CASE NO. 01 // SOCIAL ENGINEERING
The XZ Utils Backdoor
A malicious actor spent years cultivating trust to embed a backdoor into core infrastructure, triggering days of manual, panicky dependency tracing across the industry.
A malicious actor spent years cultivating trust to embed a backdoor into core infrastructure, triggering days of manual, panicky dependency tracing across the industry.
Before NetRiseWith NetRise
Days
of manual tracing — no efficient way to determine affected systems.
<1Minute
blast radius identified.
CASE NO. 02 // NESTED VULNERABILITIES
Log4j / Log4Shell
A critical vulnerability in a ubiquitous library was weaponized within hours of disclosure — leaving teams with no time to find where it lived inside their third-party applications.
A critical vulnerability in a ubiquitous library was weaponized within hours of disclosure — leaving teams with no time to find where it lived inside their third-party applications.
Before NetRiseWith NetRise
Months
of reverse engineering — no way to know where the library lived inside third-party applications.
0Days
to know which assets contain the vulnerable component the moment the CVE drops.
CASE NO. 03 // BUILD COMPROMISE
SolarWinds
Malicious code was injected directly into a legitimate product update during the build cycle, bypassing signature verifications and weaponizing a trusted vendor.
Malicious code was injected directly into a legitimate product update during the build cycle, bypassing signature verifications and weaponizing a trusted vendor.
Before NetRiseWith NetRise
9Months
inside a trusted vendor's update — reaching 18,000 organizations before anyone noticed, with no way to independently verify what the update actually contained.
0Vendor Trust Required
Binary analysis catches build anomalies before they reach production.
CASE NO. 04 // INTERDEPENDENT RISK
3CX
A 3CX employee downloaded a compromised software package — itself the product of a prior supply chain attack — inserting malware into 3CX's build pipeline and distributing it to 600,000 organizations worldwide.
A 3CX employee downloaded a compromised software package — itself the product of a prior supply chain attack — inserting malware into 3CX's build pipeline and distributing it to 600,000 organizations worldwide.
Before NetRiseWith NetRise
Unknown
which downstream networks were affected — and by the time anyone knew, thousands of organizations had already been compromised.
0Days
Latency between upstream compromise propagation and downstream visibility.
CASE NO. 01 // SOCIAL ENGINEERING
The XZ Utils Backdoor
A malicious actor spent years cultivating trust to embed a backdoor into core infrastructure, triggering days of manual, panicky dependency tracing across the industry.
A malicious actor spent years cultivating trust to embed a backdoor into core infrastructure, triggering days of manual, panicky dependency tracing across the industry.
Before NetRiseWith NetRise
Days
of manual tracing — no efficient way to determine affected systems.
<1Minute
blast radius identified.
CASE NO. 02 // NESTED VULNERABILITIES
Log4j / Log4Shell
A critical vulnerability in a ubiquitous library was weaponized within hours of disclosure — leaving teams with no time to find where it lived inside their third-party applications.
A critical vulnerability in a ubiquitous library was weaponized within hours of disclosure — leaving teams with no time to find where it lived inside their third-party applications.
Before NetRiseWith NetRise
Months
of reverse engineering — no way to know where the library lived inside third-party applications.
0Days
to know which assets contain the vulnerable component the moment the CVE drops.
CASE NO. 03 // BUILD COMPROMISE
SolarWinds
Malicious code was injected directly into a legitimate product update during the build cycle, bypassing signature verifications and weaponizing a trusted vendor.
Malicious code was injected directly into a legitimate product update during the build cycle, bypassing signature verifications and weaponizing a trusted vendor.
Before NetRiseWith NetRise
9Months
inside a trusted vendor's update — reaching 18,000 organizations before anyone noticed, with no way to independently verify what the update actually contained.
0Vendor Trust Required
Binary analysis catches build anomalies before they reach production.
CASE NO. 04 // INTERDEPENDENT RISK
3CX
A 3CX employee downloaded a compromised software package — itself the product of a prior supply chain attack — inserting malware into 3CX's build pipeline and distributing it to 600,000 organizations worldwide.
A 3CX employee downloaded a compromised software package — itself the product of a prior supply chain attack — inserting malware into 3CX's build pipeline and distributing it to 600,000 organizations worldwide.
Before NetRiseWith NetRise
Unknown
which downstream networks were affected — and by the time anyone knew, thousands of organizations had already been compromised.
0Days
Latency between upstream compromise propagation and downstream visibility.