Risk Management
Expose hidden supply chain risk
Protect Your Brand and Reputation
Falling victim to any cyber attack can tarnish your brand and reputation. In the case of supply chain attacks, the injury is amplified if attackers are able to reach thousands more victims via a single target as in the case with the SolarWinds attack. Whether you build IoT/OT products or use them, you need visibility into what you are shipping or operating to ensure you aren’t harboring exploitable technology.
Get in front of emerging threats and reassure your customers that your products are secure when impactful vulnerabilities are announced. FACT provides insights into your entire software supply chain, allowing you to respond quickly to high-profile vulnerabilities like Log4j.
A proactive software supply chain can create and maintain a competitive advantage.
FACT provides:
Visibility across your entire supply chain to identify risky components, products, and vendors
Machine-readable VEX documents to streamline communications and promptly reassure your customers
Executive dashboards highlighting progress towards risk-reduction goals
Schedule a session with our technical staff to see how FACT identifies vulnerable components, untrustworthy suppliers, and other 3rd-party risks.
From crisis to happy customers in under 24 hours
Log4j Discovered
Widespread vulnerability found in both IT & OT creates massive response
Visibility at Scale
aDolus FACT platform scans >35 million files to uncover Log4j vulnerabilities in OT software packages
Validation & Assurance
FACT confirms to its manufacturing customer there are NO exploitable instances of Log4j in their products
SBOMs & VEX Documents
Manufacturer uses FACT to generate VEX documents and SBOMs for efficient customer communications
Reputation Protected
Manufacturer uses FACT to generate VEX documents and SBOMs for efficient customer communications
Continuous
Monitoring
FACT continuously monitors for new product ⇔ vulnerability associations to stay ahead of the next major
announcement
Reduce Potential Liability
In light of multiple high-profile software supply chain incidents, the question has arisen: “Should companies face legal liability for shipping insecure software?” In this new environment, contractual requirements are being re-examined as companies seek to hold suppliers accountable. If you ship products containing 3rd-party, insecure components, you may face significant liability.
FACT allows you to:
Discover the suppliers and components that comprise your software supply chain (even the deeply-buried ones)
Disclose information up front via SBOM (Software Bill of Materials)
Monitor for emerging vulnerabilities, ransomware, and other malware to reduce risk to your customers
Vendor Quality Assessment
When making purchasing decisions, it is important to consider the cybersecurity quality of the products your vendor supplies. If a vendor consistently ships products with software vulnerabilities, obsolescent components, black-listed 3rd-party components, or other high-risk issues, you need to know. On the other hand, vendors who provide SBOMs and transparency into their products help reduce your risk and you should factor that in. Either way, you need more visibility to assess your vendors and incorporate that information into the total cost of ownership (TCO) of their products.
FACT allows you to:
Reduce inherited risk from purchased products (and ensure you don’t pass it along further)
Conduct informed warranty discussions with vendors supplying higher-risk products
Negotiate with vendors based on who is bearing the risk
M&A Due Diligence
Mergers and Acquisitions (M&As) are common in the automation industry, and it is becoming increasingly important to have detailed intelligence on embedded risk. Which is the more attractive choice for acquiring (or merging) with another company: one that can provide total, detailed transparency into their software inventory or one offering no visibility where you blindly shoulder all the risk?
When your team is responding to interest in an M&A, can you deliver a fully transparent inventory of all your software, right down to the component level?
FACT allows you to:
Provide a detailed and risk-scored inventory of all the vendors, software, and components in your portfolio
Negotiate from a position of strength with evidence-based risk assessments
Speed up the due diligence process with automated documentation
