Elementaris

We are pleased to announce the launch of the “Elementaris” risk management service for software supply chain.

The Log4J security vulnerability was a wake-up call to many that, due to today’s diverse use of open source components, frameworks and SW artifacts, there is significant potential for damage from externally purchased or used SW components. Unfortunately, Log4j was not an isolated case, but just the tip of the iceberg. The number of attacks carried out via the SW supply chain has increased massively in recent years.

Source: ENISA

Current new cases include software supply chain attacks in 3CX, a widely used desktop app, and MOVEit, a file transfer software. It is therefore not surprising that the EU’s Digital Operations Resilience Act (DORA), which was approved at the beginning of 2023, addresses this security risk as part of 3rd party risk management and has issued new regulations that affect both financial institutions and insurers with an EU connection as well as their critical ICT providers in Switzerland. In its last risk monitor on cyber risks, Finma identified malware risks (malware in advance by external service providers) as one of the top risks. The EU’s Cyber ​​Resilience Act (CRA) will also impose stricter requirements for manufacturers, importers and retailers of products with digital elements. Among other things, the CRA suggests using an SBOM (Software Bill of Material) and requiring it from suppliers. Without a systematic inventory of software delivery and continuous checking of the software used, a company exposes itself to significant cyber risks. IT departments often do not have sufficient resources and procedures to adequately counter this attack vector. We have developed the managed service “Elementaris”, which enables companies to inventory their SW artifacts in an automated and forgery-proof manner using SBOM and to continuously monitor them for malware, classify discovered vulnerabilities and assess their risk.

In addition to setting up and operating the software supply chain risk management service, we also offer the establishment of the necessary processes (e.g. integration into the company’s operational risk management and security office) as well as an independent external risk scoring of the software components. In addition to strengthening operational risk management, Elementaris can also be used in SW procurement and the extended supply chain (SW suppliers and SaaS providers).

If you have any questions about our service Elementaris or interested in a demo, please do not hesitate to contact us (call us at , write us an ).