Editor’s note: NetRise, a cybersecurity company, has developed a platform to address software supply chain vulnerabilities, especially within the Extended Internet of Things (XIoT) and Cyber Physical Systems (CPS). Its latest solution, Trace, utilizes large language models and Cloud SQL for PostgreSQL for efficient vulnerability detection and code-origin tracing. By integrating with Google Cloud’s fully managed services, NetRise has reduced processing times and strengthened scalability. The partnership between NetRise and Google Cloud not only offers improved security evaluation but also promises to shape future product security practices across the industry.
NetRise’s platform can empower users to identify risks in software components within embedded systems, which have historically been considered black boxes. In advancing this mission, we see that the vulnerabilities of third-party software, which is largely built on open-source software (OSS), are a critical blind spot for security operations teams.
Marked by their lack of standardization, open-source software makes global analysis particularly challenging, especially during supply chain attacks. This complexity is magnified within the Extended Internet of Things (XIoT) and cyber-physical systems (CPS). Here, embedded systems are often obscured due to distinct manufacturer standards and proprietary firmware packaging formats, making automated analysis technically demanding.
These challenges not only highlight the need for robust solutions, but also emphasize the value of scalability, user-friendliness, and precision in a realm clouded by complexity.
Addressing the unseen
Central to our approach in untangling supply chain vulnerability challenges is Trace, which combines large language models (LLM) with Cloud SQL for PostgreSQL. Using a fully managed relational database is pivotal to Trace, underpinning our data management and query capabilities while enabling efficient and accurate vulnerability detection and code-origin tracing.
Security teams can perform broad, scalable searches across all file assets without reprocessing the same NetRise asset images (the files within their embedded systems). Imagine malicious code infiltrating a Python package. Trace pinpoints the affected NetRise assets, files, or open-source packages, and provides a clear graph-based visualization of the impact.
Complementing Trace is a proprietary extraction engine, which dissects complex software file formats for things like firmware, standalone software packages, docker images, virtual machines, bootloaders, ISOs, and more. When an asset is fed into the NetRise system, it first travels through this cloud-based extraction engine, which reveals any nested file formats.
The extracted text files are then transformed into vectorized numerical representations using machine learning techniques. These embeddings are subsequently housed in Cloud SQL for PostgreSQL with pgvector, which enables semantic searches using natural language (such as for hard-coded credentials or keys), simplifying analysis. The implementation of pgvector within Cloud SQL lets us handle more complex queries and larger datasets, for a more robust and scalable product.
Day-long turnarounds now take minutes
Turning to Google Cloud’s managed services was a game-changer for us. Cloud SQL helped us scale our architecture and optimize queries, significantly reducing the time and resources we needed to perform data analysis. And with pgvector, we were able to halve our server resources and cut response times by 60%, which is crucial in maintaining a superior user experience.
Most notably, the combination of Cloud SQL with pgvector provides trace capabilities to our customers and internal researchers, saving them months of manpower that they would have traditionally spent on detection engineering. The impact is a remarkable 10 times improvement in threat research and security operations, enhancing Netrise’s research and advisory use cases and our customers’ ability to respond proactively and reactively to security challenges.
By utilizing Cloud SQL, we can concentrate on our core competency: creating outstanding security products for our clients. This allows us to reallocate funds traditionally earmarked for infrastructure engineering toward enhancing our team of security researchers and detection engineers.
To accelerate our data processing capabilities, we switched from Elasticsearch to BigQuery. Processes that previously occupied an entire day now conclude in minutes. For instance, in a recent benchmark where we handled 33,600 assets, a task that typically extended beyond 24 hours is now completed in just 47 minutes — over 30 times faster than their original speed.
BigQuery coupled with Cloud SQL, highlights the power of having a unified data cloud ecosystem. Together, BigQuery’s analytics and Cloud SQL’s operational database management have enhanced our ability to handle large-scale data quickly and accurately, boosting our analytical capabilities and decision-making processes.
These Google Cloud tools allow us to process hundreds of terabytes of data efficiently resulting in faster, more accurate vulnerability assessments with zero downtime.
Charting a secure digital future
Our vision is straightforward: We want to enable our customers to have a comprehensive view of the present risk across all their assets, whether they are XIoT devices, virtual machines, Docker containers, or cloud assets. For us, securing the digital realm starts by understanding it fully.
By using AI and advanced analytics, we’re setting out to identify deeper issues in these assets, make the detection process simpler and more efficient, and develop clear, methodical approaches to resolving these issues.
Our bigger aspiration is to move into the next phase of extended detection and response (XDR), moving from asset-focused antivirus, to endpoint detection and response (EDR), and on to XDR. To do so, we’re introducing an added layer from supply chain dynamics, aiming to enhance detection and response strategies with real-time supply-chain-based alerts. The need for this added layer has recently been the topic of discussion by industry experts and analysts:
“Observing the cybersecurity landscape, we recognize a shift akin to the evolution from Endpoint Detection and Response (EDR) to Extended Detection and Response (XDR) now occurring with XIoT device security. Previously, the focus was on network traffic; now, we are seeing a deeper scrutiny of the device internals, including supply chains, firmware, and software components. Just as with the EDR to XDR shift, this transition is not just about enhancing security, but about fortifying our ever-more-connected digital ecosystem. As XIoT devices become increasingly embedded in our lives, understanding and securing their underlying components is an imperative for our digital future,” – Brad LaPorte, Gartner veteran and XDR, firmware security, and XIoT security industry expert
At NetRise, our focus on uncovering vulnerabilities within software supply chains and XIoT devices, is enhanced by Google Cloud’s solutions. Using Cloud SQL for PostgreSQL and BigQuery, we have transformed our data management and analysis capabilities, enabling efficient, scalable, and precise vulnerability detection.
This transformation has helped us streamline our operations, and elevated our ability to deliver comprehensive security insights. Ultimately, it can help us address the complex challenges of cybersecurity in today’s interconnected digital landscape.
At NetRise, we value the flexibility and detailed configuration Google offers in its cloud solutions. And it’s not just about the technology — Google Cloud’s teams are knowledgeable, responsive, and a pleasure to collaborate with. We’re confident that as we use more large language models and AI, Google will be right there with us, creating solutions for whatever challenges come our way.
Get started with Cloud SQL for PostgreSQL and BigQuery
-
Discover how Cloud SQL for PostgreSQL can help you run your business.
-
Learn more about BigQuery.
-
Start a free trial today! New Google Cloud customers get $300 in free credits.