NetRise, the company solving the world’s XIoT security problem, announced today an integration partnership with Qwiet AI, the first in the AppSec industry to provide AI-powered detection of vulnerabilities in software code.
By automating the detection and remediation of vulnerabilities in a wide array of Cyber-Physical Systems (CPS), including firmware, XIoT devices, containers, and more, NetRise’s cutting-edge solution revolutionizes the cybersecurity landscape. Drawing on the unique background of its team members, which includes expertise in machine learning, endpoint management, DoD, and cybersecurity, NetRise delivers unparalleled protection. The innovative platform harnesses machine learning to detect vulnerabilities, enrich context, and identify components, providing unprecedented value to enterprises, manufacturers, and consulting firms navigating the increasingly complex world of cybersecurity.
Qwiet AI’s application security platform (based on their patented Code Property Graph) allows customers to find vulnerabilities quickly and accurately in their code while still in development. On top of years of experience in the code security space, Qwiet AI has added an additional layer of detection by utilizing a powerful AI engine trained to detect known and unknown vulnerabilities in both open source and proprietary code libraries, allowing Qwiet AI customers to detect new vulnerabilities at a level unmatched in the application security space.
Organizations who take advantage of the strengths of both NetRise and Qwiet AI will benefit from complete code security coverage from the firmware running their CPS to the applications used to manage and integrate them, providing a previously unseen level of security.
About NetRise
Based in Austin, Texas, NetRise was built by defensive cyber experts bred across the private sector, intelligence community and U.S. federal government to solve the firmware and supply chain security problem. NetRise is currently partnering with companies across manufacturing, automotive, medical devices, industrial control systems, satellites and many other devices powering society.
About Qwiet AI
Driven by a powerful AI engine developed by NumberOne AI, Qwiet AI’s platform is the first in the industry to provide AI-driven detection of zero-day and pre-zero-day vulnerabilities in code. Backed by SYN Ventures, Bain Capital Ventures, Blackstone, Mayfield, Thomvest Ventures, and SineWave Ventures, Qwiet AI is based in San Jose, California.
ESET Discovers Corporate Secrets and Data on Recycled Company Routers
Posted in Commentary with tags ESET on April 18, 2023 by itnerdESET, a global leader in digital security, today unveiled new research into corporate network devices that were disposed of and sold on the secondary market. After looking at configuration data from 16 distinct network devices, ESET found that over 56% – nine routers – contained sensitive company data.
Of the nine networks that had complete configuration data available:
Organizations often recycle aging tech through third-party companies that are charged with verifying the secure destruction or recycling of digital equipment and the disposal of the data contained therein. Whether an error by an e-waste company or the company’s own disposal processes, a range of data was found on the routers,
The routers in this research originated at organizations ranging from medium-sized businesses to global enterprises in a variety of industries (data centers, law firms, third-party tech providers, manufacturing and tech companies, creative firms, and software developers). As part of the discovery process, ESET, where possible, disclosed the findings to each identified organization – several of them household names – collaborating to ensure they were aware of the details potentially compromised by others in the chain of custody of the devices. Some of the organizations with compromised information were shockingly unresponsive to ESET’s repeated attempts to connect, while others showed proficiency, handling the event as a full-blown security breach.
Organizations are reminded to verify that they are using a trusted, competent third party to dispose of devices, or that they are taking all the necessary precautions if handling the decommissioning themselves. That should extend past routers and hard drives to any device that’s part of the network. Many organizations in this research probably felt that they were contracting with reputable vendors, but their data still leaked. With this in mind, it’s recommended that organizations follow the manufacturer’s guidelines for removing all data from a device before it physically leaves their premises, which is a simple step that many IT staff can handle.
Organizations are reminded to treat disclosure notifications seriously. Doing otherwise may leave them vulnerable to a costly data breach and significant reputational damage.
At RSA 2023, this research called “We (Could Have) Cracked Open the Network for Under $100” will be presented on April 24, 2023, at 9:40 a.m. PT.
To read the white paper, which includes resources on secure device disposal, visit WeLiveSecurity.
Leave a comment »