Rezilion Adds Dynamic Software Bill of Materials to its Platform, Providing Organizations With Continuous View of All Software Components and Exploitable Risk
BE’ER SHEVA, Israel – May 17, 2022 – Rezilion announced today the general availability of the company’s Dynamic Software Bill of Materials (SBOM), to help organizations actively manage security across the Software Development Life Cycle (SDLC).
Rezilion’s Dynamic SBOM seamlessly plugs into all software environments, from development to production, and provides real-time visibility to all software components. Unlike static SBOMs, Rezilion’s Dynamic SBOM does more than just uncover what software components are there: it reveals if and how they’re being executed in runtime, providing organizations with an unparalleled solution to understand where bugs exist – but also whether or not they could be exploited by attackers. Rezilion’s Dynamic SBOM is available now across CI and on-prem and cloud environments. A basic, free-of-charge version is available for use in CI through Rezilion’s website.
“For the first time in the history of cybersecurity, the software supply chain is being talked about on the national and international level as a prime attack vector plaguing critical infrastructure, public companies and government,” said Ed Amoroso, CEO of TAG Cyber. “With the release of Rezilion’s Dynamic SBOM, the company is providing a blueprint for the rest of the industry to follow that acknowledges the variable and ever changing nature of software and creates an easy to access path for developers, product security, and software supply chain owners to offer secure software to customers on a continuous basis.”
In today’s software-driven world, open source code dominates the software landscape and change is constant. With every change in code, new vulnerabilities can be introduced, which cybercriminals can exploit if they are not identified and fixed quickly. The need for a Software Bill of Materials (SBOM) is now imperative to any organization that wants to build and manage secure software. In fact, an SBOM requirement is part of a recent White House Executive Order for software providers who want to sell to the federal government. The order sends a clear message that the “ingredients” of software must be transparent to buyers across industries.
Current static SBOM tools fail to meet today’s security needs and create too much work for CISOs, Product Security and Compliance officers. They require manual, single-point-in-time scanning to understand changes in the environment. Static SBOMs yield noisy, complex outputs that make focusing on actual risk difficult. Static SBOMs are also limited in scope of what they can see and are often only available in specific parts of the software stack. Within this context, delay and uncertainty result in risk.
Rezilon’s Dynamic SBOM uniquely solves these challenges by automating management of the SBOM, and gives customers a real-time inventory of their software components and their behaviors. Through Rezilion’s Dynamic SBOM, customers benefit from:
• Dynamic Inventory – Continuous tracking and management of the software environment as changes are being introduced.
• Full Stack, Full Cycle Coverage – See all software components across dev and prod, on-prem and cloud, hosts, containers, and IoT devices.
• Vulnerability Scanning – Identify known vulnerabilities associated with the software components in your SBOM.
• Dynamic Identification – Instantly search and pinpoint vulnerable components across millions of files and on thousands of hosts, containers, and applications.
• Dynamic Context (available only in premium version) – Know down to the function level what every component is doing in runtime. Triage vulnerable components that are executed and loaded to memory from the vast majority that’s unloaded and therefore not exploitable.
• Exportable Formats (available only in premium version) – Share important information with customers using a formal VEX (vulnerability exchange) or Cyclone DX document.
“Companies worldwide are now on the hook to validate that their software is secure and free from exploitation on a continuous basis. This is not a new problem for the industry but one that is now gaining the attention that it deserves thanks to high-profile attacks and vulnerabilities like SolarWinds and Log4j,” added Liran Tancman, Co-Founder and CEO of Rezilion. “We are setting the stage and raising the bar for the market by laying the groundwork of what needs to be included and available when it comes to an SBOM and acknowledging that this needs to be a dynamic asset that evolves with the software.”
The addition of the Dynamic SBOM to Rezilion’s platform marks an important milestone in the company’s mission to make it easier for organizations to eliminate software risk. For more information, visit https://www.rezilion.com/platform/dynamic-sbom/ and to sign up for a free 30-day trial at https://www.rezilion.com/get-started/.
Resources:
• Rezilion is available for purchase on the AWS Marketplace.
• Work smarter with Rezilion + AWS Inspector. Together, it’s possible to untangle manual security bottlenecks to build more on the cloud.
• Free Dynamic SBOM and Vulnerability Risk Assessment from Astellent, an Amazon Web Services Advanced Consulting Partner, and NCC Group, global experts in cybersecurity and risk mitigation.
• Supercharge your DevSecOps Stack. Learn how Rezilion integrates across the SDLC.
About Rezilion – Rezilion is an automated DevSecOps platform that allows organizations to effortlessly manage and eliminate software vulnerabilities from dev to prod and across cloud workloads, applications, and IoT devices. With operations in Israel and the United States, Rezilion is swiftly attracting a growing client base of Fortune 100 companies and leading industry partners. For more information, visit www.rezilion.com.
