NetRise Releases Industry’s First AI-Powered Semantic Search for Software Supply Chain Security

Nov 9, 2023 5:00:00 AM | Press Releases NetRise Releases Industry’s First AI-Powered Semantic Search for Software Supply Chain Security

New solution finds compromised, vulnerable assets across firmware & cyber-physical systems using AI.

AUSTIN, TX – November 9, 2023 – NetRise, the company providing granular visibility into the world's Extended Internet of Things (XIoT) security problem — encompassing the modern firmware and software component security challenges of IT, OT, IoT, and other connected cyber-physical systems — today announced the release of Trace in the NetRise Platform. This new solution allows users to identify and validate compromised and vulnerable third-party and proprietary software assets using AI-powered semantic search for the first time.

Trace revolutionizes vulnerability detection and validation by introducing intent-driven searches, allowing users to search their assets based on the underlying motives or purposes behind the code and configurations that lead to vulnerabilities rather than solely relying on signature-based methods. Rather than searching for specific code patterns or known vulnerabilities, users can query the system based on the intent of malicious actors or negligent developers. Such a method captures a wider range of software packages, misconfigurations, or unidentified flaws. Trace highlights affected assets, files, and packages utilizing natural language, mapping their intricate relationships across the entire software supply chain without the need for a scanning mechanism.

“Identifying issues in XIoT devices and their components has been an especially challenging problem,” said Michael Scott, Co-Founder, CTO, and Chief Scientist of NetRise. “This product release represents a significant advancement in product security and streamlines the detection and resolution of issues in complex systems. Moreover, it changes how NetRise customers discover and address issues more generally, with AI as a key driver in process enhancements.”

Trace is the first solution to integrate AI-driven semantic search, supply chain impact analysis, and vulnerability validation utilizing large language model (LLM) capabilities, which offer customers a unified and potent solution to detect known and hidden threats in low-level firmware and other cyber-physical systems.

Key enhancements and capabilities of the new Trace solution in the NetRise Platform include: 

  • AI-Powered Search: Semantic and keyword-based search for all files, operating system configurations, and vulnerabilities across all assets using AI.
  • Deep Supply Chain Introspection & Origin Tracing: Discover and trace the origin of code and risk back to the third-party or proprietary software packages that introduced it across all assets.
  • LLM-Based Vulnerability Discovery & Validation: Identify vulnerabilities and gauge their impact in the software supply chain using code-based or broad natural language queries, validating issues across an organization's firmware, software, and cyber-physical systems.

    Supply chain compromises are increasing, often targeting firmware or open-source software packages through dependency poisoning and other attacks. A widespread effort across numerous industries, involving both public and private sectors, is underway to discern which assets, devices, and software contain compromised software packages and vulnerabilities. The complexity of analyzing device firmware and build artifacts further exacerbates this challenge.

    NetRise addresses these challenges by enabling organizations to quickly trace all impacted assets using a single query. Upon identifying a positive match, it generates a comprehensive graph of the affected software supply chain components, eliminating the need for repeated scans or asset reprocessing. This approach is essential in discerning the extent of threats — from nation-state actors to inherent vulnerabilities and inadequate development practices — across devices, firmware, and software packages.

    For more information about the Trace feature and its benefits, please visit: https://www.netrise.io/xiot-security-blog/trace-solution-benefits

    About NetRise
    Based in Austin, Texas, NetRise was built by defensive cyber experts bred across the private sector, intelligence community, and U.S. federal government to solve the firmware security problem. The company is partnering with companies across manufacturing, automotive, medical devices, industrial control systems, satellites, and many more. https://www.netrise.io/ 

    Media Contact:
    Michelle Yusupov
    Hi-Touch PR
    443-857-9468
    yusupov@hi-touchpr.com
NetRise

Written By: NetRise