Spry Squared

Detection of Malicious Code & Malware In Firmware (MALFIRM) 

Our country’s critical infrastructure is under attack from adversaries. Critical infrastructure assets, systems, and networks, whether physical or virtual, are considered so vital to the country that their incapacitation or destruction would have a debilitating effect on security, national economic security, national public health, or safety or any combination thereof. 

The weaponisation of firmware is real, and this is the next level of cyberattacks against IT, IoT and OT devices, placing all technology at risk including Defence technologies, critical infrastructure and overall technology supply chain. Modern security tools focus on security at the network, application and/or operation system layers, leaving your device firmware vulnerable, unmonitored, and unprotected. 

Current tools search for compromised devices that are beaconing out to detect attacks. However, what if the affected device is not beaconing out? It may be lying in wait for a certain trigger to activate the malicious code in the firmware. 

Spry Squared, with their strategic partner Eclypsium, delivers a firmware tool which provides organisations with deeper visibility into their firmware security posture. 

• Malicious Firmware Detection Tool for IT, IoT and OT Devices
• Cybersecurity as a Service
• Vulnerability Management as a Service
• Managed Security Services Provider
• Network Support Services
• Managed IT Services
• Compliance (NIST, CMMC, Essential 8, DISP)
• CMMC Readiness Review and Remediation
• Recruiting (Contract, Permanent, Security Cleared)
• Project/Program Management
• vCIO/vCISO 

 The Detection of Malicious Code & Malware In Firmware (MALFIRM) Tool can monitor, alert and detect compromise in: 

• Traditional IT devices – Desktops, Servers and Network equipment
• Internet of Things (IoT) devices – Cameras, TV’s, etc.
• Operational technology (OT) devices
• Industrial Control Systems (ICS)/SCADA devices
• Building Control Systems (BCS) devices – BACNet, etc.
• 5G Systems/Devices
• Defence Technologies – Missiles, Drones, UAT, Submarines, Ships, Aircraft, Satellites, etc. 

 This Detection of Malicious Code & Malware In Firmware (MALFIRM) Tool provides cybersecurity teams: 

• Cyber analytics for firmware
• Vulnerability and Remediate Asset Manager (VRAM)
• Cyber Situational Awareness (CSA) for firmware
• Readiness Analytics and Visualization Environment (RAVEN)
• Counter Insider Threat Capability (CITC) for firmware
• Vulnerabilities Per Asset (VPA) reporting
• A Common Vulnerability Scoring System (CVSS)
• Damage potential and risk assessment
• Mapping of devices to identify coordinated attacks
• A comprehensive supply chain risk management process
• Defensive cyberspace operations/internal defensive measures
• A firmware monitoring and compromise detection tool for the cybersecurity Fly Away Kit (FAK)
• Alerts on critical firmware events
• Alerts sent to any SIEM product
• Comprehensive reporting
• A list of end-of-life devices unable to update firmware 

• Spry Squared is headquartered in Adelaide, our primary location for support of Department of Defence technologies in Australia
• Outside of Australia, Spry Squared is a global company providing support to Defence technologies in the United States and key locations around the world 

• BAE Systems
• Leidos
• World Wide Technologies
• Riverbed Technology, Inc
• City and County of Denver and Denver Airport
• United States Air Force • United States Navy
• United States Army
• United States Space Force
• United States Marine Corps
• United States Internal Revenue Service
• United States Department of Veterans Affairs
• United States Department of Justice
• United States Customs and Border Protection
• FBI