3rd Party Risk Management , Events , Governance & Risk Management
Assess the Security of Code in All Supply Chain Components
Alex Bazhaniuk of Eclypsium on Strategies for Strengthening Supply Chain SecurityEvery enterprise uses different pieces of infrastructure that run at the application level. Any attacks at that level will compromise the integrity of enterprise systems. And the attacks could come via any vendor or supplier in the supply chain.
See Also: InfoSec: Applying AI to Third-Party Risk Management to Achieve Consistency
Alluding to the SolarWinds attack, Alex Bazhaniuk, CTO and co-founder, Eclypsium, said supply chain security at the infrastructure level is extremely important. "A compromise of any backdoor could compromise all infrastructure in the world. A typical laptop has components from hundreds of vendors in the supply chain, and even the smallest vendor presents a risk to that endpoint," he said.
For instance, a component vendor could produce code for a network card, and that code could potentially have an unpatched vulnerability.
"Every organization, regardless of size, a third-party or fourth-party vendor is important [to secure] the final product," Bazhaniuk said. "So it is important to assess the code running on every technology component."
In this video interview with Information Security Media Group at RSA Conference 2024, Bazhaniuk also discussed:
- Supply chain security at an infrastructure level;
- Approaches to building security across the supply chain;
- How artificial intelligence/machine learning and large language models are automating security.
Bazhaniuk has expertise in hardware, firmware and supply chain security and extensive experience in research and product development. Over the course of his 15-year career, he has spearheaded innovation within teams at organizations such as Eclypsium, Intel and McAfee.