Tanium, a provider of converged endpoint management (XEM), launched the Tanium Software Bill of Materials (SBOM) to help organizations protect digital assets against external threats stemming from open-source software including OpenSSL v3. Tanium empowers IT and security teams with granular visibility and real-time remediation of software packages for every application on every endpoint at runtime.
The digital economy is powered by open-source software, but the average application-development project contains nearly 50 vulnerabilities spanning 80 direct dependencies. While indirect dependencies are harder to find, that’s where 40 percent or more of all vulnerabilities are hiding. When software supply chain vulnerabilities are discovered, organizations scramble to understand their exposure, which could take weeks or even months.
With millions of open-source libraries in use, real-time visibility and remediation capabilities are important and necessary. Seemingly innocuous coding flaws have the potential to bring down organizations on a massive scale.
SBOM, built on Tanium’s core strengths of speed, scale and real-time endpoint data, is a new approach to address supply-chain vulnerabilities. Tanium SBOM focuses on the software residing on individual assets to detect libraries and software packages with known vulnerabilities.
Tanium’s approach goes beyond basic scanning tools by examining the contents of individual files wherever they reside in IT environment. This essential information allows Tanium to take swift, appropriate action such as conducting application patching and software updates—up to and including killing a specific process or uninstalling affected applications. Tanium can find and remediate vulnerabilities like OpenSSL v3 today as well as new supply-chain vulnerabilities in the future.
“The Log4j vulnerability has opened people’s eyes to the dangers of vulnerable open-source software,” said Jason Bloomberg, president of analyst firm Intellyx. “The ability to harness endpoint data for a diagnostic analysis of the software landscape is essential, as enterprises increasingly depend on so many disparate applications. Tanium’s SBOM data allows security teams to manage a variety of applications with the confidence that they can identify and address vulnerabilities before they adversely impact the customer.”
Tanium SBOM is beneficial to public sector organizations faced with new regulatory requirements such as Executive Order 14028 in the United States and the United Kingdom’s National Cyber Strategy 2022 that enforce the integrity and security of software.
Learn how Tanium SBOM can protect your organization from OpenSSL v3 and other vulnerabilities at www.tanium.com/products/tanium-sbom.