NetRise is a company with a platform that generates industry-best Software Bills of Material (SBOMs), identifies and prioritizes vulnerabilities, and uncovers non-CVE risks that would otherwise go undetected. Pulse 2.0 interviewed NetRise Chief Security Strategist Terry Dunlap to learn more about the company.
Terry Dunlap’s Background
What is Terry Dunlap’s background? Dunlap said:
“Being arrested at 17 years old (circa 1985) for hacking with a Commodore 64 and a 300 baud US Robotics modem didn’t stop me from achieving my goals. I obtained a top-level security clearance from the US government, where I then worked on offensive cyber operations with the US National Security Agency (2002-2007). After leaving the NSA, I launched my own hacking company and, 10 years later, spun out ReFirm Labs, which identified security vulnerabilities in IoT devices. The company was eventually sold to Microsoft, which led to my next adventure of launching Gray Hat Academy, where we teach cybersecurity professionals how to think and act like hackers. My journey brought me to where I am today, joining the NetRise team as SP of Corporate Strategy & Development, leading the company into its next growth phase and advancing innovation.”
Formation Of NetRise
How did the idea for the company come together? Dunlap shared:
“My role at NetRise is to be the ‘boots on the ground
in the DC area: to provide product strategy advice and to help shape the NetRise platform for DoD and Intelligence Community needs. I will help grow the company and build awareness on the hidden dangers in the supply chain.”
Favorite Memory
What has been your favorite memory working for the company so far? Dunlap reflected:
“I wouldn’t say a memory but more of a “wow factor.” I’m impressed with the quality of the team. It started with a few folks but it’s grown! And it’s grown with experienced product developers not developers who are learning on the job. These guys hit the ground running. That impressed me.”
Core Products
What are the company’s core products and features? Dunlap explained:
“The NetRise platform is the core product that helps device manufacturers comply with the multitude of Software Bill of Material (SBOM) requirements as well as vetting and validating their firmware for potential security vulnerabilities before they ship their products.Enterprise organizations use the NetRise platform to identify hidden vulnerabilities on their networks before attackers discover them.”
Evolution Of NetRise’s Technology
How has the company’s technology evolved since launching? Dunlap noted:
“Early in its development, the NetRise Platform was primarily designed to meet the needs of those companies that design, produce, and ship IoT devices. But over the last few years the technology has evolved to serve large enterprise organizations that procure, use, and maintain IoT devices and pretty much anything with compiled code.”
Significant Milestones
What have been some of the company’s most significant milestones? Dunlap cited:
“NetRise was founded during the height of the COVID pandemic. In just 3 years from those challenging early days the team have developed industry leading technology, raised two funding rounds, and signed large well-known device manufacturing customers, enterprise customers, and government customers who are typical early adopters of new cutting edge technologies.”
Customer Success Stories
When asking Dunlap about customer success stories, he highlighted:
“Our largest customer is a cybersecurity provider that specializes in enhancing cyber supply chain security for organizations that operate critical infrastructure. So far they have analyzed thousands of firmware images for SBOM generation and risk management purposes for their customers.”
Funding
When asking NetRise about the company’s funding details, he revealed:
“NetRise is VC funded and closed its most recent round in 2023 bringing total funding to about $15 million. The company is currently not cash flow positive due to purposefully hiring ahead of revenue growth.”
Total Addressable Market
What total addressable market (TAM) size is the company pursuing? Dunlap assessed:
“NetRise serves 4 large and distinct customer markets.
— Device Manufacturers / OEMs – They use the NetRise Platform in their software development process to ensure product security.
markets.
— Consulting Firms – They provide manual software analysis to customers and use the NetRise Platform for efficiency allowing them to focus on custom or vertically specific software NetRise may not support.
markets.
— Large Enterprises – They use the NetRise Platform for internal software development, for analyzing software during procurement, and for developing SBOMs and vulnerability information.
markets.
— Federal Government / DoD – Similar to enterprises.
We believe the market opportunity is about $23 billion.”
Differentiation From The Competition
What differentiates the company from its competition? Dunlap affirmed:
“NetRise is the only company that I’m aware of that can scan thousands of containers, firmware images, or compiled code at massive scale. Further, the NetRise Platform provides the most complete and transparent Software Bill of Materials (SBOM) for software supply chain visibility in the industry. This is possible due to the better file extraction, better component identification, and automated reverse engineering capabilities. Finally, the NetRise Platform provides the widest enterprise software coverage helping companies analyze, discover, and inventory almost any enterprise devices, software, and applications.”
Future Company Goals
What are some of the company’s future company goals? Dunlap emphasized:
“The future that NetRise is spearheading, is moving towards software discovery and visibility going much deeper than simple asset discovery and management. Comprehensive visibility across the entire software stack supports much stronger and more timely supply chain detection and response to vulnerabilities. But most organizations today are almost completely blind to their software, software components, and associated software risks running in their environments.”
“Complete software visibility allows for complete vulnerability and non-CVE risk identification and prioritization. This is the industry cybersecurity challenge that NetRise is addressing.”
Additional Thoughts
Any other topics you would like to discuss? Dunlap concluded:
“The role of software visibility in identifying and managing enterprise risks can’t be overstated. Afterall, vulnerabilities exist in software, so knowing what software components exist in your software is the foundational starting point for vulnerability and risk management. Rather than relying solely on traditional network-based vulnerability scanning which can under-report known vulnerabilities for embedded software by as much as 200 times, security teams can generate a complete list of CVE and non-CVE risks starting with exactly what software components are running, what vulnerabilities exist, and how these vulnerabilities are being exploited.”
