NetRise is an Austin‑based cybersecurity company that builds a cloud platform for software supply‑chain and firmware security by analyzing compiled binaries to create accurate software asset inventories and SBOMs, helping organizations find hidden risk in deployed devices and software builds[1][5]. NetRise serves both product developers and enterprise security teams across industries, offering continuous monitoring, vulnerability tracing, and incident response tooling for XIoT (extended IoT) and other firmware‑containing systems[4][5].
High‑Level Overview
- Mission: NetRise’s stated mission is to eliminate “blind trust in software” by providing accurate, binary‑derived visibility into the software and firmware actually running on devices and systems[5].
- Investment philosophy / For an investment firm: Not applicable — NetRise is a portfolio company / operating company; it is not an investment firm (company profile and funding rounds are disclosed, but the entity operates as a cybersecurity vendor)[1][3].
- Key sectors: Enterprise security, product security, hardware and firmware vendors, XIoT environments, and any regulated industries that need SBOMs and device risk management[4][5].
- Impact on the startup ecosystem: NetRise’s tooling addresses a growing gap in firmware and software composition analysis; by enabling accurate SBOMs and binary‑level visibility it reduces vendor blind spots and raises the bar for secure product development and procurement practices across startups and OEMs[5][1].
- What product it builds: NetRise builds a cloud‑based platform (NetRise Platform, NetRise Trace, ZeroLens) that analyzes compiled code and firmware to produce software bills of materials, trace vulnerable components, and continuously monitor deployed assets for risk[1][5].
- Who it serves: Software producers, device manufacturers, enterprise security teams, procurement and third‑party risk managers across industries deploying XIoT and embedded systems[4][5].
- What problem it solves: It uncovers mismatches between declared manifests and actual compiled code, identifies hidden vulnerabilities and misconfigurations in firmware and binaries, and helps teams prioritize remediation and satisfy compliance or SBOM requirements[5][1].
- Growth momentum: NetRise launched publicly at Black Hat, raised seed and follow‑on rounds (including an $8M round and a $10M Series A in 2025), was added to the US DHS Approved Products list, won an AFWERX grant, recorded multiple years of multi‑fold revenue growth, and expanded headcount from a handful to ~40 employees by 2025[1].
Origin Story
- Founding year: NetRise was founded in December 2020[1].
- Founders and key partners: The company was co‑founded by Thomas (Tom) Pace (CEO) and Michael Scott (CTO & Chief Scientist); leadership also includes security and engineering veterans such as Rick Beattie (CRO) and others listed on the company site[1].
- How the idea emerged: NetRise was created to address shortcomings in device security by focusing on firmware and compiled software components where manifest‑based approaches miss real risk; the approach centers on analyzing binaries rather than relying solely on source manifests[1][5].
- Early traction / pivotal moments: Early customer acquisition occurred in 2022, the platform launched publicly at Black Hat 2022, NetRise Trace and ZeroLens product launches followed, and government recognition (DHS approved list, AFWERX grant) and patenting for ML‑based universal software component identification marked pivotal validation events[1].
Core Differentiators
- Binary‑first analysis: NetRise emphasizes analyzing compiled code and firmware (rather than only source manifests), producing an SBOM and risk view that reflect what actually runs on devices[5][1].
- Continuous, cloud‑based monitoring: The platform continuously monitors deployed assets and ingests multiple vulnerability and intelligence feeds to surface emerging threats and prioritize remediation[5][4].
- Traceability and graphing (NetRise Trace): Rapid tracing of impacted assets via a single query that builds a software supply‑chain graph to accelerate incident response and root‑cause analysis[4][1].
- Government and defense validation: Inclusion on the US DHS Approved Products list and an AFWERX grant signal credibility for defense/critical infrastructure use cases[1].
- Patented ML capability: NetRise holds a patent for machine‑learning based universal software component identification, which underpins its ability to identify components inside binaries[1].
- Industry focus on XIoT and firmware: Specialized tooling and workflows oriented to firmware, embedded devices, and extended IoT ecosystems that are often invisible to standard vulnerability management tools[4][5].
Role in the Broader Tech Landscape
- Trend they are riding: Growing regulatory and market pressure for SBOMs, software supply‑chain assurance, and firmware/IoT security trends are driving demand for binary‑level visibility[5][1].
- Why timing matters: High‑profile supply‑chain incidents, increased IoT/XIoT adoption, and emerging procurement rules and frameworks have created urgency for tools that verify what’s actually deployed versus what vendors declare[5][4].
- Market forces working in their favor: Regulatory push for SBOMs, increasing third‑party risk management budgets, and enterprise focus on operational technology (OT) and XIoT hardening expand the addressable market for binary‑analysis platforms[4][5].
- Influence on the ecosystem: By making accurate binary‑derived SBOMs and traceability more accessible, NetRise helps buyers demand higher assurance from suppliers and enables quicker, more precise incident response across device ecosystems[5][1].
Quick Take & Future Outlook
- What’s next: Expect continued product maturation around ZeroLens and Trace capabilities, deeper integrations with vulnerability intelligence and SIEM/IR workflows, and expansion into regulated verticals (defense, critical infrastructure) supported by government validations and grants[1][4].
- Trends that will shape their journey: Wider SBOM adoption, stricter procurement/compliance requirements, growth of XIoT attack surface, and advances in ML for component identification will shape product requirements and market opportunity[5][1].
- How their influence might evolve: If NetRise continues to scale revenue, broaden integrations, and maintain government/enterprise endorsements, it can become a standard for firmware and binary assurance — shifting vendor‑buyer dynamics toward verified, binary‑backed software provenance[1][5].
Quick take: NetRise targets a concrete and growing blind spot in software security—firmware and compiled binaries—and its binary‑first platform, patent portfolio, and government recognitions position it as a noteworthy player in the emerging market for SBOM‑centric, XIoT and firmware assurance[1][5].
