As endpoint security and other layers of the security stack strengthen, attackers are shifting focus to an often-overlooked vulnerability: the hardware and firmware layers that traditional security tools don’t protect.
At RSAC 2026 Conference, Brian Dunphy, VP of Products at Eclypsium gave us some insights into the world of supply chain security. We talked about how enterprises face a growing threat from attacks targeting network infrastructure, server firmware, and hardware components. Notably, there has been an 8x increase in attacks against network edge devices over the past year. As a result, the strategy of blindly trusting hardware vendors is no longer sufficient.
Eclypsium focuses on helping organizations monitor and protect the hardware foundation of their enterprise. That is the physical infrastructure that everything else runs on. This includes network devices, servers, GPUs, and IoT equipment that often lack the security controls standard on endpoints.
The hardware security gap
Modern enterprises deploy multiple security layers for their operating systems and applications: endpoint detection and response (EDR), antivirus, and zero trust network access (ZTNA). However, these tools protect only the software layer. The underlying hardware, such as laptops, servers, and network infrastructure, remains largely unmonitored. Even though laptop manufacturers have started to pay attention to this too, there is still room for improvement. For instance, HP has been relatively active in things like BIOS security, but also includes dedicated security chips into its devices. More recently, it added a specific layer of protection to the TPM chip, called TPM Guard.
“The real question is, what about the hardware? What’s actually protecting that hardware?” Dunphy asks. Only to come to the conclusion that “there’s not much.” While some laptop manufacturers implement hardware hardening (as we noted above), most of the times enterprises have no way to verify that these protections are working correctly or that firmware remains unmodified from the vendor’s original version, according to Dunphy.
Network infrastructure represents a particularly vulnerable attack surface. Edge routers, switches, and firewalls sit directly on the internet with public IP addresses, making them highly exploitable targets. Organizations typically rely on patching and sending logs to a SIEM (Security Information and Event Management) system. However, those logs often go unanalyzed.
Supply chain security and component visibility
Data center providers increasingly face requests for a detailed hardware bill of materials (HBOM) from customers concerned about sovereignty and component origins. In response, organizations want to know exactly where each chip and piece of hardware comes from in their infrastructure stack.
Rather than relying on vendor-provided documentation, Eclypsium can verify the actual hardware bill of materials and create a firmware bill of materials (FBOM) to show not just what was theoretically shipped. Instead, it reveals what physically exists in the data center. This verification extends to the firmware and binaries running on that hardware.
When we ask him whether yet another layer of security complexity lands well at customers, Dunphy acknowledges that many many organizations experience a certain level of fatigue. “It’s hard to come to a conference like today here at RSA and not walk through the floor and feel that same overwhelming feeling,” he says. Eclypsium addresses this by distilling complex hardware and firmware details into actionable alerts. These alerts highlight compromised or high-risk assets requiring immediate attention.
OT and IoT security challenges
Operational technology (OT) environments face unique security challenges. Despite the common belief that OT environments are air-gapped, bridges to IT environments exist. The security of those bridges is typically enforced by firewalls, the very same devices that are increasingly under attack.
OT environments commonly contain decade-old PLCs (Programmable Logic Controllers) that haven’t been patched in many years, along with Windows 2000 and Windows 98 systems. These environments prioritize safety first and availability second, making patching extremely difficult. As a result, network segmentation through firewalls becomes the primary protection mechanism. This makes the trustworthiness of those firewalls critical.
For IoT devices, Eclypsium is extending its capabilities to support major camera vendors and other connected devices. These represent another potential exploitation point and foothold for attackers, with growing interest from both enterprises and threat actors.
AI infrastructure and neocloud security
Eclypsium supports major GPUs from Nvidia and works with neocloud providers who sublease GPU infrastructure to customers. When moving GPU assets from one customer to another, these providers need confidence that the hardware remains trustworthy. They also need to know it hasn’t been compromised.
Customers spending millions on AI infrastructure want attestation that GPUs have the right hardware components, firmware, and binaries before running their agentic workloads. According to Dunphy, this expectation isn’t foreign to neocloud providers. In fact, the awareness there that hardware security matters is further along than many might expect.
Rather than blindly trusting hardware, organizations can request attestation from neocloud providers confirming that infrastructure is still authorized, has the right firmware, and contains the right binaries. This is a far better approach than blind trust.
Platform integration and trust verification
Eclypsium integrates with existing security workflows by sending alerts to SIEM and XDR solutions. The platform provides a verdict for each device, while offering extensive detail to support that assessment.
The verdict considers multiple factors: whether firmware matches vendor expectations, whether runtime behavior matches active indicators of compromise (IOCs) or threat behaviors, and whether hardware changes have occurred since the last verification. For skeptical security professionals who won’t simply accept a green checkbox, Eclypsium provides detail down to the component level. It also shows specific binaries running on individual components.
As Dunphy concludes, “Blind trust is bad no matter who it’s with.” The hardware security industry needs additional controls and checks to verify trust, then take action when that trust is violated. At the end of the day, this is the same principle that drives the entire cybersecurity industry.
Also read: Palo Alto Networks amps up security to address and counter threats faced in the supply chain