Supply chain, Critical Infrastructure Security, AI/ML, IoT

NetRise Applies AI for Supply Chain Security

NetRise has unveiled Trace, a NetRise Platform solution helping users perform AI-powered semantic searches that "identify and validate vulnerable third-party and proprietary software assets," according to the company.

Trace represents the first solution to combine "AI-driven semantic search, supply chain impact analysis and vulnerability validation utilizing large language model (LLM) capabilities," NetRise said.

Supply Chain Attacks Are on the Rise

Cybercriminals are increasingly attacking supply chains' firmware or open-source software packages, NetRise said. They are launching these supply chain attacks against organizations in both the public and private sectors.

Meanwhile, many organizations encounter challenges as they try to analyze device firmware and identify compromised assets across their supply chains, NetRise stated. Now, Trace lets organizations use queries to identify compromised supply chain assets and generate graphs of affected software supply chain components.

NetRise Offers Intent-Driven Searches

With Trace, NetRise Platform users can perform intent-driven searches to detect and validate vulnerabilities, the business noted. They can search their assets based on the underlying motives or purposes behind code and configurations that lead to vulnerabilities.

To conduct an intent-driven search, a NetRise Platform user can query a system based on the intent of malicious actors or negligent developers. This allows a user to identify compromised software packages, misconfigurations and other flaws.

Furthermore, Trace uses natural language to map the relationships between assets, files and packages across supply chains, NetRise said. In doing so, Trace enables users to identify compromised assets, files and packages without having to scan them.

A Closer Look at the NetRise Platform

The NetRise Platform blends next-generation firmware and internet of things (IoT) security, the company said. It enables organizations to identify risks in software components running on their devices.

Key features of the NetRise Platform include:

  • Continuous device monitoring and analysis
  • Real-time risk tracking
  • Software bill of materials (SBOM) visibility
  • Risk visibility and scoring

How MSSPs Can Use the NetRise Platform

The NetRise Platform "provides a unique value proposition to MSSPs in that it allows rapid identification of a particular vulnerability or risk across many devices instantly," NetRise CEO Tom Pace told MSSP Alert.

MSSPs can utilize the NetRise Platform to quickly identify risks across their customers' eXtended IoT (XIoT) devices at scale, Pace noted. As such, the platform can help MSSPs save time as they manage customers' XIoT devices.

To date, NetRise has partnered with Fortress Information Security and other cybersecurity and technology providers. The company does not currently offer a channel partner program but may look to develop and launch one in the future.

Dan Kobialka

Dan Kobialka is senior contributing editor, MSSP Alert and ChannelE2E. He covers IT security, IT service provider business strategies and partner programs. Dan holds a M.A. in Print and Multimedia Journalism from Emerson College and a B.A. in English from Bridgewater State University. In his free time, Dan enjoys jogging, traveling, playing sports, touring breweries and watching football.