Maintain continuous software supply chain transparency through automated, comprehensive risk assessments that give teams full-spectrum visibility into the security state of devices
MIAMI — April 18, 2022 — Finite State, the product security leader for connected devices, is launching Finite State for Asset Owners at the S4x22 Conference. The purpose-built solution automates and solves the complex challenges asset owners face in maintaining device software supply chain visibility, including collecting and managing large repositories of Software Bills of Materials (SBOMs). Finite State will conduct demos of the new solution during the S4x22 Conference, taking place in Miami from April 19-21, 2022.
According to The Wall Street Journal and Akamai Technologies, the Log4j vulnerability affected hundreds of millions of U.S. devices and saw an exploit attempt rate of 10 million devices an hour. Log4J remains a stark, ongoing reminder of the criticality of managing supply chain risk as organizations that are unable to pinpoint instances of Log4j continue to face attacks. Asset owners unable to identify and track software components in their connected devices are exposed to unknown supply chain risk, and this is the gap in the cybersecurity market that Finite State is addressing.
In attempts to gain at least partial visibility into their supply chains, and without access to a purpose-built solution, asset owners have been resigned to using the heavily manual options of third-party risk assessments and penetration testing. Vendor risk assessments rely on vendor attestation, which doesn’t provide a sustainable approach that asset owners can rely on. Further, externally-observable indicators of a vendor’s cyber risk provide insights only into the risk profile of the vendor itself, not the potential vulnerabilities at the device level.
Current approaches in the market only provide a point in time view, and cannot accurately assess risk based on the myriad of security issues on devices. The data is quickly rendered obsolete in a dynamic threat environment, leaving asset owners once again exposed to unknown supply chain risk. Finite State for Asset Owners gives teams a complete solution to monitor an organization’s device ecosystem continuously for real-time risk assessment and management, so teams can easily prioritize threats and quickly remediate the vulnerabilities exposed.
Finite State for Asset Owners was built from the ground up to solve the complex problem of managing device supply chain risk by providing:
- Continuous, live views into device supply chain risk
- Automated product risk assessments
- Software supply chain transparency
- Comprehensive SBOMs and product risk profiles
- Frictionless vendor and asset owner collaboration and verification
- Live, prioritized National Vulnerability Database exposure audits with remediation guidance
- Exploit intelligence to help mitigate the most acute risks by surfacing active threats, including vulnerability weaponization
- Endless scalability to counter the proliferation of connected devices
By continuously monitoring firmware and third-party components on connected devices, Finite State delivers unprecedented context and exploit mitigation guidance for ongoing protection, aligning directly with the President’s Executive Order (EO) on Improving the Nation’s Cybersecurity.
“Recent supply chain threats and critical vulnerabilities in connected devices have brought device supply chain security to the forefront and fundamentally changed the nature of risk management in critical infrastructure,” said Matt Wyckhouse, CEO at Finite State. “Our ability to offer asset owners complete, continuous visibility into that risk and automated product-level assessments gives them peace of mind to know they’re deploying safe devices.”
Learn more about Finite State for Asset Owners and see the solution demonstrated at S4x22.
About Finite State
Finite State empowers organizations to gain control of product security for their connected devices and supply chains. Backed by a team of seasoned experts, our automated product security platform arms customers with the actionable insights, critical vulnerability data, and remediation guidance necessary to mitigate product risk and protect critical infrastructure.
For more information, visit www.finitestate.io.
Gregory FCA on behalf of Finite State