See demos of Tanium's latest features in the Comply module:
SBOM – Scan for vulnerabilities within software components, mapping to NIST NVD
Exceptions – Manage false positives, compensating controls, acceptable risk, etc.
CISA KEV – Prioritize remediation by known exploited vulnerabilities

#riskmanagement #compliance #vulnerabilitymanagement #informationsecurity #informationtechnology

ACRONYMS
CVE Common Vulnerabilities and Exposures
CPE Common Platform Enumeration
NVD National Vulnerability Database
NIST National Institute of Standards and Technology
CISA Cybersecurity and Infrastructure Security Agency
KEV Known Exploited Vulnerabilities
SCAP Security Content Automation Protocol

RESOURCES
Tanium Asset with SBOM
https://www.youtube.com/watch
Tanium Comply Investigations
https://www.youtube.com/watch
Converge labs sign up: Hidden Exposures: Unmasking Vulnerabilities and Software Ingredients With Tanium SBOM and Comply
https://converge.tanium.com
Comply SBOM Community Article
https://community.tanium.com/s/article/Comply-Exception-Management-and-SBOM
Docs
https://docs.tanium.com/comply/comply/vulnerability_assessment.html

CHAPTERS

00:00 Intro

01:00 Meet Joel

01:26 Converge lab for Tanium Comply, what's new

03:55 SBOM in Tanium Asset

08:15 SBOM in Tanium Comply

08:50 Mapping to NIST NVD National Vulnerability Database

11:35 SBOM in Tanium Comply

14:05 SCAP CPE Common Platform Enumerator string

15:50 Tanium Index configuration

17:55 Create an SBOM Assessment

20:05 SBOM Findings

20:46 Secure software development & coding practices

21:30 Exception Management & reporting

28:00 No more spreadsheet reporting tweaks

28:15 CISA KEV Known Exploited Vulnerabilities, prioritization

31:10 Tanium Comply customer feedback

32:39 Feed Notifications in console

33:35 Summary

34:05 Resources