Shauli Zacks
Published on: March 3, 2025
SafetyDetectives recently interviewed Mantas Ulozas, Managing Director of NordStellar, a cybersecurity platform launched by Nord Security—the company behind NordVPN and other security solutions. In this interview, Ulozas shares insights into NordStellar’s mission to provide real-time threat intelligence, its unique approach to managing cyber risks, and how AI-driven solutions are shaping the future of threat exposure management. He also discusses the growing risks posed by infostealer malware and AI-powered cybercrime, and how NordStellar is helping security teams stay ahead of emerging threats.
NordStellar was created by Nord Security, a company known for NordVPN and other security solutions. What was the driving force behind launching a dedicated threat exposure management platform?
At Nord Security, we’ve faced the same challenges security teams deal with every day – going through endless threat data trying to separate real risks that matter to our business from the irrelevant noise. It was draining time and resources, pulling teams away from what really mattered. Thist led us to build NordStellar – a threat exposure management platform that monitors the dark web, giving security teams the intel they need to act faster and make better decisions. It’s built on our own experience, and it’s the same solution we rely on to protect Nord Security. Now, we’re making that capability available to security teams everywhere.
How does NordStellar differentiate itself from other cybersecurity platforms that offer threat intelligence and attack surface management?
What sets NordStellar apart is the depth and scale of our data coverage – because visibility is everything in cybersecurity. We have access to one of the largest pools of deep and dark web sources to analyze millions of new malware-infected devices and billions of leaked assets monthly — and the numbers keep growing. This real-time intelligence is critical for security teams because it helps to detect threats early and take action before attackers have a chance to exploit exposed data.
With cybercrime communities growing and becoming more sophisticated, what are the most pressing threats businesses should be aware of today?
Stolen credentials are still one of the biggest threats because of the damage they can cause. But what’s changing is how attackers get them. Infostealer malware is everywhere, silently infecting millions of devices each month and dumping login details straight onto dark web marketplaces. Once those credentials are out there, attackers don’t need to break in — they simply log in. That means they can slip past security controls, move laterally across networks, and launch ransomware before anyone gets a chance to realize that something is wrong.
Then there’s AI. Attackers employ artificial intelligence to scale phishing attacks, generate deepfake scams, and even automate vulnerability discovery. It’s no longer enough for security teams to keep up with the latest trends — they must stay ahead. The key is having real-time intelligence to catch threats before they turn into full-blown incidents.
Many companies struggle with information overload when it comes to security threats. How does NordStellar ensure that organizations receive relevant, actionable insights instead of just raw data?
That’s a real challenge. Security teams aren’t struggling with a lack of data — they’re overwhelmed by too much of it, often outdated or irrelevant. On average, it takes a company six months to detect a data breach, which gives attackers a huge window to exploit stolen credentials and compromised assets.
NordStellar solves this problem by focusing on real-time threat intelligence. We filter out the noise and surface what’s relevant and actionable, like newly exposed credentials tied to a company’s domain or malware logs showing active compromise. This ensures security teams can act immediately rather than sifting through endless data to determine what is important.
As cybercriminals continue to adapt, how do you see threat exposure management evolving in the next few years?
Threat exposure management must become faster, more adaptive, and more automated to keep up with evolving cyber threats. Over the next few years, I predict the following shifts:
Real-time threat intelligence will become the norm. Organizations can’t afford to rely on periodic assessments anymore. With threats emerging and spreading in hours, not months, security teams will need continuous visibility into compromised credentials, malware infections, and underground cybercriminal activity to act before damage is done.
AI-driven threat prioritization. Security teams are already stretched thin, and manually sorting through massive amounts of threat data isn’t scalable. AI will play a critical role in making threat exposure management more efficient:
- Filtering out noise: AI models will analyze vast amounts of dark web chatter, breach data, and malware logs to separate real threats from irrelevant background noise. This prevents security teams from drowning in low-priority alerts.
- Contextualizing threats: Instead of just flagging a leaked credential, AI will cross-reference it with malware logs, breach timelines, and threat actor behavior to determine if it’s an active risk. This helps teams understand not just what happened, but what it means.
- Automating responses: AI won’t just highlight threats – it will recommend or even take action, such as alerting teams to reset compromised credentials, blocking malicious IPs, or escalating high-risk exposures. Over time, these systems will become more adaptive, learning from past incidents to refine their decision-making.
At NordStellar, we’re already seeing this shift. Security teams don’t just want more data — they want the right data in real-time with clarity about the next steps. That’s where threat exposure management is headed.
What’s next for NordStellar? Are there any upcoming features or developments that businesses should be excited about?
We’ve got some exciting updates coming at NordStellar, all designed to help security teams act on threat intelligence faster and more effectively.
First, we’re about to launch AI-driven cybersquatting detection. Attackers are constantly spinning up lookalike domains to phish employees and customers, and traditional detection methods don’t go far enough. We take it further with an AI-driven solution that analyzes intent, assesses risk levels, and recommends next steps.
We’ve also introduced cyber risk reports that help businesses identify security gaps in leaked data, network security, web applications, and email security. One of the biggest challenges security teams face is getting leadership buy-in — conveying why certain risks matter and securing the resources to fix them. These reports help bridge that gap by providing executives with a clear, data-backed view of potential breach impact, making it easier to prioritize and fund security initiatives.
On the integration side, we’re focused on making it as seamless as possible for security teams to put NordStellar’s intelligence to work. Rather than forcing teams to switch between platforms, we also enable direct integration into SIEM and SOAR systems, allowing them to detect and respond to threats within their existing workflows. For businesses looking to build on our data, we provide the opportunity to create new security offerings – whether that’s enhancing an existing product, adding new dark web monitoring capabilities, or strengthening detection systems. The goal is to make threat intelligence more actionable and accessible so teams can use it in a way that fits their needs and operational realities.
