Strategic Acquisition Addresses Urgent Need in
Organizations' Ability to Verify and Secure Operational Technology
and Software Providers
WASHINGTON,
July 30,
2024 /PRNewswire/ -- Exiger, the market-leading
supply chain and third-party risk AI company, announced the
acquisition of software supply chain risk visibility platform
aDolus Technology Inc. This acquisition enhances Exiger's software
supply chain visibility capabilities by integrating aDolus' ability
to generate software bills of material (SBOMs) and analyze binary
for software provenance. This capability extends Exiger's Ion
Channel platform for SBOM analysis to binaries that have no SBOMs,
as well as device firmware, operational technology (OT) and
IoT.
The combination of Exiger's award-winning
AI and aDolus empowers customers to achieve full cyber supply chain
visibility
Since SolarWinds and Log4j, attacks, breaches and
outages have ripped through corporate networks and headlines. From
2021 to 2025, the incidence of software supply chain attacks are
expected to triple, affecting an estimated 45% of organizations.
The U.S. Federal Government's actions to mitigate this risk include
Executive Order 14028, the Food and Drug Administration's SBOM
requirements for medical devices and the Cybersecurity and
Infrastructure Security Agency's SBOM guidance. The recent National
Security Memorandum 22 also specifically calls out threats to
OT.
"While the public and private sector are adopting
policies and solutions to address supply chain risks in new
software going forward, there's a glaring blind spot when it comes
to spotting and rooting out vulnerabilities in operational or
legacy technologies," said Exiger President Carrie Wibben. "When you consider that the cost
of simply maintaining these legacy systems exceeds $1 trillion, you start to appreciate the scale of
the gap in security across our software supply chains. Today, even
our largest, most recognizable organizations are trying to bridge
this gap in visibility with written vendor questionnaires. But with
the acquisition and integration of aDolus, Exiger's customers can
independently verify suppliers' attestations about the composition
and security of their software."
"Organizations across energy, telecom,
manufacturing, defense and other high assurance environments are
grappling with these black swan cyber events and regulatory
headwinds," said aDolus Founder and CEO Eric Byres. "Working
with Exiger over the past year has made clear the enormous need in
the market but also the enormous opportunity presented by combining
our capabilities to generate SBOMs directly from binary files,
uncover hidden third-party risk and expose the full provenance of
software components even if they've been rebranded, misattributed
or counterfeited."
aDolus leads the market in analyzing operational
technology, real-time operating systems and Windows / Linux-based
IT software. Its FACT platform delivers high-precision risk
analytics, provides results tuned to maximize accuracy, generates
retroactive SBOMs for legacy systems and verifies and validates
current supplier SBOMs.
"This acquisition allows our customers to 'trust
but verify' when it comes to software visibility," said JC Herz,
Exiger Senior Vice President of Cyber Supply Chain. "Firmware and
OT is packed with proprietary files that don't appear in public
package managers or open source data. Vulnerability scanners and
DevOps tools have no coverage for these systems. But aDolus has
analyzed millions of these proprietary files in industrial
operations and with AI can identify their point of origin. We have
already used this capability to unmask software suppliers that
critical equipment manufacturers didn't know were there."
The combination of Exiger's award-winning AI, the
Ion Channel platform and aDolus empowers customers to achieve full
cyber supply chain visibility, even in the absence of contractual
leverage. This is a game changer for national security customers,
and for asset owners in critical industries like energy, telecom,
utilities and healthcare.
Cassels Brock
& Blackwell LLP served as Exiger's counsel. This transaction
complements the 2023 Ion Channel acquisition and follows Exiger's
acquisition of Versed AI earlier this month.
About Exiger
Exiger is revolutionizing the way corporations,
government agencies and banks navigate risk and compliance in their
third-parties, supply chains and customers through its software and
tech-enabled solutions. Exiger's mission is to make the world a
safer and more transparent place to succeed. Empowering its 550
customers across the globe, including 150 in the Fortune 500 and
over 55 organizations across the Defense Industrial Base and
government agencies, with award-winning AI technology, Exiger leads
the way in ESG, cyber, financial crime, third-party and supply
chain management. Named one of Fast Company's 2023 'Brands That
Matter' and recipient of the Third Party Risk Association's 2024
Innovator Award, Exiger's work has been recognized by 40+ AI,
RegTech and Supply Chain partner awards. Learn more at Exiger.com
and follow Exiger on LinkedIn.
About aDolus Technology Inc.
The aDolus FACT platform solves an urgent
business need by providing continuous cybersecurity visibility and
risk intelligence on software as it flows between vendors/OEMs,
asset owners, and security service providers. Its AI-powered
aggregation, correlation, and analytics engine secures the software
supply chain. Tapping into 25 years of OT experience, FACT provides
actionable insights from the correlation of millions of software
components across products, product lines, and vendors. Visit us
at https://adolus.com.
For more information, please
contact:
Kody Gurfein
Chief Marketing Officer for Exiger
1.914.393.0398
kgurfein@exiger.com
View original content to download
multimedia:https://www.prnewswire.com/news-releases/exiger-acquires-adolus-to-enhance-software-supply-chain-visibility-in-increased-cyber-threat-environment-302209357.html
SOURCE Exiger