Strategic Acquisition Addresses Urgent Need in Organizations’ Ability to Verify and Secure Operational Technology and Software Providers
Exiger, the market-leading supply chain and third-party risk AI company, announced the acquisition of software supply chain risk visibility platformย aDolus Technology Inc. This acquisition enhances Exiger’s software supply chain visibility capabilities by integrating aDolus’ ability to generate software bills of material (SBOMs) and analyze binary for software provenance. This capability extends Exiger’s Ion Channel platform for SBOM analysis to binaries that have no SBOMs, as well as device firmware, operational technology (OT) and IoT.
Also Read: Leveraging AI and Machine Learning for DataSecOps
Since SolarWinds and Log4j, attacks, breaches and outages have ripped through corporate networks and headlines. From 2021 to 2025, the incidence of software supply chain attacks are expected toย triple, affecting an estimatedย 45%ย of organizations. The U.S. Federal Government’s actions to mitigate this risk includeย Executive Order 14028, the Food and Drug Administration’s SBOM requirements for medical devices and the Cybersecurity and Infrastructure Security Agency’s SBOM guidance. The recentย National Security Memorandum 22ย also specifically calls out threats to OT.
“While the public and private sector are adopting policies and solutions to address supply chain risks in new software going forward, there’s a glaring blind spot when it comes to spotting and rooting out vulnerabilities in operational or legacy technologies,” said Exiger Presidentย Carrie Wibben. “When you consider that the cost of simply maintaining these legacy systems exceedsย $1 trillion, you start to appreciate the scale of the gap in security across our software supply chains. Today, even our largest, most recognizable organizations are trying to bridge this gap in visibility with written vendor questionnaires. But with the acquisition and integration of aDolus, Exiger’s customers can independently verify suppliers’ attestations about the composition and security of their software.”
“Organizations across energy, telecom, manufacturing, defense and other high assurance environments are grappling with these black swan cyber events and regulatory headwinds,” said aDolus Founder and CEOย Eric Byres. “Working with Exiger over the past year has made clear the enormous need in the market but also the enormous opportunity presented by combining our capabilities to generate SBOMs directly from binary files, uncover hidden third-party risk and expose the full provenance of software components even if they’ve been rebranded, misattributed or counterfeited.”
aDolus leads the market in analyzing operational technology, real-time operating systems and Windows / Linux-based IT software. Its FACT platform delivers high-precision risk analytics, provides results tuned to maximize accuracy, generates retroactive SBOMs for legacy systems and verifies and validates current supplier SBOMs.
Also Read:ย Top Misconceptions Around Data Operations and Breaking Down the Role of a VP of Data Ops
“This acquisition allows our customers to ‘trust but verify’ when it comes to software visibility,” said JC Herz, Exiger Senior Vice President of Cyber Supply Chain. “Firmware and OT is packed with proprietary files that don’t appear in public package managers or open source data. Vulnerability scanners and DevOps tools have no coverage for these systems. But aDolus has analyzed millions of these proprietary files in industrial operations and with AI can identify their point of origin. We have already used this capability to unmask software suppliers that critical equipment manufacturers didn’t know were there.”
The combination of Exiger’s award-winning AI, theย Ion Channel platformย and aDolus empowers customers to achieve full cyber supply chain visibility, even in the absence of contractual leverage. This is a game changer for national security customers, and for asset owners in critical industries like energy, telecom, utilities and healthcare.
Cassels Brockย & Blackwell LLP served as Exiger’s counsel. This transaction complements the 2023ย Ion Channel acquisitionย and follows Exiger’s acquisition ofย Versed AIย earlier this month.
Also Read:ย AMD MI300 Seen In The Wild: Liftr Insights Data
[To share your insights with us as part of editorial or sponsored content, please write toย psen@itechseries.com]
