Phoenix FirmGuard® | BIOS Firmware Security

Hacker on computer | FirmGuard solution brief header

What Is Phoenix FirmGuard?

FirmGuard is a solution for Managed Service Providers (MSPs) to provide BIOS firmware security for their client endpoints and also to seamlessly manage the BIOS firmware in those endpoints from a single pane of glass. FirmGuard is backed by Phoenix Technology’s 45+ years of technology and market leadership in endpoint firmware. Phoenix was founded in 1979 and created the first IBM clone compatible BIOS­—well before the term “endpoint” was ever used. With FirmGuard, Phoenix takes their wealth of knowledge, expertise, and intellectual property in BIOS firmware to offer a scalable, best-in-class solution to combat the increasing problem of endpoint vulnerability. 

FirmGuard is a secure, cloud-based solution that is hosted in Amazon Web Services (AWS). The FirmGuard Cloud Server handles all administrative and technical functionality with a direct interface to each client endpoint. An MSP can easily and securely manage all of their client endpoints from the MSP Portal.

MSP Portal using FirmGuard

Why Should MSPs Care About Firmware?

Companies have spent billions of dollars protecting their endpoints from OS and application level attacks with some success. But most have spent almost nothing to protect the BIOS firmware in those same endpoints. In fact, Gartner Group estimates that “70% of organizations that do not have a firmware upgrade plan in place will be breached due to a firmware vulnerability”. This is because hackers are becoming more sophisticated, and they now realize that firmware is an underappreciated attack vector which is relatively easy to exploit if not properly protected.

Only 13%-25% of enterprises view security below the operating system as a priority.

Your clients are almost certainly experiencing firmware vulnerabilities and you likely don’t even know it. With FirmGuard you can offer them a differentiated service which will immediately scan their endpoints to find firmware level vulnerabilities. Armed with that data, you can educate them on this new attack surface and offer a solution to help solve the problem. This will differentiate you from other MSPs and solidify your position as the MSP of choice for your current and future clients. This will then naturally lead to more revenue for your company.

Adversaries have demonstrated that they already know how to exploit UEFI components for persistence, and they will only get better with practice

firmguard secure check icon

SecureCheck: Revalidates an endpoint’s chain of trust, ensuring secure operation by establishing that the correct OS version is running and confirming the root of trust between hardware, firmware, and OS. This feature can be run manually or at automatically scheduled intervals such as weekly or monthly. An MSP administrator can check device firmware status at a glance via an indicator in the portal.

firmguard secure beat icon

SecureBeat: Maintains a secure heartbeat between the endpoint and the FirmGuard cloud server. A loss of beat is the first indication or alert of possible endpoint related issues. With SecureBuilder workflows can be constructed to automatically take mitigation steps (e.g., lock hard drive) if the beat is missing for an unexpected period.

firmguard secure sense icon

SecureSense: Remotely monitor endpoint status and health to detect unusual or suspicious behavior. The feature specifically monitors firmware status (i.e., vendor, version, last update, etc.), endpoint inventory (i.e.,system make/model, OS version, etc.) and endpoint metrics (i.e., CPU, disk and memory utilization, etc.).

firmguard secure key icon

SecureKey: Firmware enforced multi-factor authentication (MFA) using a physical key such as a FIDO/FIDO2 compliant device or USB storage device. The operating system (OS) will not load without the configured secure key. Configuration can be done remotely by an MSP administrator via the portal

firmguard secure config icon

SecureConfig: Remotely configure BIOS settings across an array of endpoints. Greatly streamlines and consolidates administration of BIOS settings across an entire organization. With this feature MSP administrators can easily enable or disable firmware settings to ensure proper security configurations.

firmguard secure update icon

SecureUpdate: Identifies the current firmware version and provides an indication when a newer version is available. An administrator can remotely update to the latest (or older) version across an array of endpoints. Adheres to UEFI capsule update guidelines NIST SP 800-147 & NIST SP 800-193. One of the best ways to prevent a firmware level attack is to proactively update to the latest firmware version.

firmguard secure builder icon

SecureBuilder: An automation and workflow engine that can be used to pre-schedule tasks or trigger certain actions. For example, it could be used to regularly schedule (e.g., monthly) a SecureCheck initiated reboot of select endpoints. Both simple and complex workflows can be constructed and may involve any other feature such as SecureBeat, SecureLock or SecureWipe.

firmguard secure clone icon

SecureClone: A method to duplicate an endpoint’s hard drive contents to a different location. The duplication can be easily performed from the same single pane of glass (portal) that is utilized by all other features. The duplication can be part of a workflow or done proactively to perform forensic analysis or recover lost work.

firmguard secure lock icon

SecureLock: Locks hard drive at the firmware level to prevent unauthorized access without the administrator generated password key. Without entering the key and unlocking the hard drive the endpoint cannot boot the operating system. Can potentially prevent ransomware attacks that seek to lock the hard drive contents. Protects data at rest, even if the hard drive is moved to a different system.

firmguard secure wipe icon

SecureWipe: Remotely performs a forensic wipe (at the bit level) of SSD, HDD and other mass storage devices independent of the operating system. Supports hardware erase methods such as ATA and NVMe secure erase, OPAL password/PSID revert, and multiple industry standard software algorithms such as DoD5220.22-M

Explore the FirmGuard Suite of Features


FirmGuard base capability: BIOS Firmware Security


Remote BIOS configuration


Remote endpoint drive erasure (HDD/SSD)


Display endpoint system information and resources


Monitor endpoint connectivity

Want to see FirmGuard in action?

Book your free demo today or contact your Phoenix representative.

FirmGuard dashboard light