Identifying software vulnerabilities are inherently a multi-part problem. Certainly one of vulnerability management, but also one of Software Asset Inventory. To know if we are vulnerable to a thing, we first need to know if, and where, we have a thing. Struts / Equifax and more recently Log4J/Log4Shell were perfect examples of this. So much time and resource was spent enumerating the environments to discover where these exist, even before the ever-changing vulnerability intelligence and signatures…. We still had to find it! We don't want our customers to be in that situation ever again, and with a run-time, targetable assessment of a software's Bill of Materials, you won't be. Let's discuss updates to Tanium content to help you get an even deeper view of your software assets through examining their bill of materials and library dependencies. Then, when the next Log4J type vulnerability comes along, you can easily leverage Tanium to query, get vsibility, and take action in minutes!

Additional details: