Balbix, the leader in cybersecurity posture automation, announced new platform capabilities for software bill of materials (SBOM). Cybersecurity teams now have real-time visibility into software components used across the enterprise – including traditional data centers, the cloud and remote employee devices. The solution does not require access to application source code and includes accurate multi-level dependency mapping and installed locations. Enterprises can identify and remediate software component vulnerabilities, such as Log4j, in hours and days instead of months. In addition, users can export SBOM inventory data in industry-standard formats to inform other tools and workflows.
The need for an SBOM inventory arises because modern software applications usually include dozens of open-source and 3rd-party components. These supply chain dependencies lead to vulnerabilities that are hard to identify and remediate. Recent vulnerabilities – Log4j, Spring4Shell and OpenSSL – are prime examples. The importance of an SBOM inventory is highlighted in U.S. Executive Order 14028, which mandates anyone selling software to the federal government to provide SBOMs. Unfortunately, traditional cybersecurity and asset management tools cannot inventory software component versions. When a Log4j-type vulnerability shows up, cybersecurity teams struggle to identify vulnerability instances and perform the necessary remediation and mitigation actions.
Also Read: Former Government and Finance Leaders Take Up Executive Roles with Hedera
“Since late 2021, our customers have requested assistance to mitigate software component vulnerabilities like Log4j. We were fortunate to have our SBOM solution under development and were able to help our customers address these issues in a matter of days,” said Gaurav Banga, Founder and CEO of Balbix. “Today, I am excited to announce the general availability of a broad set of SBOM capabilities in the Balbix platform.”
In an industry first, Balbix provides a software bill of materials (SBOM) at runtime, including all nested dependencies. The inventory includes component versions, open-source and third-party packages. To do so, Balbix analyses all installed software, their dependencies and run-time services to provide a near real-time, comprehensive and accurate dependency tree. This new capability builds on the continuously updated software and asset inventory already provided by Balbix for assets on-premises or in the cloud.
SOURCE: PR Newswire