Lisa Xu, CEOBy 2019, an estimated shortfall of nearly two million skilled cybersecurity professionals would inevitably mandate the need for advanced automation in modern enterprise security programs. Furthermore, system and application sophistication and complexity will require automation to maintain an acceptable level of security assurance. Lisa Xu, CEO of NopSec, believes that security without automation is no longer an option for businesses today, given the severe shortage of cybersecurity professionals and proliferation of cyber attacks. NopSec is a cybersecurity firm that fills this cyber skill shortage gap by augmenting machine intelligence-based automation with human intelligence.
NopSec’s beginnings are deeply rooted in penetration testing—testing and breaking things apart before malicious actors do. The innovation NopSec brings to the marketplace is built upon the founders’ codified ethical hacking expertise and applies advanced machine learning algorithms to produce a solution that measures IT security controls, and predicts and remediates cyber risk exposures.
NopSec provides an automated-security-as-a-service platform, augmenting the security team’s operations as part of a continuous detection, integration, and delivery of security assurance.
Unified VRM—NopSec’s flagship SaaS solution for threat prioritization and vulnerability risk management, utilizes passive analysis, active exploitation, and contextual enrichment to enable security teams to visually forecast cyber risks. It also dramatically reduces the time to remediation of critical security vulnerabilities across infrastructures and applications. Unified VRM’s security control validation capabilities help customers determine whether security vulnerabilities are timely remediated and security controls and configurations are properly implemented. By deploying advanced analytics, artificial intelligence, and machine learning, it helps customers reduce the noise and false positives in their security tools and systems, and shifts their focus and resources on remediating the most impactful security threats.
Unified VRM’s modules are powered by a machine-learning- based engine, E3 Engine—Evaluation, Exploration, Enrichment Engine—that efficiently normalizes the data collected from multiple sources, dynamically verifies and validates the effectiveness of the deployed security controls, accurately prioritizes remediation, and rapidly closes the window of vulnerability. The platform offers five modular solutions: Network module for external perimeter networks; a Cloud module for public and private cloud infrastructure; a Web module for web and mobile applications; a Security Configuration module for various operating platforms; and a Wireless module that tests wireless infrastructure controls.
The biggest value Unified VRM brings to customers is the data-driven decision with active exploration and validation that allow customers to cut down the noise from security alerts and confidently fix the right things before the bad guys could exploit them
“The biggest value that Unified VRM brings to customers is the data-driven decision with active exploration and validation that allow customers to cut down the noise from security alerts and confidently fix the right things before the bad guys could exploit them,” states Lisa.
When remediating cyber risks, knowing what to fix is important, and implementing SecOps/DevOps workflows is equally vital. NopSec offers three unique differentiators to IT and security professionals to transform intelligent security automation:
• AI Data Engine—the Engine offers highly flexible core data modeling for data ingestion and execution with lightning-fast speed and extensible scalability for various data engine use cases, and reduces data noise and false positives by up to 60 percent.
• AI Validation Engine—ActiveCheck and SafeCheck powered by AI Validation Engine, codifying security domain expertise, allowing customers to visualize attack paths, uncovering new security insights, and offering up to 65 percent risk reduction as well as improved user experience.
• Orchestration and Automation—easily deploying and integrating automated remediation workflow with other IT Ops/DevOps tools, including patch management and ticketing systems tools, driving workflows up to ten times faster.
NopSec’s continued security innovation is poised to cement its position as a leader in threat prioritization and remediation technology.