Shauli Zacks
Updated on: June 26, 2024
In a recent interview with SafetyDetectives, Paul Ayers, Co-Founder and CEO of Noetic Cyber, shared insights into his extensive career in cybersecurity and the innovative journey that led to the establishment of Noetic. With over 35 years of experience and a track record of successful startups, Ayers has been instrumental in advancing cybersecurity practices. He discussed the vision behind Noetic Cyber, emphasizing the importance of cyber hygiene and prevention. Ayers also highlighted the challenges and trends in the cybersecurity landscape, providing valuable perspectives on the future of cyber asset management and the impact of remote work on security strategies.
Can you share a bit about your background and what led you to co-found Noetic Cyber?
My career in software and cybersecurity goes back more than 35 years. I’ve worked for five different startups and have been fortunate enough to not only see each of them through to successful exits, but also to have had the opportunity to work for some of the industry’s largest providers through those acquisitions.
In my early career, I held sales leadership positions in Europe at Symantec, PGP Corporation and Vormetric. More recently I was the GM, EMEA at Security Orchestration, Automation & Response (SOAR) pioneer, Resilient Systems, who were acquired by IBM in 2016. Since then, I spent some time as an Entrepreneur in Residence (EIR) at Ten Eleven Ventures before founding Noetic Cyber™ in early 2020. Over the past few years, I have also served as a board member of the Cloud Security Alliance in Europe and have served as an advisor to several early-stage cybersecurity startups.
After leaving IBM following our successful exit with Resilient, my co-founders and I felt we had unfinished business. Although we had been successful in improving security operations & incident response efficiency, there was more that we could do to help improve our customers’ cyber resilience. By shifting the focus on automation from response to prevention, we believed that we could identify and resolve problems before they became security incidents. Our goal with Noetic Cyber has been to focus on these cyber hygiene and prevention issues, helping customers to manage their attack surface and reduce cyber risk.
What was the vision behind starting Noetic Cyber and what are its flagship services?
Our vision behind starting Noetic Cyber was to help security leaders address hard fundamentals around cybersecurity. Currently, too many organizations are investing millions in different tools without the right understanding about their environment and their current level of cyber risk. Security teams therefore have some fundamental challenges: they don’t know what they have, they don’t know where their most critical gaps are and therefore, they can’t prioritize effectively.
Many of the industry’s largest breaches have been caused by unpatched machines or risky users that the security team were not able to see. Our belief is that the security data needed to recognize these weaknesses exists but wasn’t accessible in a way that security teams could use it and act on it.
To solve this challenge, we built the Noetic Cyber Asset & Exposure Management platform—an innovative approach to modern attack surface and exposure management challenges. The platform integrates with all the different security and IT management tools in the organization, ingesting the asset data and correlating, aggregating and deduplicating it. We publish the unified data into a graph database that enables security teams to easily find missing security controls, high-risk vulnerabilities and more.
In addition to this unprecedented visibility into their cyber estate, we are also focused on helping them to improve their cyber resilience. At the heart of the Noetic platform is a comprehensive automation & workflow engine, which supports a wide range of use cases, from notification and ticket creation, through to full end-to-end remediation.
Our customers make the Noetic platform the center of their security posture and hygiene initiatives, as we give them unique insights into their current cyber risk, as well as the automated processes they need to remediate it.
What are some of the biggest challenges you’ve faced in developing a continuous cyber asset management platform?
Cyber asset and exposure management is a data problem. We deal with huge volumes of security data from a wide range of different commercial tools and proprietary systems. The biggest challenge for us is how to help our customers to interpret their data and make sense of the patterns.
To fix this, we needed to bring a data-science mindset to the cyber challenge. For every different tool we integrate with, we work on understanding the data quality: How complete is it? How well does it correlate with the other data sources? This information helps us to work with our customers to improve their data quality.
We are also working with machine learning (ML) to drive better consistency across large datasets. We found that we can standardize using predictive large language models (LLM) to ensure that we have complete, exact information for common fields such as ‘asset type’ or ‘operating system’ (OS). Since we introduced this capability at the beginning of 2024, we have seen a high accuracy rate, and our customers can use this to search and filter across large volumes of their security data quickly and simply.
What are the current trends in cybersecurity that businesses should be most aware of?
The obvious answer to this question is generative artificial intelligence (AI), and this is certainly the case. In a brief period, the evolution of GenAI into a useable tool across business has been remarkable. You just need to look at the announcements coming out of this year’s RSA Conference in San Francisco to see that the cybersecurity industry is playing catch-up in figuring out how to secure this.
While some degree of hype is inevitable, security leaders need to understand how their organizations are adopting GenAI use cases, and what they need to do to ensure that the adoption considers data privacy and cybersecurity issues.
Cybersecurity vendors, including the team here at Noetic, are working on how we can use GenAI in our solutions. The different approaches include leveraging AI-powered chatbots to help drive product knowledge, or to enhance and automate security operations. Security teams will need to think about how to use and protect Gen AI in their organizations soon.
Another key trend that we see is the growing adoption of Exposure Management as a key strategic initiative. Forward-looking security leaders are evolving their current vulnerability management programs to take a more ‘holistic’ look at exposure – across high-risk users, cloud & container misconfigurations, unmanaged devices and more. It’s also about how to effectively align limited resources across IT, cybersecurity and the business to focus on the most critical exposures.
The reality is that effective security hygiene is about more than patching vulnerabilities and security teams need a wider program that addresses cyber risk across the organization. Gartner® estimates that by 2026, organizations prioritizing their security investments, based on a continuous threat exposure management (CTEM) program, will realize a two-third reduction in breaches. We see growing investments in exposure discovery, prioritization and remediation and expect this trend to continue over the upcoming years.
How has the shift towards remote work affected cybersecurity strategies, and how does Noetic Cyber help address these new challenges?
The shift to remote working did see a significant shift in cybersecurity strategy for the majority of organizations. The need to support a fully remote workforce accelerated the shift to the cloud for key services and applications across the industry.
From a cyber asset management perspective, this resulted in a huge growth in cloud services across different providers, as well as new and expanded asset types to manage. This resulted in an overall growth in the attack surface, as security teams needed to think about how to secure users, machines and data that would have previously been more protected inside traditional environments.
Noetic helps our customers to address these challenges by providing them with the security posture of the related assets, but also with the relevant business context, including location. This helps security teams to recognize when a remote worker is accessing key network resources and ensure that they have the appropriate compensating controls in place.
We also give security teams a single, unified view of all assets in their organization – public & private cloud, on-premises, etc. This allows them to have complete understanding of their security posture regardless of the location of the assets.
How do you see the role of cyber asset management evolving in the next 5 years?
I think there’s a growing recognition across the cybersecurity industry that we need to tackle fundamental problems if we are going to see a significant reduction in risk. Accurate asset inventory and management is the foundation for a successful cybersecurity program; you can’t protect what you don’t know exists. The shift to distributed digital infrastructure across the cloud and SaaS applications, and our reliance on complex supply chains, has only made the situation worse. The visibility gaps that security teams have today are a by-product of this digital transformation.
Technology innovation, such as the standardization of APIs and the ability of graph databases to map complex relationships, has changed how we can approach modern cyber asset management. We are no longer reliant on agents or network scanning to find and manage new assets, but we also have an ever-expanding list of asset types to manage – code snippets, containers, cloud images, etc.
Advanced analytics and machine learning, including GenAI, are the next step in providing the relevant context and insights into cyber asset management. I expect to see further innovation over the next five years in our ability to drive prioritization and remediation based on an organization’s specific needs and technology footprint, as well as meeting the scale that modern digital infrastructure demands.
