The Security Strategist 28 September 2022 2 MIN

Beyond Identity: Software Supply Chain Attacks and the Best Defence

em360tech image

Beyond Identity: Software Supply Chain Attacks and the Best Defence

Ceros by Beyond Identity

A software supply chain attack is when someone infiltrates your system by attacking a third-party provider or partner with access to your data. 

Recent high-profile supply chain attacks, most notably SolarWinds, has this type of attack into the public eye, and it’s clear that with more suppliers handling sensitive data than ever before, the attack surface of a typical enterprise has been changed dramatically. 

In this episode of the EM360 Podcast, Analyst Richard Stiennon speaks to Suresh Bhandarkar, Director of Product Solution Architecture at Beyond Identity, to discuss:

  • Software supply chain attacks
  • Weaknesses in the CI/CD pipeline
  • The issue of software code provenance

Beyond Identity cuts through the anonymity of to provide a secure, scalable way for development and GitOps teams to immutably sign and verify the author of every commit. Their author verification API in proves that what you’ve shipped is what your developers actually built—and that nothing else got added.

Ceros from Beyond Identity is the trust enforcement layer for the agent era. It binds every AI agent, and the human and device behind it, to a hardware-bound identity, so credentials can't be stolen and no agent action is anonymous. Security teams set the policy; Ceros enforces it continuously at runtime, across every tool call, MCP connection, and agent session. Enterprises get to deploy autonomous AI at the pace the market demands without giving up visibility, governance, or control. Get started at ceros.sh

Comments ( 1 )

Jack Bradley

06/10/2022

Great discussion - I wasn't previously aware of the weaknesses in the CI/CD pipeline!