BioTech Company: Validating Third-Party Lab Software with Spectra Assure
A leading biotechnology company lacked confidence in their existing testing tools for the software running on their critical lab equipment. Relying mainly on questionnaires and lackluster scanning tools, these methods fell short of providing adequate visibility and protection against risks like malware, tampering, and other embedded threats. The company needed a robust solution to secure the software on their lab equipment and ensure comprehensive risk analysis and visibility.
Spectra Assure™ allowed the security and threat management teams to assess highly specialized laboratory software for embedded threats in minutes, without the need for source code. It also allowed them to seamlessly and securely communicate those findings back to the vendor for expedited remediation.
Automating Third-Party Software Risk Management
Prior to deploying Spectra Assure, the company’s third-party software risk management strategy relied on manual, time-consuming assessment methods like security questionnaires and a subpar binary analysis tool that did not provide critical risk insights. This process created bottlenecks for certain commercial software deployments, impacting internal end users who needed access to critical lab software.
Spectra Assure provided the critical comprehensive analysis of third-party software needed by the team - deconstructing large and complex software packages in minutes without the need for source code. This saved the security team countless hours and cycles that would have been spent reviewing vendor questionnaire responses. The Spectra Assure SAFE Report aggregated the analysis into specific risk categories, providing the team with a simple way to discern whether a commercial software package is safe to deploy.
Visibility Gaps Removed from Critical Lab Software
To bring innovative medical treatments to market, the biotech company relies on a suite of mission-critical laboratory software — software that is not readily provided by a lot of vendors. Due to the highly specialized nature of these solutions, they needed a way to assess their laboratory software portfolio for embedded threats that could expose their business to targeted software supply chain attacks or IP theft.
Spectra Assure provided a comprehensive analysis of their third-party software risk layer. This included a complete SBOM along with an actionable risk assessment of the entire software application to identify malware, tampering, exposed secrets, suspicious behaviors, and more. By analyzing the commercial software binary’s underlying behaviors, Spectra Assure serves as an early warning system to flag potential software supply chain threats, giving their security team the runway they need to quarantine potentially malicious packages and establish the proper controls.
Shareable SAFE Reports Expedite Vendor Fixes
The company was keenly aware that their current commercial software testing methodology did not account for several key software supply chain threat categories. While their existing tools were able to account for CVEs within commercial software packages, they needed insight into the broader spectrum of software threats like malware, tampering, and malicious behaviors. More importantly, they needed a way to seamlessly communicate these findings with their vendors so that they could take the necessary steps to fix any flagged security issues.
The Spectra Assure SAFE Report delivers comprehensive software risk assessments and a consolidated view of the most imminent risks and threats. The SAFE report can be shared through a secure, timebound, password-protected link with the third-party software vendor. This process allowed the security team to successfully solicit action from vendors on a number of key security findings.
