Most cyber security frameworks such as NIST CSF document the need for continuous risk management and inspection of data and software. This, in turn, includes the need that all third party and open source software, whether built internally or externally, be continually inspected for tampering, malicious content, or any unwanted characteristics that clash with an organization’s acceptable policies.
SolarWinds SunBurst highlights 3rd party risk
We have learned from SolarWinds that attackers will take time to compromise trusted software. They will circumvent SDLC with stealthy and high-quality code and avoid reactive AV solutions with new never before seen malicious code. Unaudited third-party software is the perfect Trojan into your organization and to your customers as it has access, trust and is not inspected by other security controls. You are simply not protected.
Secure your software supply chain today
To protect yourself from the next SolarWinds inspired attack, implement a process that investigates all software that your organization builds, buys or downloads. Look for anomalous software characteristics that indicate malicious intent. Expand the process to new deployment packages, updates, patches, hot- fixes and open-source modules. Add each analyzed software to your personal software library. Continually monitor your software catalog for the next supply chain attack. Once it happens, you’ll be the first to know everything about its impact on your environment. Eliminate exposure doubts and get the answers quickly.
ReversingLabs can help
Whether you are an individual analyst or administrator, or you are looking for a scalable and automated solution, ReversingLabs can help you to identify malicious and unwanted software based on its anomalous software characteristics. This is a new risk control mechanism. You will be able to identify problems before deploying the software. And you will know exactly which software in your environment implements anomalous, malicious and generally unwanted characteristics.