November 11, 2022

Can SBOM Help Cyber Attackers?

During our recent webinar hosted by Device Authority’s Tyler Gannon and Imagination Technologies Marc Canel (Does new IoT security legislation make Zero Trust the only strategy?). We ran a poll asking attendees about their understanding of SBOM; one of the options was “SBOMs are a roadmap to the attacker”.  

Luckily, none of our attendees chose this option, however, with the increasing need for transparency within business, could there be an argument that having to provide an SBOM could aid attackers in gaining access to your network? Let us investigate!  

What is SBOM? 

In May 2021, an executive order was signed by President Joe Biden, introducing the Software Bill of Materials (SBOM), but what is a Software Bill of Materials? 

A Software Bill of Materials (SBOM) is a “formal record containing the details and supply chain relationships of various components used in building software”. 

Effectively, an SBOM lists software components, information about those components, and the relationships between them. By listing this information, SBOM’s provide increased transparency, shows the source of the components, and increases the speed at which vulnerabilities can be identified and remediated by federal departments and agencies. 

Recently, The European Union also announced their intention to enact the Cyber Resilience Act, similar legislation to that of the US. 

Would an attacker be able to utilize this information for their benefit?  

Currently there is a discussion around whether the data contained within an SBOM could be accessed and leveraged by a cyber attacker and actually highlight potential vulnerabilities to these groups.  

From a defensive standpoint, transparency is far more beneficial to cyber defenders as they are able to quickly determine if they are at risk when a component is found to be vulnerable.  

One example would be the exploitation of log4j, if SBOM’s had been in place, defenders would have been able to answer if they are vulnerable, and what device carried that vulnerability, much quicker than without it. 

Regardless to say, SBOMs need to be shared, and in a lot of cases with only those that need to know. 

How can Device Authority support your organization?  

Our KeyScaler platform supports SBOMs by providing a Zero Trust capability for IoT deployments, in order to: 

  • Ensure visibility and SBOM status across all assets, with continuous tracking, and automated reporting against policy 
  • Deliver real-time Zero Trust defense with assured SBOMs 
  • Provide operational efficiency and automation at scale, with remediation controls into IoT/Cloud Apps 
  • Reduce risk, mitigating compromised device data from entering critical enterprise infrastructure 
  • Improve trust and security in the supply chain by ensuring integrity, provenance, and transparency 
  • Lower administration fees and mitigate fines by providing compliance 

 

By working with our partners, if there is a zero-day vulnerability found that applies to an SBOM data hub that KeyScaler could connect to, we can validate what is actually on the device compared to what is on the SBOM hub.  

This can then be used to help remediate, an example here could be to quarantine a device and revoke its credential (preventing it from connecting to network services), enforce short lived certificates until the software on the device has been updated or trigger a secure update using a credential management system to do so. or simply send an alert to a SIEM system and alert the owner that action must be taken! KeyScalers continuous assurance further mitigates the risk of a Threat Actor using the information for further malicious activities as it automatically and continuously checks devices credentials helping to reduce risk to the supply chain.  

If you have enjoyed this article and would like to learn more about how Device Authority can help with your SBOM requirements, please follow the below link: https://www.deviceauthority.com/sbom/ 

 

WRITTEN BY
Louise José