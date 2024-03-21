



Editor's Note: Cybersecurity company NetRise has developed a platform that specifically addresses software supply chain vulnerabilities within the Extended Internet of Things (XIoT) and Cyber-Physical Systems (CPS). Its newest solution, Trace, leverages large language models and Cloud SQL for PostgreSQL to enable efficient vulnerability detection and code origin tracing. By integrating with Google Cloud's fully managed services, NetRise has reduced processing times and increased scalability. NetRise and Google Cloud's partnership not only delivers improved security ratings, but also promises to shape future product security practices across the industry.

The NetRise platform enables users to identify risks in software components within embedded systems that were previously considered black boxes. During this mission, we discovered that vulnerabilities in third-party software, primarily built on open source software (OSS), were a significant blind spot for security operations teams.

The lack of standardization in open source software makes global analysis particularly difficult, especially during supply chain attacks. This complexity is further magnified within the Extended Internet of Things (XIoT) and Cyber-Physical Systems (CPS). Here, embedded systems are often obscured by separate manufacturer standards and proprietary firmware package formats, making automated analysis technically demanding.

These challenges not only emphasize the need for robust solutions, but also the value of scalability, ease of use, and accuracy in a realm clouded by complexity.

Initiatives for the invisible

At the heart of our approach to solving supply chain vulnerability challenges is Trace, a combination of large-scale language models (LLM) and Cloud SQL for PostgreSQL. The use of a fully managed relational database is critical to Trace, supporting data management and querying capabilities while enabling efficient and accurate vulnerability detection and code origin tracing.

Security teams can perform broad, scalable searches across all file assets without having to reprocess the same NetRise asset images (files in embedded systems). Imagine malicious code infiltrating a Python package. Tracing pinpoints the affected NetRise asset, file, or open source package and provides clear graph-based visualization of the impact.

Complementing Trace is a unique extraction engine that analyzes complex software file formats such as firmware, standalone software packages, Docker images, virtual machines, bootloaders, and ISOs. When assets enter the NetRise system, they first pass through this cloud-based extraction engine to reveal nested file formats.

The extracted text file is converted to a vectorized numerical representation using machine learning techniques. These embeddings are stored in Cloud SQL for PostgreSQL using pgvector. This enables semantic search using natural language (e.g., hard-coded credentials and keys) and simplifies analysis. Implementing pgvector within Cloud SQL allows you to handle more complex queries and larger datasets, resulting in a more robust and scalable product.

A task that would take an entire day can now be completed in minutes

Turning to Google Cloud managed services was a game changer for us. Cloud SQL helped us extend our architecture and optimize our queries, significantly reducing the time and resources required to perform data analysis. Additionally, by using pgvector, we were able to cut server resources in half and reduce response time by 60%. This is very important to maintain a good user experience.

Most notably, the combination of Cloud SQL and pgvector provides tracing capabilities for customers and in-house researchers, saving months of manpower that would traditionally be spent on detection engineering. The impact is to deliver an incredible 10x improvement in threat investigation and security operations, strengthening Netrises' investigation and advisory use cases and our customers' ability to proactively and reactively respond to security challenges.

Cloud SQL allows us to focus on our core competency: building great security products for our clients. This allows us to reallocate funds traditionally allocated to infrastructure engineering to strengthening our team of security researchers and detection engineers.

We switched from Elasticsearch to BigQuery to speed up our data processing capabilities. A process that used to take an entire day is now completed in minutes. For example, in a recent benchmark that processed 33,600 assets, a task that normally took over 24 hours now completed in just 47 minutes, over 30 times faster than his original speed.

The combination of BigQuery and Cloud SQL highlights the power of a unified data cloud ecosystem. BigQuery analytics and Cloud SQL operational database management have enhanced our ability to process large data quickly and accurately, improving our analytical capabilities and decision-making processes.

