Tanium Introduces Software Bill of Materials for Unprecedented Visibility to Combat Supply-Chain Threats


Tanium, the industry’s only provider of converged endpoint management (XEM), today launched the Tanium Software Bill of Materials (SBOM) to help organizations protect digital assets against external threats stemming from open-source software including OpenSSL v3. Tanium is the first and only solution that empowers IT and security teams with granular visibility and real-time remediation of software packages for every application on every endpoint at runtime.

The modern digital economy is powered by open-source software, but the average application-development project contains nearly 50 vulnerabilities spanning 80 direct dependencies. While indirect dependencies are even harder to find, that’s where 40% or more of all vulnerabilities are hiding. When software supply-chain vulnerabilities are discovered, organizations must scramble to understand their exposure, which could take weeks or even months. With millions of open-source libraries in use, not only are real-time visibility and remediation capabilities important, they are now a necessity. Seemingly innocuous coding flaws have the potential to bring down organizations on a massive scale.

“Software supply-chain vulnerabilities have been at the heart of some of the most disruptive cyber events we’ve seen,” said Nic Surpatanu, chief product officer at Tanium. “Tanium’s SBOM takes this challenge head on by leveraging endpoint data to breakdown the composition of software and root out weaknesses such as the newly announced vulnerability in OpenSSL version 3. This clarity can mean the difference between a minor operational hiccup or a complete global disruption with lasting implications.”

Also Read: Effective Collaboration Between IT and HR is Critical to Better Cybersecurity

SBOM, built on Tanium’s core strengths of speed, scale, and real-time endpoint data, is an entirely new approach to address supply-chain vulnerabilities. Tanium SBOM focuses first on the software residing on individual assets to detect libraries and software packages with known vulnerabilities. Tanium’s approach goes beyond basic scanning tools by examining the contents of individual files wherever they reside in IT environment. This essential information allows Tanium to take swift, appropriate action such as conducting application patching and software updates—up to and including killing a specific process or uninstalling affected applications. Tanium can find and remediate vulnerabilities like OpenSSL v3 today as well as new supply-chain vulnerabilities in the future.

“The Log4j vulnerability has opened people’s eyes to the dangers of vulnerable open-source software,” said Jason Bloomberg, president of analyst firm Intellyx. “The ability to harness endpoint data for a diagnostic analysis of the software landscape is essential, as enterprises increasingly depend on so many disparate applications. Tanium’s SBOM data allows security teams to manage a variety of applications with the confidence that they can identify and address vulnerabilities before they adversely impact the customer.”

For more such updates follow us on Google News ITsecuritywire News. Please subscribe to our Newsletter for more updates.