The guide offers supply chain risk intelligence for IT infrastructure including endpoints, servers, network devices, and cloud infrastructure products. Credit: Gorodenkoff / Shutterstock Digital supply chain security company Eclypsium has announced the launch of a new supply chain security guide to help IT, security, and procurement teams track risks and incidents. CIOs, CISOs, and supply chain leaders can use the guide to assess their exposure to supply chain cybersecurity threats and make better risk-based purchase decisions, the firm said in a press release. At launch, the guide includes verified details about products and components of hardware and software vendors including Dell, HP, Lenovo, HPE, Cisco, Intel, and NVIDIA, as shown in the image below. It will be available as a standalone SaaS offering that is complementary to and integrated with the Eclypsium Supply Chain Security Platform. Eclypsium Supply chain security a top priority for organizations, security leaders Supply chain security is a top priority for organizations and security leaders with several high-profile supply chain incidents affecting IT infrastructure in 2023. In March, it was revealed that the 3CX DesktopApp was compromised in a significant supply chain attack that saw a threat actor add an installer that communicated with command-and-control servers. In May, researchers detected suspected backdoor-like behavior within Gigabyte systems posing supply chain risks. In June, details emerged of a critical vulnerability (CVE-2023-34362) in a secure file transfer web application called MOVEit Transfer being exploited by hackers. By 2025, 60% of supply chain risk management leaders plan to use cybersecurity risk as a significant determinant in conducting third-party transactions and business engagements, according to Gartner. "Digital supply chain security is a board-level concern for many organizations, and there is an urgent need to provide a central repository for organizations to assess IT product risk," said Yuriy Bulygin, CEO and co-founder, Eclypsium. Guide analyzes, verifies security of products to give CISOs more confidence The Eclypsium guide will equip teams to track key supply chain risks/incidents and gauge if the products that they use or are considering purchasing are affected, according to the firm. "Traditionally, CISOs assess vendor risk through questionnaires during the onboarding process - that's just paper. Then they have to manage that third-party risk in production - that's bits and bytes," commented Allan Alford, CISO at Eclypsium. Eclypsium's new guide brings hard, technical data to the vendor risk management process, analyzing and verifying products at a technical level so that CISOs can have more confidence when making decisions, he added. Related content news analysis Attackers could abuse Google's SSO integration with Windows for lateral movement Compromised Windows systems can enable attackers to gain access to Google Workspace and Google Cloud by stealing access tokens and plaintext passwords. By Lucian Constantin Nov 30, 2023 8 mins Multi-factor Authentication Single Sign-on Remote Access Security feature How to maintain a solid cybersecurity posture during a natural disaster Fire, flood, eathquake, hurricane, tornado: natural disasters are becoming more prevalent and they’re a threat to cybersecurity that isn’t always on a company’s radar. Here are some ways to prepare for the worst. By James Careless Nov 30, 2023 8 mins Security Operations Center Security Operations Center Security Operations Center news Amazon debuts biometric security device, updates Detective and GuardDuty Amazon’s latest security offerings, announced at its re:Invent conference, cover everything from advanced biometrics to new tools for defeating runtime and cloud threats, including identity and access management (IAM) capabilities. By Jon Gold Nov 29, 2023 3 mins Biometrics Security Monitoring Software Threat and Vulnerability Management news Almost all developers are using AI despite security concerns, survey suggests About 96% of developers are using AI tools and nearly eight out of 10 coders are bypassing security policies to use them, while placing unfounded trust into AI’s competence and security, according to the report by Snyk. By John Mello Jr. Nov 29, 2023 4 mins Development Tools Security Practices Supply Chain Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe