Promote this Nomination
|Company size (employees)||10 to 49|
|Headquarters Region||North America|
Noetic Cyber was founded to address a fundamental cybersecurity challenge. Security teams cannot protect what they do not know is there. Modern digital infrastructure has created a visibility challenge for security where machines, networks, devices, vulnerabilities and more are created, given access to critical resources, and spun down without implementing important security controls. This has been worsened over recent years by the accelerated adoption of cloud services and SaaS applications. Unknown assets expose the organization’s attack surface, fuel the growth of shadow IT, and create unnecessary workload for the security team.
Noetic’s approach is to dramatically improve an organization’s cybersecurity posture, building on existing technology investments. By using security and IT tools, we build a unified map of all assets in the organization, across the cloud and on-premises estate. We use this unparalleled visibility to understand the cyber relationship between these assets, delivering the security team important context on business criticality and cyber risk to better inform their decision making.
Launched in July 2021 with funding from Energy Impact Partners, Ten Eleven Ventures and Glasswing Ventures, Noetic is bringing a data science approach to cyber asset attack surface management (CAASM), through our cloud-based Continuous Cyber Asset Management and Controls platform, helping security teams to find security gaps once, and fix them continuously.
How we are different
1. Noetic has based our cybersecurity asset management approach around an innovative graph database model. This delivers significant benefits to our customers. We are aggregating and correlating data from existing security and IT management tools into the graph, building an abstract model where each asset is a ‘node’ in the graph, and the cyber relationship between assets are ‘edges’ in the graph. This allows us to think like an attacker, moving laterally between assets and understand and visualize the multi-dimensional relationship between them. We don’t just include security information, but also business context from the CMDB, ERP, HR and other systems, supplying critical insights. Understanding which internet-facing machines have critical vulnerabilities is important but knowing if they support a share price-affecting application is vital to the business.
2. We have adopted an API aggregation approach to working with existing data sources. Based on the OpenAPI industry standard, we can connect with any cloud service or on-premises application to ingest information on assets and their relationships. These Noetic connectors are easy to create, extend and deploy. They also provide immediate value for security teams as we package them with common queries, automated workflows and dashboards to generate specific results, such as coverage gaps and common security violations.
3. The Noetic platform has automation at its core. Our founding team’s background in pioneering the SOAR market is reflected in our approach to CAASM. Noetic has a comprehensive, easy to use automation and workflow engine that enables security analysts to save and schedule their queries and build out the right automation to restore out-of-policy assets to their desired state. This could include raising a ticket in an ITSM tool, triggering the deployment of a required security agent, or tapping into an existing vulnerability management or Infrastructure as Code process.