVR to forensically prove to auditors the state of the integrity of your infrastructure from the time T-5 begins monitoring.  Because it integrates with existing security tools, T-5 brings visibility of the firmware space, which those tools currently cannot see. Moreover, T-5 meets cyber security compliance controls such as HIPAA, HITRUST, NIST CSF, FISMA/FedRAMP, PCI-DSS, ISO/IEC 20001 and the FFIEC Cybersecurity Assessment Tool. One thing is clear, the proliferation of the connected devices is not slowing down, and neither are hackers. T-5 is the advanced level of firmware integrity protection you need for all your assets that support your operations, systems, information, finances, revenue streams and people.

For more information on firmware risks and Trapezoid5, visit

RSA 2017 – Feb 13-17th – San Francisco

rsa-2017 Will You be at RSA this year?  RSA 2017 {{date_event:2017-02-13}} is coming up and is poised to be one of the most important security events you’ll attend this year. Take advantage of this opportunity to learn about new approaches to info security, discover the latest technology and interact with top security leaders and pioneers. Hands-on sessions, keynotes and informal gatherings allow you to tap into a smart, forward-thinking global community that will inspire and empower you. For more info and to register:    

DigitalEra and FIU to Host “SecureMiami”


{{date_event:2016-12-10}}Florida International University and DigitalEra are bringing together top cybersecurity experts and panelists to speak on major topics affecting the local InfoSec community in South Florida at SecureMiami at Graham Center on the campus of FIU.

Speaker Lineup

Attendees will hear from four global Cybersecurity experts plus a distinguished local CIO panel on emerging cybersecurity threats and strategies. Keynote speaker will be Jack Daniel: Chief Strategist at Tenable, Frank Jas: Chief Architet at Cyphort, Thomas Pace: Principal Consultant at Cylance and Mike Sholl: Sr. Systems Engineer at Symantec.


An impressive group of sponsors will be on hand for product and solution discussions, including representatives from innovative firmware protection creator Trapezoid, Cylance’s revolutionary artificial intelligence protection for the endpoint, security industry leaders Symantec/Bluecoat and network security leaders at Tenable. Also sponsoring are McAfee, Cyphort, Ixia,  Forescount, SecureControls, Tanium, Ingram and ISSA.

After SecureMiami: BrewMiami

After Secure Miami, attendees will join DigitalEra at their VIP lounge beneath the FIU Stadium with complimentary VIP tickets to Brew Miami, a unique local craft beer festival with gourmet food pairings and tastings. Close to 20 local brewers and 20 local restaurants/food trucks will be present for the event, and attendees will enjoy unlimited beer samples (while supplies last), plus free food tastings from some of Miami’s hottest restaurants.

Registration Information:

To register to attend: visit