Promote this Nomination

Additional Info

Company size (employees)10 to 49
Headquarters RegionNorth America

In 3 bullets, summarize why this company is different from the competition and deserves recognition:

NopSec started as a penetration testing company, and has evolved into a cybersecurity technology company with innovation at its core. We think like hackers.

NopSec seek to address three specific cybersecurity challenges:

1. Information/Data Overload
2. Manual Processes Creating Delays (and Increasing Risk)
3. Cybersecurity Skill and Workforce Shortage

In the past two years alone, NopSec has introduced innovations in the cybersecurity industry that has helped organizations strengthen their security posture. The top three NopSec innovations of the past two years include:

*E3 Engine - In May 2017, NopSec launched the world's first ever attack path simulation and controls validation technology. This technology is embedded into our award-winning threat and vulnerability management platform, NopSec Unified VRM (also available as standalone). Based on machine learning and codified ethical hacking expertise, organizations of all sizes and industries can now verify and validate their security controls on-demand. This technology leverages 6 types of threat intelligence data, including social media, dark web, exploit databases, and more.

*OVAL-Aligned Cloud Scanning - In July 2016, NopSec introduced the first OVAL-aligned cloud scanning capability in the market (within Unified VRM), revolutionizing cloud scanning threat management. Organizations are enabled to scan their cloud environments on-demand, without the need for pre-authorization and worrying about being flagged for abuse by their cloud provider. This innovation has helped facilitate the cloud adoption and migration of many of our customers.

*Artificial Intelligence-Powered Risk Scoring System - In February 2016, NopSec developed the first risk scoring system utilizing social media trends (still the only company who does so), commercial and open source threat intel feeds, patch availability, exploit databases, and each organization's unique business context to prioritize their risk. Beyond the CVSS Score, NopSec has helped organizations prioritize their vulnerabilities to effectively manage and remediate their risks.

Brief Overview

NopSec’s Unified VRM (Vulnerability Risk Management) is an innovative vulnerability risk management solution addressing the need for better prioritization and remediation of security vulnerabilities in a single platform. Traditional solutions prioritize vulnerabilities solely based on CVSS score and asset classification – creating data overload for remediation teams without context. Unified VRM’s E3 Engine technology delivers a concise list of prioritized vulnerabilities by exposing the systems and applications most likely to be attacked based on external threats, exploits, malware, social media feeds, and the organization’s unique IT environment.

Unlike traditional vulnerability risk management tools that focus heavily on assessment and front-end detection, NopSec Unified VRM takes a new approach. Whereas traditional tools only offered limited options for prioritization and remediation management, NopSec Unified VRM delivers value-added capabilities for prioritization and remediation. It significantly differs from competitors in that it offers advanced detection, security controls measurement and validation, prioritization, and remediation management capabilities all in a single platform.

How we solve the problem for organizations of all industries and all sizes, including governments:
– Prioritize and contextualize cyber security data for actionable results
– Automate and orchestrate vulnerability risk management for immediate remediation
– Close the skills gap to accommodate workforce (and budgetary) shortage

Our achievements are ultimately measured by the results our clients enjoy. These include:
1. A financial institution patched 73% of vulnerabilities within six months thanks to context-enriched prioritization and delegation of duties.
2. A cloud service provider used the unified risk posture view to address vulnerabilities across its IT stack and improve collaboration between systems, development and security teams.
3. A large university provided campus IT teams prioritized results for actionable remediation while providing C-level reporting on overall risk posture across multiple locations.

Unified VRM and E3 Engine Highlights:
– Reduce Risk up to 65%
– Achieve Compliance up to 2X Faster
– Reduce Spreadsheet-Related Work up to 90%