Finite State is launching Finite State for Asset Owners. The purpose-built solution automates and solves the complex challenges asset owners face in maintaining device software supply chain visibility, including collecting and managing large repositories of Software Bills of Materials (SBOMs).
According to The Wall Street Journal and Akamai Technologies, the Log4j vulnerability affected hundreds of millions of U.S. devices and saw an exploit attempt rate of 10 million devices an hour. Log4j remains a stark, ongoing reminder of the criticality of managing supply chain risk as organizations that are unable to pinpoint instances of Log4j continue to face attacks. Asset owners unable to identify and track software components in their connected devices are exposed to unknown supply chain risk, and this is the gap in the cybersecurity market that Finite State is addressing.
In attempts to gain at least partial visibility into their supply chains, and without access to a purpose-built solution, asset owners have been resigned to using the heavily manual options of third-party risk assessments and penetration testing. Vendor risk assessments rely on vendor attestation, which doesn’t provide a sustainable approach that asset owners can rely on. Further, externally-observable indicators of a vendor’s cyber risk provide insights only into the risk profile of the vendor itself, not the potential vulnerabilities at the device level.
Current approaches in the market only provide a point in time view, and cannot accurately assess risk based on the myriad of security issues on devices. The data is quickly rendered obsolete in a dynamic threat environment, leaving asset owners once again exposed to unknown supply chain risk. Finite State for Asset Owners gives teams a complete solution to monitor an organization’s device ecosystem continuously for real-time risk assessment and management, so teams can easily prioritize threats and quickly remediate the vulnerabilities exposed.
Finite State for Asset Owners was built from the ground up to solve the complex problem of managing device supply chain risk by providing:
- Continuous, live views into device supply chain risk
- Automated product risk assessments
- Software supply chain transparency
- Comprehensive SBOMs and product risk profiles
- Frictionless vendor and asset owner collaboration and verification
- Live, prioritized National Vulnerability Database exposure audits with remediation guidance
- Exploit intelligence to help mitigate the most acute risks by surfacing active threats, including vulnerability weaponization
- Endless scalability to counter the proliferation of connected devices
By continuously monitoring firmware and third-party components on connected devices, Finite State delivers unprecedented context and exploit mitigation guidance for ongoing protection, aligning directly with the President’s Executive Order (EO) on Improving the Nation’s Cybersecurity.
“Recent supply chain threats and critical vulnerabilities in connected devices have brought device supply chain security to the forefront and fundamentally changed the nature of risk management in critical infrastructure,” said Matt Wyckhouse, CEO at Finite State. “Our ability to offer asset owners complete, continuous visibility into that risk and automated product-level assessments gives them peace of mind to know they’re deploying safe devices.”