• slide
  • slide
  • slide


Eclypsium protects DoD and federal agencies and contractors from the foundation of your computing infrastructure upward, controlling the risks and stopping threats to the firmware and hardware inside every laptop, server and networking device. Attackers know that traditional security tools lack visibility into firmware and are increasingly using implants and backdoors to bypass security controls, persist invisibly and disrupt government IT infrastructure. Eclypsium closes this gap by finding and mitigating the weaknesses and threats in firmware that traditional security misses.

FISMA standards identify firmware as a critical part of a security program, but many federal organizations lack the tools and experience to assess and measure compliance. Eclypsium equips you with the tools you need to assess your firmware security vulnerabilities and risks, take action and demonstrate your compliance with FISMA requirements down to the firmware and hardware level. Carahsoft and Eclypsium have teamed together to provide a new level of security to protect government IT infrastructure from firmware and hardware attacks.

Product Features

Eclypsium - The Industry's Leading Firmware Protection Platform

The Eclypsium Platform provides the most complete solution for protecting government IT infrastructure from firmware threats. Our software platform provides full command and control visibility into the firmware running on all the key components of your laptops, servers and network devices, wherever they are deployed. At a glance, you’ll see if there are implants or backdoors in your firmware, identify vulnerabilities and threats, and be able to assess which devices are out of date and in need of patching. You’ll get expert guidance on the severity of vulnerabilities, and links to the latest firmware updates, so that you can mitigate threats and protect your assets. And you’ll gain the tools you need to demonstrate compliance with NIST and FISMA controls at the firmware and hardware level.

  • Reduce hidden firmware risk
  • Find threats you've been missing
  • Break the cycle of re-infection
  • Proactively verify your supply chain
  • Save time & effort
  • Demonstrate FISMA compliance

Eclypsium Product Features:

  • The Industry's Largest Global Firmware Reputation Database

    The Eclypsium Platform uses static and behavioral analysis, as well as comparing firmware against our database of millions of firmware hashes across dozens of enterprise hardware vendors to identify changes to baselines, find outdated firmware and expose tampering.

  • Firmware Risk & Vulnerability Scanning

    Schedule regular scans or perform ad-hoc scans of devices for firmware vulnerabilities, outdated versions, hardware misconfigurations, and missing protections. Based on scan results take actions such as applying updates or quarantining devices.

  • Firmware Threat Detection

    Detect and alert on threats such as hardware implants, backdoors and rootkits. Leverage IOCs, static, behavioral, and heuristic analysis to find known or unknown threats or changes to firmware integrity.

  • Comprehensive Firmware Monitoring

    Maintain a complete view of your entire environment or focus on a specific group of devices, with insight into firmware and components so that you know your security posture at all times.

  • Firmware Incident Response & Forensics

    Detailed analysis & reporting of any firmware image enables digital forensics to gather evidence to investigate the context of any attack as well as identifying and limiting the exposure of a breach, as part of a complete incident response playbook.

  • Firmware Patch Management

    Eclypsium accelerates patching and update efforts, enabling staff to address weaknesses and save time. When threats are encountered, the platform can prevent damage, and robust APIs enable automated orchestration efforts such as quarantine of affected devices.



GSA Schedule 70

Dec 20, 2011- Dec 19, 2021


Mar 03, 2015- Aug 10, 2020
*Additional Option Years Available


Massachusetts Higher Education Consortium (MHEC)

Aug 10, 2019- Jun 30, 2022


Archived Events



The BootHole vulnerability in the GRUB2 bootloader opens up Windows and Linux devices using Secure Boot to attack. The majority of laptops, desktops, servers and workstations are affected, as well as network appliances and other special purpose equipment.

How much trust can you put in your devices? Security concepts like Zero Trust can provide an important framework for securing the remote work environment. Learn more in this Eclypsium white paper.

Build device security into your overall cybersecurity plan with simple steps that help you progress from basic cyber hygiene to preventing advanced persistent threats using the Cybersecurity Maturity Model Certification (CMMC) framework as a guideline.



As firmware-level threats continue to gain traction in the wild, security teams need to quickly get up to speed on how these threats work and how their devices can be targeted and attacked. In this paper we demystify the most common types of firmware threats today and analyze their path into an orga...

FISMA, and the NIST documents supporting it, repeatedly underscore the importance of firmware security as part of a modern security program. Yet, this area remains one of the most overlooked and poorly understood areas of risk within government agencies. This document walks through the requirements ...

Consider a new approach to protecting IT assets in high-risk countries from firmware implants and backdoors.