Organizations don't know which open-source software is used across all their applications
Current SBOM tools can’t deliver current or accurate information quickly. That means IT and security leaders can't answer:
Where is the vulnerability
in our software supply chain in the environment?
How long will it take
to find the zero-day, like Log4j, or critical vulnerabilities, like OpenSSL, across all our endpoints?
can we remediate these vulnerabilities?
Tanium value metrics
Tanium can help measurably improve IT hygiene and organizational efficiency while reducing risk, complexity and overhead. Tanium customers will need the Asset Discovery and Inventory solution area modules to get the most value from SBOM. With these solution area modules, Tanium SBOM can quickly achieve and continuously maintain success along the following value metrics:
Endpoints with critical or high software supply chain vulnerabilities (% of total within coverage)
How many of your endpoints have critical vulnerabilities? The percent of total endpoints with critical vulnerabilities measures the quantity of endpoints with security exposures, which put organizations at greater risk of disruption or breach.
Software usage coverage (% of total endpoints)
Are you tracking everything you’re supposed to? Many organizations are not aware of the devices on their network. Percent of total endpoints tells you what percentage of your networked devices are known, helping identify potential risks.
Finding OpenSSL and other zero-day vulnerabilities
What’s the status of your OpenSSL, Log4j, or SolarWinds discovery and cleanup? Experts believe it will take years to discover and clean up all instances of Log4j across enterprises and vendors. With Tanium, you can do it in moments.