2024 SC Awards Finalists: Best Supply Chain Security Solution

ARIA Cybersecurity Solutions has been named a finalist in the “Best Supply Chain Security Solution” category for its groundbreaking product, AZT PROTECT. This solution addresses the increasing threat of supply chain attacks targeting operational technology (OT) environments, which are critical to sectors like manufacturing. These attacks, highlighted by the SolarWinds breach, often bypass traditional cybersecurity defenses, putting critical infrastructure at risk.

AZT PROTECT stands out by using an AI-driven engine to monitor device activity continuously, automatically stopping known and unknown application exploits in memory before they can execute. It prevents unauthorized processes, injections, or code changes that are common in sophisticated supply chain attacks, making it particularly effective in air-gapped environments and those using legacy operating systems.

Since its launch in July 2023, AZT PROTECT has been rapidly adopted in industrial settings, including global pharmaceutical production facilities and Fortune 500 chemical manufacturers. The solution is valued for its ability to protect against unpatched vulnerabilities without impacting device performance or requiring continuous internet connectivity.

Designed for ease of deployment, AZT PROTECT can be fully operational in under an hour, requiring no specialized cybersecurity expertise. It is also available as an outsourced service with 24/7 monitoring through ARIA’s US-based Security Operations Center, ensuring data sovereignty. As the first product of its kind for OT environments, AZT PROTECT is redefining how critical infrastructure is protected from supply chain threats.

ProcessUnity has been named a finalist in the “Best Supply Chain Security Solution” category for its innovative Global Risk Exchange platform. This risk management software empowers enterprises to identify security gaps in their internal controls and suppliers, combining these insights into a comprehensive risk evaluation. The recent MOVEit incident and similar events have highlighted the growing threat of zero-day vulnerabilities within supply chains, and ProcessUnity’s Global Risk Exchange addresses this critical need.

The platform offers a wealth of features, including Predictive Risk Profiles, which anticipate how third parties will respond to assessments with up to 91% accuracy. It also provides Threat Profiles and Ransomware Risk Monitoring, enabling organizations to identify control gaps exploited in recent supply chain attacks. Additionally, the platform’s Attack Scenario Analytics map the entire Global Risk Exchange to over 150 MITRE ATT&CK® kill chains, enhancing the defensibility of customers’ ecosystems.

ProcessUnity’s strong customer base is evident from the record attendance at its recent customer summit, where professionals from major companies like Google and DTCC gathered to share insights and experiences. The company’s focus on upskilling users through programs like Platform Certification and an extensive online learning center ensures customers can maximize the value of their GRC programs.

Customers also benefit from ProcessUnity’s low total cost of ownership, thanks to the platform’s configurability, allowing users to modify it to suit their needs without waiting for provider-driven changes. With quarterly platform updates and a roadmap that includes enhanced predictive analytics and active threat response features, ProcessUnity’s Global Risk Exchange remains a top choice for organizations looking to secure their supply chains efficiently and effectively.

The Oligo Application Defense Platform targets the final and critical link in the software supply chain: applications at runtime. As components are added and modified throughout the software development lifecycle, complexity and vulnerabilities increase. Oligo provides visibility into every component of applications built, bought, or used, eliminating blind spots and ensuring the entire software supply chain is secure. Unlike other tools, which may miss threats, Oligo detects unusual behaviors that indicate vulnerabilities, like the XZ backdoor incident that other major tools failed to catch.

Oligo’s runtime protection goes beyond first-party application source code and unreliable SBOMs (Software Bill of Materials). While traditional solutions address only direct dependencies, Oligo’s unique capability allows organizations to limit library privileges and harden configurations, preventing exploitation even when malicious code remains in transitive dependencies until it’s fixed by the maintainer.

Oligo’s customer base, including Intel, Renault, and Nationwide, has grown rapidly, supported by partnerships with Intel, Salesforce, and Nvidia. Customers appreciate Oligo’s responsiveness to feedback, quick product updates, and the platform’s ease of deployment. The Oligo Platform is updated weekly, with ongoing efforts to enhance behavioral detection and response capabilities, ensuring robust protection against supply chain threats. Positioned at the end of the supply chain, Oligo’s platform uniquely observes and secures every link, making it an irreplaceable solution for its customers.

OPSWAT has been named a finalist in the “Best Supply Chain Security Solution” category for its innovative product, MetaDefender Software Supply Chain. This solution directly addresses the growing vulnerabilities within the software supply chain, such as malware, hardcoded credentials, and other embedded threats in source code. Given the increasing reliance on third-party and open-source components, MetaDefender Software Supply Chain is essential for safeguarding the software development lifecycle.

The platform offers a suite of critical features, including automated Software Bill of Materials (SBOM) generation, multiscanning with over 30 antivirus engines, proactive Data Loss Prevention (DLP) for hardcoded credentials, and comprehensive coverage across all development stages. It also incorporates Country of Origin technology to flag software components from adversarial nations, ensuring compliance and mitigating geopolitical risks.

Launched in April 2024, MetaDefender Software Supply Chain quickly gained traction among early adopters, with companies like Zoom and Hitachi providing positive testimonials. OPSWAT’s robust support framework, including 24x7x365 coverage and dedicated customer success managers, ensures clients receive timely assistance and maintain optimal product performance.

With frequent updates and a commitment to continuous improvement, MetaDefender Software Supply Chain remains at the forefront of supply chain security, helping organizations comply with evolving regulatory frameworks such as NIST, SOC2, and ISO 27001, as well as mandates like Executive Order 14028.

ReversingLabs Spectra Assure is positioned to address the critical issue of software supply chain security, a growing concern highlighted by Gartner and the 2024 Verizon Data Breach Investigation Report. As software attacks like SolarWinds, 3CX, and MOVEit become more prevalent, the need for a comprehensive solution is evident. Spectra Assure stands out by offering advanced capabilities beyond traditional tools, analyzing the entire software binary — proprietary, commercial, open-source code, and artifacts — to detect malware, tampering, and unauthorized changes.

The platform’s AI-driven complex binary analysis supports over 400 binary types and 4,800 file types, processing 1 GB of software in under five minutes, providing a comprehensive risk analysis. Additionally, Spectra Assure boasts the largest file threat repository with over 40 billion pieces of malware and attack intelligence, ensuring accurate threat detection and risk classification.

Adopted by companies like SolarWinds and Forescout, Spectra Assure has proven its value in securing the software supply chain. It offers a straightforward deployment process with minimal resource overhead, and its agile continuous improvement approach ensures ongoing updates and enhancements. The platform’s unique ability to analyze complete software packages without source code makes it indispensable for managing third-party risks, offering unmatched security for today’s complex software environments.