NetRise

NetRise is a cybersecurity company dedicated to securing the software supply chain. Its core mission is to provide organizations with unprecedented visibility into software and firmware components, enabling them to identify and mitigate risks effectively. NetRise aims to address the significant security gaps in the Extended Internet of Things (XIoT) and other connected systems by analyzing compiled code to uncover vulnerabilities that traditional methods may miss. The company’s goal is to empower both software producers and enterprise cybersecurity professionals to build and maintain a comprehensive and accurate inventory of their software assets.

NetRise’s primary objective is to enable organizations to proactively manage and respond to software supply chain risks. This is achieved by providing detailed insights and actionable intelligence, which allows for the prioritization of remediation efforts based on exploitability. The company has established a strong market reputation for its innovative approach to firmware analysis and its ability to generate comprehensive Software Bills of Materials (SBOMs). NetRise is recognized for helping organizations enhance their security posture and comply with evolving regulatory requirements.

Offerings, Capabilities, and Integrations

NetRise provides a software-as-a-service (SaaS) platform focused on software supply chain security. The company’s core competency lies in analyzing binary code, the compiled software that executes on devices, rather than source code. This “inside-out” approach allows NetRise to identify vulnerabilities, misconfigurations, and other risks in the software that is actually in use, which may be missed by traditional source code analysis. The platform offers visibility into the software components of a wide range of assets, including firmware for Extended Internet of Things (XIoT) devices, containers, and Windows applications. This provides a comprehensive view of software supply chain risks from a single pane of glass.

A key capability of the NetRise platform is its machine learning-based software composition analysis, which can identify software components even without traditional package manifests. The platform also generates detailed Software Bill of Materials (SBOMs), providing a complete inventory of software components and their dependencies. NetRise enriches this data with threat intelligence, including information from CISA’s Known Exploited Vulnerabilities (KEV) catalog, to help organizations prioritize risks. The platform’s API-driven architecture allows for seamless integration into existing CI/CD pipelines, vulnerability and threat management systems, and SOC workflows. NetRise integrates with tools such as Jira, ServiceNow, and Splunk, as well as cloud platforms like Google Cloud.

Products and Services

NetRise’s primary offering is its cloud-based software supply chain security platform. This platform provides continuous monitoring and analysis of firmware and software to identify vulnerabilities and other risks. The company’s flagship product is the NetRise Platform, which offers a suite of capabilities for software supply chain detection and response.

• Software Composition Analysis: NetRise utilizes proprietary machine learning algorithms to identify software components within binary files, providing a more accurate inventory than traditional methods.
• SBOM Management: The platform can generate, ingest, and enrich Software Bills of Materials (SBOMs) in standard formats like SPDX and CycloneDX. This provides a detailed view of all software components and their dependencies.
• Vulnerability and Risk Identification: NetRise goes beyond identifying Common Vulnerabilities and Exposures (CVEs) to also detect misconfigurations, weak credentials, and other non-CVE risks.
• Continuous Monitoring: The platform continuously monitors firmware and software for new vulnerabilities and threats, enabling rapid response.
• NetRise ZeroLens™: A newer product, ZeroLens, uses AI to proactively identify weaknesses in compiled code before they become known vulnerabilities. It provides AI-driven summaries and remediation guidance.
• NetRise Trace™: This AI-powered tool allows users to perform natural language queries across their software inventory to easily locate specific components or vulnerabilities.

Target Customers

NetRise targets two primary market segments: device manufacturers (OEMs) and enterprise organizations that use the devices. The company’s solutions are designed for those who build, buy, use, and maintain software.

• Device Manufacturers: This includes companies that produce networking equipment, industrial control systems (ICS), medical devices, automotive components, and other connected devices. These customers benefit by identifying and mitigating vulnerabilities in their products before they are shipped, ensuring compliance with industry standards, and being able to respond quickly to new threats.
• Enterprise Corporations: These are the end-users of the devices and software. For these customers, the NetRise platform provides visibility into the software they are using, allowing them to assess third-party risk, manage vulnerabilities across their asset inventory, and ensure the security of their operational technology (OT) and IT environments.

NetRise’s platform helps both types of customers to create a comprehensive software asset inventory, which is a foundational element of risk management. By providing detailed insights into the software supply chain, NetRise enables organizations to make more informed, data-driven decisions to strengthen their security posture.

Cloud Integrations and Marketplaces

NetRise offers a cloud integration with Google Cloud and is available on the Google Cloud Marketplace. NetRise does not have a presence on the AWS Marketplace or the Microsoft Azure Marketplace.

• Google Cloud Marketplace: The NetRise Platform is available for purchase and deployment directly from the Google Cloud Marketplace. This allows organizations using Google Cloud to access NetRise’s software supply chain security and Software Bill of Materials (SBOM) tools. The availability on the marketplace is part of a collaboration with Google Cloud to help analyze large amounts of data for vulnerability assessment.
• Google Cloud Integration: The NetRise platform integrates with Google Cloud to enhance its software supply chain security capabilities. Specifically, NetRise utilizes Google Cloud’s Cloud SQL for PostgreSQL and BigQuery to improve its data management and analysis, which enables more efficient and precise vulnerability detection. This integration supports the scalability of the NetRise platform.

Key People

• Co-Founder & CEO: Thomas Pace
• Co-Founder, CTO & Chief Scientist: Michael Scott
• CRO: Rick Beattie
• SVP of Corporate Strategy & Development: Terry Dunlap
• SVP of Marketing: Gary Schwartz
• Chief of Staff: Lessie Skiba
• VP of Engineering: Anthony Federsen
• VP of Field Engineering: Derek McCarthy
• VP of Business Development and Partners: Robbie Robbins
• VP of Finance and Operations: Brandon Somers
• Head of Customer Success: Jason Pitzen
• Senior Staff Engineer: Craig Heffner

Key Facts

• Headquarters Location: Austin, Texas.
• Number of Employees: Approximately 45.
• Annual Revenue: Estimated $7.3 million.
• Parent Company: None.
• Subsidiary Companies: None.
• Publicly Listed: No.

Analyst Recognition

Based on publicly available information, NetRise is not currently featured in technology categories or reports by Gartner, Forrester, IDC, or Everest Group.