NopSec provides precision threat prediction and remediation workflow solutions to help companies protect their IT environments. NopSec is bringing a new way to how organizations prioritize and remediate security vulnerabilities through automation and machine learning with the end goal of helping security professionals make intelligent risk decisions. Below is our interview with Lisa Xu, CEO of NopSec:
Q: Lisa, how would you describe NopSec in your own words?
A: Organizations need to rethink their approach to vulnerability risk management, especially as it pertains to the remediation of security vulnerabilities. The 2015 Verizon Data Breach Investigations Report made this evident in showing that 99.9 percent of vulnerabilities were exploited over a year after they were disclosed. One Gartner analyst recently criticized security vendors in the vulnerability management space for not innovating fast enough to change best practices.
This is where NopSec comes in. We are trying to change the conversation by bringing a new way to how organizations prioritize and remediate security vulnerabilities through automation and machine learning with the end goal of helping security professionals make intelligent risk decisions. In looking at the customers using our Unified VRM platform today, we have found average remediation times cut by more than three times within the first 6-9 months of deployment.
Q: What is your core competence?
A: Organizations are overwhelmed with too much data generated from vulnerability scanning and don’t know what to do with it. With an average of seven security vulnerabilities per asset, imagine the amount of potential data generated? A recent survey found that 51% of organizations cited data overload and false positives as the biggest challenges in prioritizing. This is perhaps one of the largest gaps creating the lag time between detection and remediation of critical threats.
Predictive analytics and machine learning models in NopSec’s Unified VRM platform forecast the probability of exploitation so organizations can focus on the threats that pose the most critical risk to their business. But NopSec is unique in that we cleanse the data before applying predictive analytics. Many customers report our system has removed more than 40% of the results from a single scan in the way of false positives and other bad data.
Another core competency is how we are bridging the gap between security and operation teams through automated workflow and remediation. Lack of visibility between the teams and competing business priorities have become roadblocks in getting vulnerabilities fixed – and fixed fast. We provide the tools in a single platform that security and operations teams need to improve this process.
Q: You’ve recently announced the latest version of your Unified VRM platform, tell us something more?
A: NopSec continues to grow its technology ecosystem, adding important integrations in the latest version of Unified VRM. For example, the platform now integrates directly with ServiceNow and Jira for automatic, bi-directional ticket and task management – supporting significant collaboration and productivity enhancements across security and operations teams.
Moving forward, we will continue to improve our predictive analytics modeling and add governance reporting so organizations can set goals, manage towards those goals and even measure progress against others in their industry.
Q: What are some of the main benefits of your Unified VRM platform?
A: Unified VRM allows organizations to prioritize, remediate, and report on IT vulnerabilities from a single platform. It delivers some of the most advanced automation capabilities for vulnerability management and risk remediation. And because it is a cloud-based solution, organizations can be up and running quickly and realize time to value almost immediately.
In addition, NopSec is designed and priced to meet the needs of businesses of all sizes. For small and mid-sized organizations, NopSec provides an all-in-one platform to help them address their IT security challenges and meet compliance without requiring a huge investment in additional technologies. For large enterprise organizations, NopSec provides value-added intelligent context and workflow automation to enhance existing technology investments.
Q: How does NopSec differ from other security companies?
A: One of our core differentiators is our adaptive artificial intelligence (AI) engine. The AI engine helps security teams keep up with evolving threats and increasing compliance mandates. It filters and prioritizes all of the data from vulnerability scans so security professionals can immediately focus on the most critical, and probable, threats to their IT environment.
Another factor of our success and what separates us from other security vendors is NopSec Labs, a group of on-staff researchers and penetration testers who are trained experts in thinking like a hacker. They are constantly monitoring network environments for the latest vulnerabilities and threats. This intelligence is then fed back into our AI engine through new rules, codified into the system.Activate Social Media: