Tanium Launches Software Bill of Materials for Unprecedented Visibility to Combat Supply-Chain Threats
Detailed endpoint data protects against OpenSSL v3 by identifying potential flaws from open-source software
KIRKLAND, Wash., Nov. 1, 2022 – Tanium, the industry’s only provider of converged endpoint management (XEM), today launched the Tanium Software Bill of Materials (SBOM) to help organizations protect digital assets against external threats stemming from open-source software including OpenSSL v3. Tanium is the first and only solution that empowers IT and security teams with granular visibility and real-time remediation of software packages for every application on every endpoint at runtime.
The modern digital economy is powered by open-source software, but the average application-development project contains nearly 50 vulnerabilities spanning 80 direct dependencies. While indirect dependencies are even harder to find, that’s where 40% or more of all vulnerabilities are hiding. When software supply-chain vulnerabilities are discovered, organizations must scramble to understand their exposure, which could take weeks or even months. With millions of open-source libraries in use, not only are real-time visibility and remediation capabilities important, they are now a necessity. Seemingly innocuous coding flaws have the potential to bring down organizations on a massive scale.
“Software supply-chain vulnerabilities have been at the heart of some of the most disruptive cyber events we’ve seen,” said Nic Surpatanu, chief product officer at Tanium. “Tanium’s SBOM takes this challenge head on by leveraging endpoint data to breakdown the composition of software and root out weaknesses such as the newly announced vulnerability in OpenSSL version 3. This clarity can mean the difference between a minor operational hiccup or a complete global disruption with lasting implications.”
SBOM, built on Tanium’s core strengths of speed, scale, and real-time endpoint data, is an entirely new approach to address supply-chain vulnerabilities. Tanium SBOM focuses first on the software residing on individual assets to detect libraries and software packages with known vulnerabilities. Tanium’s approach goes beyond basic scanning tools by examining the contents of individual files wherever they reside in IT environment. This essential information allows Tanium to take swift, appropriate action such as conducting application patching and software updates—up to and including killing a specific process or uninstalling affected applications. Tanium can find and remediate vulnerabilities like OpenSSL v3 today as well as new supply-chain vulnerabilities in the future.
“The Log4j vulnerability has opened people’s eyes to the dangers of vulnerable open-source software,” said Jason Bloomberg, president of analyst firm Intellyx. “The ability to harness endpoint data for a diagnostic analysis of the software landscape is essential, as enterprises increasingly depend on so many disparate applications. Tanium’s SBOM data allows security teams to manage a variety of applications with the confidence that they can identify and address vulnerabilities before they adversely impact the customer.”
Tanium SBOM is particularly beneficial to public sector organizations faced with new regulatory requirements such as Executive Order 14028 in the U.S. and the U.K.’s National Cyber Strategy 2022 that enforce the integrity and security of software.
SBOM is the newest offering from the award-winning Tanium XEM platform, which released new capabilities in October that include Tanium Benchmark, designed to provide board members and executive leadership with holistic IT operations, risk, and security assessments for improved decision making and strategic execution.
Learn how Tanium SBOM can protect your organization from OpenSSL v3 and other vulnerabilities at www.tanium.com/blog/software-bill-of-materials-openssl/.
Tanium, the industry’s only provider of converged endpoint management (XEM), leads the paradigm shift in legacy approaches to managing complex security and technology environments. Only Tanium unifies teams and workflows and protects every endpoint from cyber threats by integrating IT, Compliance, Security, and Risk into a single platform that delivers comprehensive visibility across devices, a unified set of controls, and a common taxonomy for a single shared purpose: to protect critical information and infrastructure at scale. Tanium has been named to the Forbes Cloud 100 list for seven consecutive years and ranks on Fortune’s list of the Best Large Workplaces in Technology. In fact, more than half of the Fortune 100 and the U.S. armed forces trust Tanium to protect people; defend data; secure systems; and see and control every endpoint, team, and workflow everywhere. That’s the power of certainty. Visit www.tanium.com and follow us on LinkedIn and Twitter.
+ 1 214.562.1521