Group-IB Advocates Daily SBOM Use for Proactive Supply Chain Security
Group-IB's Anastasia Tikhonova proposes integrating Software Bill of Materials (SBOMs) into daily security operations for enhanced vulnerability management and incident response.

Anastasia Tikhonova, Global Threat Research Lead at Group-IB, is urging organizations to move beyond treating Software Bill of Materials (SBOMs) as mere compliance documents. In a recent discussion, Tikhonova emphasized the critical need to operationalize SBOMs, integrating them into the daily workflows of security teams. This proactive approach, she argues, can significantly enhance an organization's ability to manage software supply chain risks effectively.
Tikhonova advocates for the daily use of SBOMs in several key areas. Firstly, they are crucial for rapid vulnerability triage, allowing teams to quickly identify and prioritize software components that are affected by newly disclosed vulnerabilities. Secondly, SBOMs can streamline vendor access reviews, providing a clear inventory of the software and dependencies used, which aids in assessing third-party risk. Furthermore, they play a vital role in identity monitoring by mapping software components to potential access points and can be instrumental during incident response to understand the scope of a compromise.
Group-IB's research, as highlighted in their High-Tech Crime Trend Report 2026, reveals a disturbing trend: supply chain attacks are increasingly becoming the connective tissue between seemingly disparate cyber threats. These attacks now serve as a common pathway linking phishing campaigns, ransomware operations, and data breaches. The underlying mechanism is the exploitation of 'inherited trust,' where a compromise in one trusted component or vendor cascades through the supply chain to affect numerous downstream targets.
Tikhonova detailed practical steps for organizations to better manage these risks. This includes prioritizing exposed systems based on their criticality and potential blast radius, defining clear 'compromise windows' to understand the timeline of an attack, and implementing robust strategies for containing stolen credentials. Effective vendor risk scoring, based on the level of access granted and the potential impact of a compromise, is also a critical component of this strategy.
The threat landscape is evolving at an unprecedented pace, exacerbated by the increasing sophistication of threat actors. Tikhonova specifically warned about the impact of Artificial Intelligence (AI) on attack timelines. Attackers are leveraging AI to compress the time it takes to identify vulnerabilities, develop exploits, and execute attacks, shrinking timelines from weeks to mere minutes. This acceleration demands a corresponding acceleration in defensive capabilities and proactive security measures.
By embedding SBOM analysis into daily operations, organizations can gain a more granular and real-time understanding of their software dependencies and associated risks. This shift from a reactive, compliance-driven approach to a proactive, operational one is essential for building resilience against the sophisticated and rapidly evolving threats targeting the software supply chain. The goal is to transform SBOMs from static reports into dynamic tools that empower security teams to anticipate, detect, and respond to threats more effectively.