Supply chain, Application security, Cloud Security, DevSecOps, Incident Response, NDR, Network Security, Security Operations, Threat Management

Making the Case for Supply Chain Behavior Transparency

The Biden Administration’s Cyber Executive Order includes a Software Bill of Materials (SBOM), an electronically readable format designed to provide an inventory of third-party components that make up software components.  It is a critical and necessary first measure for protecting the software supply chain, but is it enough?

One of the biggest challenges to supply chain transparency and the SBOM model is identifying software components with sufficient discoverability and uniqueness. Component identification is fundamental to SBOM and needs to scale globally across diverse software ecosystems, sectors, and markets.  To defend against cyber-attacks, such as the ones that impacted SolarWinds and recent ransomware victims, organizations also need transparency about the behaviors of the software components in their supply chain––how, and with whom, they are engaging in and outside of their networks.

Ted Driggs, Head of Product, and Ben Higgins, Distinguished Software Engineer, from ExtraHop joined Business Security Weekly to explore how behavior transparency can give organizations an advantage by distinguishing between expected noise and indications of compromise.  Even an 80/20 rule on behaviors reduces the amount of alerts an analyst needs to review.

During the interview, Ted and Ben discussed the advantages of behavior transparency, but also the challenges.  Behavior transparency requires a standardized, machine readable format that can be ingested by other products and technologies.  This file needs to identify fingerprints, detections, domains, and processes that uniquely identify the behavior of each software component.  Behavior transparency also requires a central database for these behavior files that can be updated quickly as software components, and their associated behaviors, change.

ExtraHop is focused on this effort, but needs the support of the broader security community.  Endpoint behaviors, integration with other security products, and standardization of formats and protocols are all critical components to achieve behavior transparency.  To learn more, watch the interview on Business Security Weekly here or visit www.extrahop.com/behaviortransparency for more information.

Matt Alderman

Chief Product Officer at CyberSaint, start-up advisor, and wizard of entrepreneurship.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.