Tanium enhances threat identification and extends the reach of terminals

Tanium announced a significant strengthening of its Software Bill of Materials (SBOM), expanding it to include information on Common Vulnerability and Exposures (CVE). This shift is a direct response to the ever-increasing attacks on the software supply chain, facilitated by organizations' growing dependence on a multitude of third-party vendors and service providers. Tanium has integrated SBOM into its vulnerability management solution to identify, prioritize and resolve emerging and zero-day vulnerabilities in application software components, including embedded open-source software libraries, across all terminals.

Tanium's approach to open-source software vulnerabilities

Nic Surpatanu, CPO of Tanium, stated that "over ninety-two percent of applications contain open-source libraries that can hide vulnerabilities such as Log4j, OpenSSL, or Struts, exploited by hackers." He added that federal agencies, cyber insurance providers and other organizations are increasingly requiring an SBOM for all software they use. Tanium's SBOM is the only solution available that enables organizations to identify and remediate vulnerabilities in the production software supply chain. This capability enables DevOps and SecOps to identify and mitigate risk across development, staging and production environments.

Tanium's support for evolving processor architecture

In addition to addressing the threats posed by the use of open-source software, today's organizations are also faced with the ongoing evolution of processor architecture. Specifically, the use of ARM-based servers grew sevenfold between 2019 and 2022, and ARM-based computers are projected to account for thirty percent of all personal PCs by 2026. In 2022, Tanium expanded support for terminals using ARM processors from Apple and Amazon. Looking to the future, Tanium has expanded its support to other ARM-based terminals running Oracle Linux, RedHat and Windows 11.

New Tanium risk & compliance improvements

Tanium's announcement also coincides with a number of new enhancements to Risk & Compliance, which will enhance the efficiency and effectiveness of vulnerability and risk management programs while reducing the need for separate point solutions. These include ESXi support, the ability to perform compliance and vulnerability assessments of ESX and ESXi hypervisors through vCenter APIs; the inclusion of CISA's KEV information in Tanium vulnerability reports; handling exceptions for compliance and vulnerability discoveries with a valid reason or expiration date; and increases to benchmark features. As organizations continue to embrace digital transformation, comprehensive endpoint visibility, real-time control and remediation are essential to mitigate the risks from today's and future cyber threats.