The aDolus FACT platform provides continuous software supply chain visibility at scale. SBOMs, VEX, & vulnerability management prove compliance & reduce risk. Its AI-powered aggregation, correlation, and analytics engine enables regulatory compliance and provides actionable insights to secure critical systems.
Solar Turbines is one of the world’s leading manufacturers of industrial gas turbines with more than 16,000 units installed in 100 countries. Their customers demand evidence that Solar Turbines has checked the security of every component of their software stack before it is deployed to a platform.
Critical, widespread vulnerability is found in the wild and announced to the IT & OT community
aDolus FACT platform scans 35M files to locate and reveal Log4j vulnerabilities in OT software packages
aDolus FACT confirms there are NO exploitable instances of Log4j in Solar Turbines products
VEX documents are generated to accompany SBOMs and streamline the response
Solar Turbines quickly alerts customers: there are NO exploitable instances of Log4j in their products
aDolus FACT provides ongoing protection of the Solar Turbines software supply chain for the next Log4j
(Yes, with a B!)
From vendors, to products, right down to subcomponents
Managing customer communication effectively
Our AI-powered platform automatically delivers what was never before possible.
The FACT platform (Framework for Analysis and Coordinated Trust) is an advanced aggregation, analytics, and correlation engine that derives the most up-to-date cybersecurity risk intelligence on software components as they flow through the ecosystem: between suppliers, developers, OEMs, service providers, operators, and even those who should not have the software and may use it for malicious intent.
FACT makes the update delivery process to your customers more reliable and secure. It provides valuable intelligence on the software modules you source from 3rd parties, warning if subcomponents have known vulnerabilities or malware. It generates 1-click SBOMs quickly and easily, and if counterfeit versions of your software are being installed anywhere in the world, you will be the first to know.
How long will it be acceptable for you to distribute software without being certain of the integrity of every component?FACT for Vendors
FACT gives you visibility and control of upgrade processes. FACT integrates seamlessly into your existing workflows to allow employees to analyze the files they need. Management gains visibility into the files being used and has the ability to approve or deny patches before they are installed on critical equipment.
How long will it be acceptable for you to operate without detailed insight into your firmware stack?FACT for Asset Owners
If your company designs and installs intelligent control platforms, FACT lets you track software in every stage of the EPC process: from initial design & commissioning to factory acceptance tests & handover. You can be certain that the software installed on your client’s system is free of known vulnerabilities and counterfeits. Plus you can manage workflows and approval processes for software across multiple clients and projects.
How can you protect your company’s reputation if you don’t know the contents of products you’re installing?
If your company provides audit or security services for industry, you know that modern control systems can contain millions of different executable files, scattered across hundreds of different platforms. This makes the task of uncovering hidden malware similar to finding a needle in a haystack. FACT gives you the tools to quickly authenticate vendor files, helping you understand their origin, functionality, and vulnerabilities.
How can your services remain competitive without comprehensive intelligence on your client’s supply chain?
FACT is vendor- and platform-agnostic, attending to the compliance and security needs for all the firmware and software used on critical systems.