GrammaTech SySense

GrammaTech SySense is a firmware security solution that detects and prevents malware execution in firmware environments, particularly UEFI-based systems. The product addresses firmware compromise vulnerabilities that can subvert operating systems and applications, including persistent malware that survives OS reinstallation. SySense uses a custom hypervisor to monitor firmware drivers and enforce access controls. It determines the required functionality for each firmware driver and prevents abuse of unnecessary functionality. The hypervisor enables drivers to access only necessary memory, files, and code, automatically mitigating violations while allowing normal execution to continue. The solution automatically derives driver policies in the Tiffin policy language, which supports validation and editing by subject matter experts. When violations occur, SySense records forensic information for analysis. SySense has demonstrated detection capabilities against state-sponsored UEFI rootkits including LoJax and Cosmic Strand, malware exploiting CVEs such as LogoFail, and zero-day exploits. UEFI vendors can integrate SySense into their systems, or it can load from a PCI card for post-deployment security implementations. The product currently supports x86 architecture with potential extension to ARM or other architectures upon request.