Firmware Security FAQs

Not sure if Firmguard is right for you?

FirmGuard’s suite of features gives IT administrators control over BIOS firmware security threats, all without creating a headache for your organization, your techs, or your clients.

Imagine being able to know for certain that not only is EVERY layer of your (and you clients’) networks truly protected, but now you can say with certainty that you ARE protecting your clients better than any other organization or MSP.

We’ve compiled a list of the most commonly asked questions when it comes to FirmGuard, so you can make an informed decision on protecting this at-risk security layer.

FirmGuard Frequently Asked Questions

Does FirmGuard work on any BIOS?

Yes, FirmGuard will work with any endpoint, no matter which vendor implemented the BIOS software. Our customers use it today on most any endpoint you can imagine such as Dell, HP, Lenovo, Asus and even custom-built machines.

Does FirmGuard integrate with RMM?

Yes. In fact, an RMM is the primary way that customers deploy the FirmGuard agent to all their endpoints under management.

Why should an MSP consider using FirmGuard?

As an MSP, you are certainly driven to protect your customers from hackers, reduce cybersecurity threats, and help them thrive with technology. You say you’re protecting your clients’ network from end to end. However, for the majority of MSPs, there is one glaring hole in the security stack you provide your clients with that leaves them vulnerable. By not addressing this vulnerability, you’re also putting your reputation at stake, your integrity on the line and inviting your competition to easily  walk in and steal your customers – all without you knowing or even meaning to.

That glaring security gap is BIOS firmware, which is the very first software that comes up when you power on an endpoint. The fact is that 99% of small businesses are NOT PROTECTED at the BIOS firmware level from cyber-attacks.

By using FirmGuard, MSPs can proactively protect their clients’ systems from these types of attacks and provide them with greater peace of mind.

Why should I trust Phoenix Technologies with BIOS firmware security?

Phoenix Technologies was the very first independent BIOS firmware vendor and has been in business since 1979. As a result, we know firmware!

Phoenix has over 180 patents, trademarks and copyrights in the firmware space and deep industry partnerships with companies such as Intel, AMD and Arm. Additionally, Phoenix participates in a broad spectrum of firmware and firmware security organizations such as the Unified Extensible Firmware Interface Forum (UEFI) and the Trusted Computing Group (TCG).

How is FirmGuard deployed? For example, does it require an agent to be installed on an endpoint?

Yes, each endpoint must have the FirmGuard agent deployed on it. The FirmGuard agent runs as a Windows service and is very light weight.

Customers typically deploy the FirmGuard agent with their RMM and we have had customers deploy 100s of endpoints in one sitting. We provide PowerShell scripts and the like to make installation seamless and efficient. You will find FirmGuard easy to deploy.

Does FirmGuard only work with Phoenix BIOS?

No, FirmGuard will work with any endpoint no matter which vendor implemented the BIOS software. Our customers use it today on most any endpoint you can imagine: Dell, HP, Lenovo, Asus, and even custom-built machines.

How are devices onboarded to FirmGuard?

An RMM tool is the primary way that customers deploy the FirmGuard agent to all their endpoints under management. Once the agent is deployed, it will automatically register itself with the FirmGuard Cloud Server, including putting itself in a specified group. Our customer support team can help, including providing pre-configured scripts, to make deployment seamless. However, in most cases, customers can do the onboarding themselves.

Does FirmGuard only work with Windows endpoints? How about other types of firmware?

Right now, FirmGuard is focused exclusively on Windows endpoints. Any Microsoft supported version of Windows for laptops, desktops or servers will work with FirmGuard.

We do have a definitive roadmap and plan to support other types of firmware such as for Linux, MAC and networking devices in the future.

What is UEFI and is that the same as BIOS?

UEFI (Unified Extensible Firmware Interface) malware refers to malicious software that targets UEFI, which is a modern replacement for traditional BIOS firmware. UEFI is responsible for booting the operating system and initializing hardware components when a computer is powered on. Because UEFI runs before the operating system, malware that infects this layer can be particularly dangerous and difficult to detect or remove.

Phoenix Technologies is also the co-founder of the UEFI Forum and sits on the board and chairs the UEFI Security Response Team (USRT) and is the vice chair of the UEFI SBOM (Software Bill of Materials) Team (USBT).

What are the dangers of UEFI malware?

In essence, UEFI controls every component of an endpoint. As such, UEFI malware is incredibly dangerous because it can:

Persist through OS reinstalls and hardware changes, making it nearly impossible to remove.
Evade detection by traditional security tools since it operates below the OS level.
Gain full control over the system by launching a rogue operating system, potentially leading to widespread damage or espionage.
Disable security features, allowing further infections or attacks.

These traits make UEFI malware a severe threat to system security and integrity.

How to secure UEFI malware?

To secure your system against UEFI malware:

Enable Secure Boot: Turn on Secure Boot to ensure that only an authenticated operating system can be launched.
Keep Firmware Updated: Regularly update your UEFI firmware to patch vulnerabilities that could be exploited.
Use UEFI Scanners: Deploy specialized tools like FirmGuard to detect and remove potential UEFI malware.
Monitor for Anomalies: Regularly check for unusual behavior during the boot process that could indicate compromised UEFI firmware.

I don’t know much about UEFI/BIOS malware attacks, where can I learn more?

For a comprehensive list of current and past attacks please visit:

https://www.phoenix.com/security-notifications

I have heard that BIOS or UEFI attacks are particularly bad, but I am not sure why, can you elaborate?

UEFI BIOS malware is widely viewed as an extremely dangerous vector for implementing cyberattacks, as it is hard to detect and can survive security measures such as operating system reinstallation and even hard disk replacement. 