Still in the mindset that retrofitting legacy and expensive approaches like a #SIEM will solve software supply chain security problems?
What about treating SBOMs as a compliance checkbox rather than translating them into REAL security?
#PIRATE is an acronym that aligns threat modeling with strategic business objectives. It helps align your organization for you to lead "Project to Product Transformation." It enables you to remove manual compliance work from your developers by operationalizing the value of SBOMs into security actions.
PIRATE stands for Product Integrated Risk Analytics & Threat Evaluation.
Understand how the PIRATE methodology will improve the security of your ever-changing attack surface. Learn how to overcome the critical challenges of enforcing security controls with context. See how context enables accountable risk remediation in the flow of everyday work — and more....
Check the YouTube: https://www.youtube.com/watch?v=DjZSAyWuy8w&feature=youtu.be
3. 3
Static SBOMs = A Compliance Checkbox, Not Security
Agile & DevOps = Continuous Everything
4. 4
WHY is this important?
…when both environment changes
AND hacking is a constant activity.
Cyber
Insurance
Audit / Assessors
Security
Engineering
Software
Vendors
Regulators
5. 5 5
The Tides Have Turned
Too much trust,
self-attestation, and
manual tracking has proven
to be a losing battle.
X
Snapshot audit sampling,
combined with legacy
tools and processes
is risking business.
X
Proactive prevention
and continuous risk
management is the key
to winning the war.
6. 6
Key Challenges Leveraging Legacy Approaches, Like SIEM
• SIEM aggregates alert data
• Lacks correlation
• To remediate...
...or go XDR
• Analytics are pre-established
• Minimize the need for security data analysts
• Breach identification focused
11. 11
Security Across Entire Lifecycle, On Every Product
“Shift Everywhere” Monitoring Enables Modern CM
(Continuous risk assessment before and after deployment)
Design Code Build Deploy
Application Security Posture
Operate Monitor
12. 12
How Contextual, Dynamic SBOMs Help Security
Design Code Build
SBOM
Author
Product
Component
License
Vulnerabilities
Created on
Author
Product
Component
License
Vulnerabilities
Created on
Author
Product
Component
License
Vulnerabilities
Created on