ChannelLife Australia logo
Industry insider news for Australia's technology resellers
Story image

Data Theorem launches "industry first" attack surface management solution

By Shannon Williams
Fri 6 May 2022

Modern application security provider Data Theorem has announced the launch of Supply Chain Secure, what it says is the industry's first attack surface management product to address software supply chain security threats across the application full-stack of APIs, cloud services, SDKs, and open source software. 

Data Theorem identifies third-party vulnerabilities across the application software stack with continuous runtime analysis and dynamic inventory discovery that goes beyond traditional source code static analysis approaches and processing of software bill of materials. 

High-profile security breaches such as SolarWinds, Kaseya, and Apache Log4j demonstrated the widespread damage that can occur for enterprise supply chains if third-party APIs, cloud services, SDKs, and open-source software have security flaws, which allow hackers to infiltrate systems, initiate malicious attacks, and extract sensitive data. 

These headlining hacks expose coverage gaps found in traditional static code analysis tools and the lack of security insights in most vendor management programs. 

According to Gartner, seventy-two percent of business professionals expect their third-party networks to expand moderately or significantly in the next three years. Gartner stated that, by 2025, 45 percent of organisations worldwide will have experienced attacks on their software supply chain, a three-fold increase from 2021.

Current software supply chain security approaches have focused on either vendor management or software composition analysis. However, these approaches often lack source code access for mobile, web, cloud, and commercial-off-the-shelf (COTS) software, as well as third-party API services. 

While neither approach can perform continuous runtime security monitoring, now with Data Theorems Supply Chain Secure product organisations can benefit from a full-stack attack surface management solution that delivers continuous third-party application asset discovery and dynamic tracking of third-party vendors. 

Data Theorem's new supply chain product can automatically categorise assets under known vendors, allow customers to add additional new vendors, curate individual assets under any vendor, and alert on increases in policy violations and high embed rates of third-party vendors within key applications. These automated capabilities allow vendor management teams to remedy supply chain security problems faster and easier. 

The Apache Log4j vulnerability highlighted how difficult the current state of dynamic asset discovery between first-party and third-party software can be for every organisation building and deploying software. Log4shell hacking that impacted over 3 billion devices globally illustrated the widespread risk that can occur with only a single exploitation in the software supply chain. The flaw showed how important generating an accurate software bill of materials can be to improving the security of third-party supply chain risk. 

Data Theorem's Supply Chain Secure product ingests SBOM files from vendors and its Analyzer Engine can dynamically generate SBOM inventories based on the applications themselves. Comparing the delta between what has been documented as third-party software versus what the runtime application actually contains is an important aspect of any attack surface management effort to understand the real-world exposure of third-party software vulnerabilities. 

According to a Gartner report, software bills of materials improve the visibility, transparency, security and integrity of proprietary and open-source code in software supply chains. To realise these benefits, software engineering leaders should integrate SBOMs throughout the software delivery life cycle. The report further states, by 2025, 60 percent of organisations building or procuring critical infrastructure software will mandate and standardise SBOMs in their software engineering practice, up from less than 20 percent in 2022. 

Gartner also mentions that, SBOMs are an essential tool in your security and compliance toolbox. They help continuously verify software integrity and alert stakeholders to security vulnerabilities and policy violations.

"While other software supply chain security approaches have emerged, no solution uses full-stack application runtime analysis and dynamic inventory discovery to support the challenges around vendor management," says Doug Dooley, chief operations officer at Data Theorem. 

"Data Theorem's Analyzer Engine with attack surface management enables organisations to conduct continuous, automated security inspection with application telemetry collection," he says. 

"This allows customers to have a better handle on the third-party software supply chain assets and exposures within their vendors, suppliers, and their own software stacks."

Related stories
Top stories
Story image
Hawaiki Cable
BW Digital completes acquisition of Hawaiki Submarine Cable
BW Digital has completed its full acquisition of Hawaiki Submarine Cable, with all applicable regulatory filings and approvals now received.
Story image
SaaS
Atturra partners with Focus HQ to support Aus organisations
Atturra has executed a partnership agreement with Focus HQ, to resell and support the company's Australian developed SaaS-based portfolio management platform.
Story image
Review
Hands-on review: MSI MPG Z690 Carbon WIFI motherboard
It’s all change with Intel’s 12th generation CPUs. We have a new chipset in the 600-series, a new socket with the LGA 1700, and new DDR5 memory.
Story image
Gaming
Mastercard users can now use rewards points in gaming
Mastercard has launched Mastercard Gamer Xchange (MGX), allowing APAC consumers to convert their rewards points into gaming currency.
Story image
Techday
Techday launches TelcoNews sites to meet growing demand
Techday has launched three new TelcoNews sites to cater to our enterprise telecommunication technology audiences across Asia, Australia, and New Zealand.
Story image
Microsoft
Avaya expands Microsoft partnership to deliver OneCloud on Azure
The joint technology and go to market agreement will help customers accelerate their digital transformation initiatives in the cloud.
Story image
Hybrid Cloud
Red Hat and Accenture expand alliance for hybrid cloud
Red Hat and Accenture have announced the expansion of their partnership, collaborating on new offerings to assist businesses in their cloud continuum operations.
Story image
Artificial Intelligence
Google to enter the smartwatch market with the Google Pixel Watch
Google has provided a first look at its new Google Pixel Watch, which is set to make an entry into the competitive smartwatch market.
Story image
Appian
Appian awarded billions in damages against Pegasystems Inc.
Appian has been awarded USD$2.036 billion in damages against Pegasystems Inc as the result of a jury verdict in the Circuit Court for Fairfax County, Virginia.
Story image
Open banking
A look at the rewards and risks of open banking - report
RiskBusiness says its report on open banking finds that while it holds much potential, financial services firms need to ensure they have robust, risk processes.
Story image
Malware
Use of malware, botnets and exploits expands in Q1 2022
"As zero-day attacks and other vulnerabilities among companies like Google and Microsoft come to light, threat actors are quickly adjusting their tactics."
Story image
Mobility
Hands-on review: STM laptop bags
The advent of hybrid working has meant we need laptop bags. We got our hands on two of the most popular laptop bags from STM.
Story image
Telstra
Telstra and Silver Trak Digital delivers 5G to the cinemas
Telstra and Silver Trak Digital say they've launched Australia's fastest and most secure delivery of content over 5G for cinemas.
Story image
Training
Fortinet training edges toward closing cybersecurity gap
The Fortinet Training Institute has made significant progress in closing the cybersecurity skills gap, on track to train one million people by 2026.
Story image
D-Link
D-Link launches new G415 Smart Router as part of EAGLE PRO AI range
D-Link A/NZ has announced the launch of its new G415 AX1500 4G Smart Router as part of the new EAGLE PRO AI Series.
Story image
Microsoft
Microsoft unveils adaptive accessories for disability access
Microsoft is introducing an expansive Inclusive Tech Lab to give people with disabilities greater access to technology through new software features and adaptive accessories.
Story image
Application Performance Monitoring / APM
Why SolarWinds Partners will have big wins in 2022
We summarise the key recent changes that the monitoring software vendor has made to accelerate its channel business.
Story image
Manufacturing
HINDSITE wins Aerospace Xelerated Pitch Challenge with solution to support Boeing
Brisbane-based startup HINDSITE was the winner of the first ever Pitch Challenge organised by Aerospace Xelerated in partnership with Queensland XR Hub. 
Story image
Jabra
Jabra reveals its latest portable headset Engage 55
Jabra has launched the Engage 55, the newest product in Jabra's Engage series designed for ultimate call security and quality.
Story image
Cybersecurity
HackerOne launches Attack Resistance Management solution
HackerOne has launched Attack Resistance Management - a new category of security solution that targets the root causes of the attack resistance gap. 
Story image
Artificial Intelligence
SecureCo and IBM partner to deliver Intelligent Voice Platform
The partnership addresses the growing number of businesses seeking to digitally transform, by enabling operational optimisation and adaptive CX.
Story image
Malware
Sharp increase in phishing as cybercriminals leverage SEO to lure victims
"Malware lurking everywhere, from cloud apps to search engines, leaving organisations at greater risk than ever before."
Story image
Ransomware
Ingram Micro Cloud adds Bitdefender solutions to marketplace
Ingram Micro Cloud has announced the expanded availability of Bitdefender solutions on the Ingram Micro Cloud Marketplace.
Story image
Data
Aussie data & analytic execs not confident in data strategy
Less than half of Australian data and analytics leaders are confident in their data strategy as siloes and lack of culture prevent innovation.
Story image
Poly
Poly introduces new smart devices and announces Amazon e-store in Australia
Poly is introducing two new pro-grade devices to the market and announcing its first official Australian e-store on Amazon.
Story image
Corsair
Hands-on review: Corsair 32GB Vengeance 5200MHz DDR5 DRAM kit
Corsair’s Vengeance 5200MHz DDR5 DRAM offers PC users an entry-level upgrade to the new memory standard allowing them to get a little bit more out of their new Alder Lake CPUs.
Story image
Fastly
Fastly named 2022 Gartner Peer Insights Customers’ Choice
Fastly has announced it has been named a Customers' Choice in the 2022 Gartner Peer Insights "Voice of the Customer": Global CDN.
Story image
Cybersecurity
Three key security challenges facing the Australian insurance industry 
Insurance companies must ensure they proactively address security challenges and protect the privacy of customer data.
Story image
Logistics
TeamViewer and SAP combine AR and warehouse operations
TeamViewer combines its AR platform, Frontline, with SAP's Extended Warehouse Management solution, to make warehouse and logistics operations more efficient.
Story image
Fortinet
Fortinet sees 34% revenue increase in latest financial results
Fortinet has released its financial results for the first quarter ended March 31, 2022, seeing a total revenue increase of 34.4% compared to the same quarter last year.
Story image
Wireless
Hands-on review: Technics EAH-A800 Noise Cancelling Wireless Headphones
Designed in Osaka, Japan, these headphones just exude quality. They aren’t heavy, but they feel well built and solid.
Story image
Wasabi Technologies
Wasabi opens new cloud storage in Australia with Equinix
Wasabi Technologies has opened a new hot cloud storage region in Sydney, Australia, using Equinix services. This is the company's 12th global storage region.
Story image
Review
Hands-on review: Amazon Kindle Paperwhite Signature Edition
In almost every respect it works like a book, apart from the fact that it weighs next to nothing, fits in my hand perfectly, and is soothing on my eyes.
Story image
Manufacturing
$1 million in cyber skills to stop $100 million in cybercrime
"It is important that the next generation across all industries, including manufacturing, are skilled in cybersecurity."
Story image
Application Security
What are the DDoS attack trend predictions for 2022?
Mitigation and recovery are vital to ensuring brand reputation remains solid in the face of a Distributed Denial of Service (DDoS) attack and that business growth and innovation can continue.
Story image
Microsoft
Microsoft unveils three new security managed services
Security Experts includes three new managed services, Defender Experts for Hunting, Defender Experts for XDR, Security Services for Enterprise.
Story image
Nokia
Nokia and Optus reaches new 5G levels using Samsung
Nokia and Optus have achieved the world’s first 3CC Carrier Aggregation 5G SA data call using a commercial Samsung headset in Australia.
Story image
Artificial Intelligence
ANU and Seeing Machines to use AI to improve driver safety
The Australian National University and Seeing Machines have won a grant to develop AI systems monitor human behaviour while driving.
Story image
Ransomware
Zerto unveils updates to ransomware recovery capabilities
"Organisations face increased risks from the volume and sophistication of ransomware attacks prevalent today."
Story image
VPN
Palo Alto Networks says ZTNA 1.0 not secure enough
Palo Alto Networks is urging the industry to move to Zero Trust Network Access 2.0 because previous versions have major gaps in security protection.
Story image
Sift
Sift shares crucial advice for preventing serious ATO breaches
Are you or your business struggling with Account Takeover Fraud (ATO)? One of the latest ebooks from Sift can provide readers with the tools and expertise to help launch them into the new era of account security.
Story image
Ransomware
Cybersecurity starts with education
In 2021, 80% of Australian organisations responding to the Sophos State of Ransomware study reported being hit by ransomware. 
Story image
Phishing
Google reveals new safety and security measures for users
Google's new measures include automatic two step verification, virtual cards and making it easier to remove contact information on Google Search results.
Story image
Wireless
Sony to bring new 1000X series WH-1000XM5 headphones to the market
Sony has announced the newest edition of its award-winning wireless headphones, with the 1000X series WH-1000XM5 noise-cancelling model.