Finite State launches Finite State for asset owners. The purpose-built solution automates and solves the complex challenges that asset owners face in maintaining device software supply chain visibility, including collecting and managing large software bill of materials (SBOM) repositories.
According to the Wall Street Journal and Akamai Technologies, the Log4j vulnerability affected hundreds of millions of US devices and recorded an exploit rate of 10 million devices per hour. Log4j remains a stark and continuous reminder of the criticality of supply chain risk management, as organizations that are unable to identify instances of Log4j continue to face attacks. Asset owners unable to identify and track the software components of their connected devices are exposed to an unknown supply chain risk, and it is this gap in the cybersecurity market that Finite State addresses.
In an effort to gain at least partial visibility into their supply chains, and without access to a purpose-built solution, asset owners have resigned themselves to using the heavily manual options of risk assessments and third-party penetration testing. Supplier risk assessments rely on supplier attestation, which does not provide a sustainable approach that asset owners can rely on. Additionally, observable external indicators of a vendor’s cyber risk only provide information about the vendor’s risk profile itself, not about potential device-level vulnerabilities.
Current approaches in the market only provide a point view and cannot accurately assess risk based on the myriad of security issues on devices. Data is quickly rendered obsolete in a dynamic threat environment, again exposing asset owners to unknown supply chain risks. Finite State for Asset Owners gives teams a comprehensive solution to continuously monitor an organization’s device ecosystem for real-time risk assessment and management, so teams can easily prioritize threats and remediate quickly. vulnerabilities exposed.
Finite State for Asset Owners was designed from the ground up to solve the complex problem of managing device supply chain risk by providing:
- Continuous, live views of device supply chain risk
- Automated product risk assessments
- Software Supply Chain Transparency
- Complete SBOMs and product risk profiles
- Seamless collaboration and verification between suppliers and asset owners
- National Vulnerability Database live and prioritized exposure audits with remediation guidance
- Leverage intelligence to help mitigate the most acute risks by uncovering active threats, including vulnerability weaponization
- Endless scalability to counter the proliferation of connected devices
By continuously monitoring firmware and third-party components on connected devices, Finite State provides unprecedented context and exploit mitigation guidance for continued protection, aligning directly with the Presidential Executive Order (EO) on the improving the nation’s cyber security.
“Recent supply chain threats and critical vulnerabilities in connected devices have brought device supply chain security to the forefront and fundamentally changed the nature of risk management in critical infrastructure,” said said Matt Wyckhouse, CEO of Finite State. “Our ability to provide asset owners with complete and ongoing visibility into this risk and automated product-level assessments gives them the peace of mind of knowing they are deploying safe devices.”