Vulnerability Information Linkage and SBOM Management Functions Added to IT Asset Ledger Tool "iTAssetEye®"

NTT TechnoCross Corporation (Headquarters: Minato-ku, Tokyo; President and CEO: Atsuko Oka; hereinafter "NTT TechnoCross") will begin offering a new version of its IT asset ledger tool "iTAssetEye" with new functions to support the management and visualization of vulnerability information, starting May 12, 2026.

The new functions support vulnerability information service linkage and SBOM (*1) management, assisting in the identification and remediation of security risks hidden in IT assets across the entire company or group.

Background

In recent years, due to the increasing sophistication of cyberattacks and the expansion of supply chain risks, IT security-related risks are recognized as critical management issues that profoundly affect not only IT system departments but also overall corporate management. In particular, ransomware damage and delays in vulnerability response pose significant risks to business continuity and corporate value.

On the other hand, with the expansion of cloud services and SaaS usage in addition to on-premise environments, the IT assets owned and used by companies have become diversified and dispersed, making it difficult to accurately grasp the status of IT assets across the entire company or group.

To comprehensively understand IT risks, there is a demand for a mechanism that not only manages hardware and software assets individually at the operational level but also centrally manages and visualizes IT assets across the entire company as a ledger, enabling the identification and judgment of inherent security risks from a management perspective.

"iTAssetEye" is a ledger tool that centrally manages IT asset information such as hardware, software, licenses, and business systems as a ledger, visualizing the IT asset status across the entire company. This new version adds vulnerability management functions, including vulnerability information service linkage and SBOM management. This enables accurate identification of vulnerability risks and response priorities for each asset, in addition to centralized IT asset information management, significantly contributing to reducing the operational burden on IT system departments and enhancing security measures.

By grasping IT assets across the entire company, early detection of security and license risks and rapid identification of the scope of impact in the event of an incident become possible, strongly supporting management's risk management and governance strengthening.

Furthermore, this function can also be utilized for compliance with various security and system management guidelines, including the "Guidelines for Cybersecurity in the Financial Sector" announced by the Financial Services Agency.

Features of the New Functions

(1) Visualization through linkage of IT asset information and vulnerability information

By associating IT asset information registered in "iTAssetEye" with information obtained from vulnerability information services, it becomes possible to grasp at a glance what kind of risks exist for which assets. This supports integrated operation without separating IT asset management and security measures.

"Tanium Autonomous IT Platform (hereinafter "Tanium")" has been adopted as the source for vulnerability information linkage at the time of service launch in April 2026, with plans for sequential expansion in the future.

(2) SBOM can be managed by linking it to system configuration information (CMDB (*2))

By importing Software Bill of Materials (SBOM) as data created in a predefined format (SPDX, CycloneDX) and linking it to system configuration information (CMDB), it is possible to accurately grasp the systems in use and their software components. This supports the efficiency of confirming the scope of vulnerability impact and investigations, enabling continuous management including changes in software configuration.

(3) Can be introduced by leveraging existing IT asset management and configuration management mechanisms

"iTAssetEye" is a ledger tool that centrally manages IT asset information such as hardware, software, licenses, and business systems. With this vulnerability management function, the scope of vulnerability risk management can be expanded while leveraging existing IT asset management and configuration management mechanisms.

Anticipated Use Cases

Centralized management of IT assets, including group companies, and cross-sectional understanding of vulnerability status.

Streamlining vulnerability investigations, inventories, and remediation efforts in IT system departments.

Support for compliance with various security and system management guidelines, including the FSA guidelines.

Endorsement from Mr. Hidenori Harada, President and Representative Director, Tanium G.K.

We are pleased that Tanium's expertise can be of service in the enhancement of "iTAssetEye" by NTT TechnoCross. As cyber risks become more sophisticated and commonplace, accurately and continuously grasping the status of IT assets based on real-time intelligence utilizing AI is indispensable for all organizations.

Through this collaboration, Tanium's vulnerability information and iTAssetEye's robust IT asset management