CIO Influence
CIO Influence News Security

NetRise Releases Industry’s First AI-Powered Semantic Search for Software Supply Chain Security

NetRise Releases Industry's First AI-Powered Semantic Search for Software Supply Chain Security

New Solution Finds Compromised, Vulnerable Assets Across Firmware & Cyber-Physical Systems Using AI

NetRise, the company providing granular visibility into the world’s Extended Internet of Things (XIoT) security problemĀ  encompassing the modern firmware and software component security challenges of IT, OT, IoT, and other connected cyber-physical systemsĀ  announced the release of Trace in the NetRise Platform. This new solution allows users to identify and validate compromised and vulnerable third-party and proprietary software assets using AI-powered semantic search for the first time.

PREDICTIONS SERIES 2024 - CIO InfluenceCIO INFLUENCE News:Ā Orasi Joins Google Cloud Partner Advantage

Trace revolutionizes vulnerability detection and validation by introducing intent-driven searches, allowing users to search their assets based on the underlying motives or purposes behind the code and configurations that lead to vulnerabilities rather than solely relying on signature-based methods. Rather than searching for specific code patterns or known vulnerabilities, users can query the system based on the intent of malicious actors or negligent developers. Such a method captures a wider range of software packages, misconfigurations, or unidentified flaws. Trace highlights affected assets, files, and packages utilizing natural language, mapping their intricate relationships across the entire software supply chain without the need for a scanning mechanism.

“Identifying issues in XIoT devices and their components has been an especially challenging problem,” saidĀ Michael Scott, Co-Founder, CTO, and Chief Scientist of NetRise. “This product release represents a significant advancement in product security and streamlines the detection and resolution of issues in complex systems. Moreover, it changes how NetRise customers discover and address issues more generally, with AI as a key driver in process enhancements.”

Trace is the first solution to integrate AI-driven semantic search, supply chain impact analysis, and vulnerability validation utilizing large language model (LLM) capabilities, which offer customers a unified and potent solution to detect known and hidden threats in low-level firmware and other cyber-physical systems.

CIO INFLUENCE News:Ā DigiKey Announces Global Partnership with Super Low Power IC Provider Ambiq

Key enhancements and capabilities of the new Trace solution in the NetRise Platform include:

  • AI-Powered Search:Ā Semantic and keyword-based search for all files, operating system configurations, and vulnerabilities across all assets using AI.
  • Deep Supply Chain Introspection & Origin Tracing:Ā Discover and trace the origin of code and risk back to the third-party or proprietary software packages that introduced it across all assets.
  • LLM-Based Vulnerability Discovery & Validation:Ā Identify vulnerabilities and gauge their impact in the software supply chain using code-based or broad natural language queries, validating issues across an organization’s firmware, software, and cyber-physical systems.

Supply chain compromises are increasing, often targeting firmware or open-source software packages through dependency poisoning and other attacks. A widespread effort across numerous industries, involving both public and private sectors, is underway to discern which assets, devices, and software contain compromised software packages and vulnerabilities. The complexity of analyzing device firmware and build artifacts further exacerbates this challenge.

NetRise addresses these challenges by enabling organizations to quickly trace all impacted assets using a single query. Upon identifying a positive match, it generates a comprehensive graph of the affected software supply chain components, eliminating the need for repeated scans or asset reprocessing. This approach is essential in discerning the extent of threats ā€” from nation-state actors to inherent vulnerabilities and inadequate development practices ā€” across devices, firmware, and software packages.

CIO INFLUENCE News:Ā Snowflake Puts LLM and AI Models in the Hands of All Users with Snowflake Cortex

[To share your insights with us, please write toĀ sghosh@martechseries.com]

Related posts

Deloitte Engineering Unlocking the Strategic Potential of Software and Product Development for Enterprises

PR Newswire

Code-X Introduces First Commercially Available Lattice-Based Data Protection Platform Validated by the United States Department of Defense

ARK Multicasting Launches Nationā€™s Largest Broadcast Internet Network

CIO Influence News Desk