1-786-621-8580 | Resources | News

  • Control the firmware with Trapezoid and

    Control the firmware with Trapezoid and

    CLOSE THE BASEMENT DOOR

    Trapezoid® Firmware Integrity Verification Engine (FIVE) is the first integrity monitoring solution designed to detect and alert on attacks and malware affecting BIOS and firmware.

    See How

Compromised Firmware can lie,
spy, steal and destroy.

>>BREAKING NEWS: ISACA Study: Most businesses vulnerable to cyber attacks through firmware >>ArsTechnica; Routers in at least 4 countries infected by highly stealthy back door >>SecurityAffairs; SSH backdoor discovered in Fortinet FortiOS firewalls >>CNN; newly discovered hack has U.S. fearing foreign infiltration >>InformationWeek; DarkReading: 5 Tips for Protecting Firmware From Attacks >>Hacker writes a "backdoor firmware" to gain entry into network >>Hacker exploits zero-day vulnerability in embedded network device to update firmware >>Attackers use Internet-of-things devices to remotely commandeer and shut down websites >>Smart devices used to leak unencrypted data, amplified existing attacks on security researcher >>DHS offers unsolicited 'help in securing Internet Of Things >>"Bucketload of vulnerabilities" found in LTE router firmware include backdoor accounts >>Multiple vulnerabilities discovered in Dlink DWR-932B router include backdoor >>Hackers targeted voter registration systems in 20 states >>Krebs warns of source code leaked from massive IoT botnet attack >>Department of Homeland Security issues national vulnerability alert on some Huawei devices >>Insulin Pump is Hackable: Manufacturer warns customers >>Hackable Speed Cameras Highlight Risk Of Rush Toward IoT-Enabled 'Smart' Cities >>Attackers used CCTV cameras, digital video recorders, home routers for botnets to create attacks >>Yahoo email scanning done with a Linux kernel module >>NSA could put undetectable “trapdoors” in millions of crypto keys >>Say Cheese: a snapshot of the massive DDoS attacks coming from IoT cameras >>CCTV equipment manufacturer products contain 14 security bugs affecting their firmware >>The Internet of Things: A "Brewing Data Security Storm" >>Android Devices Containing Foxconn Firmware May Have Secret Backdoor >>DHS Warns of Mirai Botnet Threat To Cellular Modems >>"Pork Explosion": Low level firmware results in vulnerable backdoor of phones >>NYT: Why Light Bulbs May Be The Next Hacker Target

FIRMWARE EXPOSED

Existing tools largely overlook firmware.

Firmware is consistently unmonitored and unprotected.

Firmware has the most permissions of any code on your system.

Firmware’s level of privilege increases the potential of an attack.

One entrance into your organization is failure.

Once an attacker gains entrance, an event can occur any time without you knowing.

Firmware is the Forgotten Software.

Firmware is everywhere…

Firmware is operational technology.

Any software used to control hardware is classified as firmware.

Hardware types and usage dictate their unique catastrophic risks:

  • Bound to Life firmware: Heart rate monitors, cars, and planes.
  • Bound to Privacy firmware: Cameras, baby monitors, and computers.
  • Bound to Disasters firmware: Power grids, cities, and big events.

Periodic updates to firmware for adding features or fixing bugs make it even
more vulnerable to attack.

Firmware is a foundational building block of any operational system
including the device-driven Internet of Things.

Firmware hacks will pull at your heart strings...and your wallet.

Gain control with trapezoid® five

Detect

1) Our patented Trapezoid® Marker technology creates a unique “watermark” for each monitored device that cryptographically ties a virtual machine (VM) to any hardware on which it is has ever run throughout its entire lifecycle, and combines applicable policy with expected machine state to detect critical changes in a system’s integrity.

2) Trapezoid FIVE combines user defined policy attributes and changes in firmware to detect fraudulent firmware modifications.

Analyze

Trapezoid’s Firmware Integrity Verification Engine proactively identifies when organizations are running old or vulnerable firmware and helps define policy for when it must be updated. The portal allows users to dig deeper and visualize the organization from a firmware perspective.

The forensic database with our data science tools will analyze machine data and apply predictive and machine learning algorithms.

Remediate

Trapezoid integrates with leading security policy management and reporting tools allowing you to incorporate firmware integrity monitoring into your existing security and compliance framework to address unauthorized changes in firmware.

No need to buy more or change what you have; take action when questionable behavior occurs.

trapezoid is the only comprehensive solution

for detecting compromised firmware

  • Trapezoid® FIVE
  • is specifically designed
  • to detect unauthorized
  • changes to firmware
  • across the entire
  • IT infrastructure.

Patented trapezoid® marker machine id remotely
attests to identity & integrity of monitored hardware

UNIQUE
CRYPTOGRAPHIC
for hardware

FORENSIC
MAPPING OF
virtual machines

WORKLOAD
DEFINITION AND
databoundaries

OEM PLATAFORM
WATERMARK FOR
supply chain verification

meet federal agency and commercial compliance

Continuous Firmware Integrity Verification an emerging critical and urgent element of cyber safety compliance.

GOVERNMENT

GOVERNMENT

FISMA/FedRAMP:

Baseline security controls
for FISMA & FedRAMP
compliance.

ENTERPRISE

ENTERPRISE

NIST CSF:

Avoid findings of
negligence by failing
to implement cyber
security best practices.

HEALTHCARE

HEALTHCARE

HIPAA:

Required protection –
reasonably anticipated
threats & evolving
threat assessments.

FINANCIAL

FINANCIAL

PC DSS:

Identify and evaluate
evolving malware
threats & malicious
software trends.

TELECOM

TELECOM

NSTAC:

Protection by computer
-based policy, enforced
by hardware based
‘roots of trust’.

trapezoid is a security game-changer
for organizations globally

Firmware Integrity

Trapezoid FIVE enables any industry or government agency to:

  • Proactively identify, analyze, and help remediate firmware breaches/unauthorized changes.
  • Identify devices throughout the organization that may not be monitored and enable that continuous supervision.

Trapezoid FIVE contains:

  • Contextual Indexing to quickly respond to audit and compliance requests.
  • Use Trapezoid FIVE with the client or directly via open API access.

Virtual Machine Tracking

Our Marker Technology uniquely identifies / watermarks the hardware and ties it to a virtual machine, which:

  • Helps service providers prove multi-tenancy and enterprises ensure that resources for different business units don’t overlap.
  • Minimizes the attack surface by proving that an infected VM was only located on certain physical servers.
  • Cryptographically tracks where every virtual machine has lived down to the hardware from the time it was created to the time it’s destroyed.

Easily deployed. Immediate benefits.

Trapezoid Leadership

trapezoid management team

The Trapezoid leadership team is comprised of seasoned security and legal professionals from Terremark (now a Verizon company) with extensive experience in incident response, data center security, security operations, cloud security, risk management and compliance. The team’s expertise informs Trapezoid's unique approach to enable the secure and compliant use of private and hybrid cloud services by IT organizations in all market sectors. Trapezoid’s board of directors and advisors is made up of respected technology and security leaders.

Investors

CoVant was formed by Joseph Kampf and other former senior executives of Anteon International Corporation to provide capital and operational expertise to technology solutions companies. This team grew Anteon from a $100 million company when acquired in 1996 to a $1.7 billion company when sold in 2006 to General Dynamics.

Work-Bench Ventures is a $10M fund which co-invests in early go-to-market enterprise startups alongside institutional leads. With deep IT backgrounds at leading Wall Street banks, they are at the front and center of the shifting technology landscape and evaluate hundreds of startups a year, onboarding many of them.

DigitalEra is dedicated to providing world-class Security and Compliance and Business Applications Solutions to businesses, the public sector and service providers.