Tanium Launches Software Bill of Materials for Unprecedented Visibility to Combat Supply-Chain Threats
November 2022 by Marc Jacob
Tanium launched the Tanium Software Bill of Materials (SBOM) to help organisations protect digital assets against external threats stemming from open-source software including OpenSSL v3. Tanium is the first and only solution that empowers IT and security teams with granular visibility and real-time remediation of software packages for every application on every endpoint at runtime.
The modern digital economy is powered by open-source software, but the average application-development project contains nearly 50 vulnerabilities spanning 80 direct dependencies. While indirect dependencies are even harder to find, that’s where 40% or more of all vulnerabilities are hiding. When software supply-chain vulnerabilities are discovered, organisations must scramble to understand their exposure, which could take weeks or even months. With millions of open-source libraries in use, not only are real-time visibility and remediation capabilities important, they are now a necessity. Seemingly innocuous coding flaws have the potential to bring down organisations on a massive scale.
SBOM, built on Tanium’s core strengths of speed, scale, and real-time endpoint data, is an entirely new approach to address supply-chain vulnerabilities. Tanium SBOM focuses first on the software residing on individual assets to detect libraries and software packages with known vulnerabilities. Tanium’s approach goes beyond basic scanning tools by examining the contents of individual files wherever they reside in IT environment. This essential information allows Tanium to take swift, appropriate action such as conducting application patching and software updates—up to and including killing a specific process or uninstalling affected applications. Tanium can find and remediate vulnerabilities like OpenSSL v3 today as well as new supply-chain vulnerabilities in the future.
Tanium SBOM is particularly beneficial to public sector organisations faced with new regulatory requirements such as Executive Order 14028 in the U.S. and the U.K.’s National Cyber Strategy 2022 that enforce the integrity and security of software.
SBOM is the newest offering from the award-winning Tanium XEM platform, which released new capabilities in October that include Tanium Benchmark, designed to provide board members and executive leadership with holistic IT operations, risk, and security assessments for improved decision making and strategic execution.