Contact Us
Menu
Contact Us
banner-hero

NetRise News & Blog

by NetRise, on Jun 28, 2022 10:01:09 AM

In a recent post we identified the problem of “zero-awareness” – businesses often don’t know what xIoT devices are attached to their network and what risks and vulnerabilities those devices have. Why this problem exists is a conundrum, both easy to explain and impossible to explain. The easy explanation is that xIoT devices typically run firmware and our traditional security tools deal with software, not firmware. The conundrum is that firmware is software, so why …

Read Story

by NetRise, on May 31, 2022 9:51:33 AM

Risk management is a big part of running a business these days, especially in IT circles. Not only are threat actors always evolving and enhancing their attacks, but also the attack surface of organizations is constantly growing. The advent of IoT introduced literally millions if not billions of new devices for hackers to potentially exploit. Have you considered who really owns the risk associated with xIoT devices? Imagine it’s 2014 and your router was compromised …

Read Story

by Tom Alrich, on May 12, 2022 8:46:39 PM

I recently wrote two posts (the second one is here) about a chilling revelation that Tom Pace of NetRise made at an informal meeting I recently attended. NetRise specializes in firmware security, and Tom has  noted that a huge percentage of software and firmware products aren’t registered at all in the National Vulnerability Database (NVD), meaning there’s no CPE name registered for the product. This means there has never been a single vulnerability reported for the product. Thus, if …

Read Story

by Tom Alrich, on May 9, 2022 1:37:51 PM

A recent post described a presentation I saw last Friday by Tom Pace of NetRise, describing what seems to be a huge security problem. To summarize it: Do you think products with a lot of open vulnerabilities - as indicated by CVE’s listed for the product in the National Vulnerability Database (NVD) - are dangerous and should be avoided? If so, you’re right. By the same token, do you think a product with no open vulnerabilities – …

Read Story

by Thomas Pace, on May 4, 2022 2:27:06 PM

Join ASMGi and NetRise as we discuss the cyber security challenges of Enterprise IoT (XIoT) technology. XIoT is pervasive across critical and non-critical sectors, driving more connectivity than ever before between the cyber and physical worlds spanning industrial, healthcare, and enterprise environments. But deploying IoT and IIoT devices in traditional OT environments can create gaps in cyber security and cyber criminals are taking advantage of the weak security engineered into many XIoT devices to target …

Read Story

by Tom Alrich, on May 2, 2022 12:37:59 PM

I’ll be honest: It’s been quite a while since I seriously worried about anything in cybersecurity other than software vulnerabilities. Almost every serious cyberattack you can name in the last say five years, including Not Petya, SolarWinds, Kaseya, and literally every ransomware attack, was either based on or enabled by at least one software vulnerability. Of course, when the average cybersecurity person thinks about software vulnerabilities, they probably think of badly-trained (or simply incompetent) software coders …

Read Story

by Steve Struthers, on Apr 5, 2022 1:38:34 PM

In the world of xIoT security, we have learned some unfortunate and difficult lessons over the past decade. Events like Mirai, Shellshock, Heartbleed and Log4J have left so many of us with the question … “What’s next? And will it affect me?” Just as importantly, “will it be more or less destructive than what has come before?” The reality we are facing now is that 2021 was a year of significant growth of incidents within …

Read Story

by Jason Dely, on Mar 22, 2022 10:51:25 AM

Many companies have benefited greatly from rapid IT infrastructure changes to enhance a their overall capabilities and operational efficiency. By their very nature, companies operating Industrial Control Systems (ICS) - commonly considered Operational Technology (OT) - strive to derive value and tangible returns from investments made to support their company operations and to facilitate ongoing growth. Demands to perform and produce have never been greater, and today’s hyperconnected world serves to elevate the importance for …

Read Story

by NetRise, on Feb 14, 2022 7:32:31 PM

On the heels of President Biden's executive order focused on improving the Nation's cybersecurity, Software Bill of Materials (SBOM) has garnered unprecedented attention from security professionals in all niches of information security. With good reason, too - how are we supposed to secure mission critical systems (or any system, for that matter) if we don't know what software they're running and the various dependencies and supply chain behind that software? Adoption and implementation of SBOM …

Read Story

by NetRise, on Feb 3, 2022 4:38:35 PM

S4x22 is the largest and most comprehensive ICS-focused cybersecurity conference in the world. Hosted in Miami, Florida, S4 offers a unique take on the typical conference; complete with an exciting location and a variety of social events, while still bringing together the most talented and influential ICS security professionals the industry has to offer. Join us for three days of sun, sand, beer, and nerding out on xIoT security by getting your tickets at https://s4xeventscom/tickets/ …

Read Story

Subscribe to Newsletter