Data Theorem Inc., a provider of modern application security, launched Supply Chain Secure, an attack surface management (ASM) product to address software supply chain security threats across the application full-stack of APIs, cloud services, SDKs and open source software.
The provider identifies third-party vulnerabilities across the application software stack with continuous runtime analysis and dynamic inventory discovery that goes beyond traditional source code static analysis approaches and processing of software bill of materials (SBOMs).
High-profile security breaches such as SolarWinds, Kaseya, and Apache Log4j demonstrated the widespread damage that can occur for enterprise supply chains if third-party APIs, cloud services, SDKs, and open-source software have security flaws, which allow hackers to infiltrate systems, initiate malicious attacks, and extract sensitive data. These headlining hacks expose coverage gaps found in traditional static code analysis tools and the lack of security insights in most vendor management programs.
Current software supply chain security approaches have focused on either vendor management or software composition analysis (SCA). However, these approaches often lack source code access for mobile, web, cloud, and commercial-off-the-shelf (COTS) software, as well as third-party API services.
With Data Theorem’s Supply Chain Secure product, organizations can benefit from a full-stack attack surface management (ASM) solution that delivers continuous third-party application asset discovery and dynamic tracking of third-party vendors.
Data Theorem’s supply chain product can categorize assets under known vendors, allow customers to add additional new vendors, curate individual assets under any vendor, and alert on increases in policy violations and high embed rates of third-party vendors within key applications. These automated capabilities allow vendor management teams to remedy supply chain security problems faster and easier.
“While other software supply chain security approaches have emerged, no solution uses full-stack application runtime analysis and dynamic inventory discovery to support the challenges around vendor management,” said Doug Dooley, COO at Data Theorem. “Data Theorem’s Analyzer Engine with attack surface management (ASM) enables organizations to conduct continuous, automated security inspection with application telemetry collection. This allows customers to have a better handle on the third-party software supply chain assets and exposures within their vendors, suppliers, and their own software stacks.”
Data Theorem’s broad AppSec portfolio protects organizations from data breaches with application security testing and protection for modern web frameworks, API-driven microservices and cloud resources. Its solutions are powered by its Analyzer Engine, which leverages a dynamic and run-time analysis that is integrated into the CI/CD process, and enables organizations to conduct continuous, automated security inspection and remediation.
The provider is one of the first vendors to provide a full stack application security analyzer that connects attack surfaces of applications starting at the client layers found in mobile and web, the network layers found in APIs, and the infrastructure layers found in cloud services.
Availability and Pricing
Supply Chain Secure is available directly from Data Theorem. Pricing starts at $15,000 annually. For more information, see https://datatheorem.com/products/supply-chain-secure.