Sorenson Ventures: Why we Invested in NetRise

Cybersecurity is a space that gets a lot of attention. And rightly so. As businesses and consumers increasingly rely on digital technologies, the number of cyber attacks, and the amount of money and resources devoted to protecting digital assets, are rising exponentially.

Recent market numbers tell a scary story.

According to Check Point, a leading security software firm, cyber attack volume reached an all-time high in the final quarter of 2021 fueled by the Log4j vulnerability. Check Point’s research indicates that 2021 corporate cyber attacks rose 50% over the previous year. On average, that’s 925 weekly attacks per organization.

You read that right. Just to keep systems safe, the typical company has to fend off nearly one thousand malicious attempts on a weekly basis.

Defending attacks at this scale doesn’t come cheap. Gartner projects that worldwide business cyber defense spending will reach $170 billion this year and should more than double to nearly $400 billion by 2027.

Enterprise security experts probably won’t find the underlying trends or the magnitude of the problem overly shocking. Expanding attack surfaces, rising data volumes, and growing user numbers combine to increase the scope and complexity of effectively defending digital assets and infrastructure.

What’s more surprising is that not all critical attack surfaces and vulnerabilities are treated, or protected, equally. Although laptops and desktops, servers, and peripherals are widely recognized as potential entry points for malicious activity, less recognized attack vectors like firmware, for example, are woefully underprotected.

Most people don’t get overly excited about firmware–the low-level software instructions that control how devices communicate with other hardware and direct basic tasks and functions–but it serves a fundamental role in the operations of tens of billions of hardware devices. From a cyber vulnerability perspective, firmware represents a critical attack vector for hardware devices and the corresponding physical infrastructure it supports, like power plants, pipelines, and surveillance equipment.

Think Colonial Pipeline and Solarwinds. When xIoT (extended Internet of Things) firmware is infected with malicious code, devices can be taken over to spy on activity, exfiltrate sensitive data, or remote control industrial equipment or critical infrastructure.

That’s where NetRise comes into play.

NetRise focuses squarely on firmware and xIoT device security. The company was started as a result of its founders’ experience in protecting distributed systems and building cyber defense products at government, military, and commercial organizations, as well as from operational security roles at large financial services and energy firms.

NetRise founders Tom Pace and Mike Scott realized that billions of hardware devices beyond traditional endpoints–laptops and desktops, servers, and peripherals–aren’t getting the attention they deserve in terms of the immense security risk they represent. They set out to create an xIoT and firmware security platform that was purpose-built to meet the needs of industrial control systems; IoT and medical devices; vehicles, and telecommunications equipment.

There are nearly 20 billion IoT endpoint devices from these underprotected categories out in the wild today. That’s a number that is set to double in the next 2.5 years. More importantly from a cyber security perspective, since 2019, 83% of enterprises have been attacked through the insecure firmware that helps manage their connected hardware devices.

This firmware risk is only going to escalate further through the combination of three important secular trends. First, billions of new, and highly vulnerable, devices come online every year. Second, digitization of manufacturing and smart city infrastructure is accelerating. Third, the number of remote workers and reliance on distributed workforces increases the magnitude of sensitive information flowing through relatively under-protected hardware.

NetRise has developed a single SaaS platform to manage, secure, and report on firmware devices for organizations of all sizes. They call it Turbine. Unlike the traditional outside-in scanning methods that provide incomplete and inconsistent assessments, Turbine probes deep within the proverbial black box of xIoT devices to provide a holistic vulnerability analysis.

Turbine evaluates device file systems, kernels, operating systems, and individual components contained within the firmware to identify vulnerabilities and configuration issues. It uses advanced machine learning models and a variety of sophisticated analytical techniques, such as many-to-many, static, dynamic, and vulnerability analyses as well as emulation, fuzzing, and supply chain integrity verification, to correlate data and identify potential risks and suspicious activity across multiple sources.

In addition, NetRise Turbine employs a suite of analysis plugins that identify common vulnerabilities and exposures (CVEs) as well as risks associated with certificates, public/private keys, embedded authentication secrets and credentials, binary hardening mechanisms, and configuration issues, among many other areas. Turbine considers all of these factors as it prioritizes issues, assigns device risk scores, and helps security teams optimize their threat response activities. Traditional security products, in contrast, only focus on the operating systems and configuration settings of these devices while neglecting the actual firmware. Through its firmware analysis, Turbine delivers a comprehensive picture of what’s on the device, how it works, and the risks for end users and manufacturers.

What’s unique about NetRise is the company’s singular focus and determination to provide comprehensive and ongoing visibility into the inner workings of xIoT devices. Turbine gives security teams an efficient and comprehensive way to monitor and analyze device components automatically and continuously to serve as the foundation of an effective xIoT vulnerability management program. These capabilities will become increasingly important as manufacturers and end users are expected to track Software Bill of Materials (SBOM) for new devices–as mandated by the U.S. federal government–and highly vulnerable and frequently targeted older devices that are still running in their xIoT environments.

Although the size of the firmware opportunity and rapid projected market growth is what initially attracted us to NetRise, our ultimate investment decision was based on the confidence we had in the company’s leadership team. Once you get to know Tom and Mike, it’s easy to understand from where NetRise’s focus and culture emanates.

Tom and Mike proudly served for many years in boots on the ground infantry roles as well as intelligence specialists in the United State Marines Corps. They complemented their military experience with work in operational and product capacities in government agencies and the commercial arena. Having worked in both cyber security and IoT companies like Cylance and Tanium, they are a rare set of founders who have the experience to develop products that are focused on protecting critical infrastructure in large-scale distributed environments.

When you meet Tom and Mike in person, you quickly get a sense of their relentless focus and intensity. It’s evident in everything they do, whether they are engaging in an hours-long NetRise strategy discussion or a quick hallway conversation relating a progress update with a potential customer. Their sense of mission and singular focus made quite an impression on the Sorenson Ventures team.

We look forward to working with Tom, Mike, and the rapidly growing NetRise team as they bring increased visibility into the security and protection of billions of xIoT devices. In their case, keeping firmware boring might just be a good thing.