Noetic Cyber raises $20M to automate cybersecurity remediation

Noetic Cyber, a startup creating a platform that leverages automation to identify cyber threats, today emerged from stealth with $20 million, including $15 million in series A funding from Energy Impact Partners, TenEleven Ventures, and Glasswing Ventures. Cofounder and CEO Paul Ayers says that the funds will be used to scale up Noetic’s operations and go-to-market capabilities, allowing the team to grow particularly on the sales and marketing side.

The pandemic has forced organizations to evolve their defenses against cyber threats, and a rise in such threats — including in their own companies.  According to Cybint, 95% of cybersecurity breaches are caused by human error. Sixty-eight percent of business leaders feel their cybersecurity risks are increasing, Accenture reports.

Using API aggregation and correlation, Noetic aims to combat cyber threats by drawing insights from security and IT management tools. Graph database technology enables the platform to discover and inventory key entities present in an organization’s environment, including cloud and on-premises systems. Noetic builds a map of the connections between those entities to highlight cyber risk and noncompliant setups. Built-in orchestration and automation drive enrichment and remediation, helping restore compromised assets — ideally to their desired state.

Launched in 2019 and based in Boston and London, Noetic was founded by Ayers, Allen Rogers, and Allen Hadden. The team most recently worked together at security incident response startup Resilient Systems, which was acquired by IBM in 2016.

“Noetic was founded to build a continuous cyber asset management and controls platform to use automation to find security gaps and fix them as well,” Ayers told VentureBeat via email. “The platform is fully extensible, and the beauty of our approach is that it allows us to easily add more applications and use cases on top of our core asset visibility and management model.”

Automation and remediation

As Ayers explained, security leaders face challenges today in identifying all the assets they need to protect, as well as knowing where they are and what information they’re able to access. The reasons include “technology sprawl” — i.e., widespread use of cloud services and software-as-a-service (SaaS) applications — in addition to growth in both managed and unmanaged devices as a result of a remote workforce and internet of things adoption.

In 2020, organizations worldwide were using an average amount of 80 SaaS apps, according to data from Statista. And a recent survey from CyberArk found that 77% of remote employees are using unmanaged, “BYOD” devices to access corporate systems.

“Noetic is designed to help security teams identify common problems that create risk and increase an organization’s attack surface. These can include the use of ‘shadow IT’ — cloud services or SaaS applications outside of the normal business approval process, missing or poorly configured endpoints creating security coverage gaps, and unsecure cloud services … We’ve built an extensible, API-based model … where we can map all the technical and business insights about all their assets into a virtual [graph], which security teams can then query to identify coverage gaps and policy violations that would be invisible to a specific tool.”

At the heart of Noetic is an engine that extracts data from existing cybersecurity tools in an organization. This data represents a real-time view of assets, their current cyber state, and the relationships between them, Ayers explained. Security teams can use it to answer questions like “What are all production machines with high-risk vulnerabilities that don’t have my endpoint detection and response deployed?” Moreover, they can take advantage of prebuilt pipelines to address problems continuously, getting alerts when fixes complete.

“The ‘continuous’ part of the platform is driven by a powerful orchestration and automation engine. The founding team’s experience in the … market gave Noetic the experience and insights to make automation a key pillar of the solution,” Ayers said. “Many of the challenges that are driving the need for a tool like Noetic have been accelerated by the pandemic — including the growth in cloud and SaaS applications, and an increase in unmanaged devices and remote workers who need access to business-critical systems.”

Noetic plans to take on Axonius, JupiterOne, Sevco, and others in a security orchestration automation and response market that’s anticipated to be worth $1.791 billion by 2024, according to Markets and Markets. Ayers says that in the future, Noetic’s 20-person team will investigate areas including helping risk and security teams better understand potential risk or patterns of behavior by providing better data analysis and business contexts.

“We will continue to add more connectors to support customer use cases and will be bringing a comprehensive controls package to market later in 2021, as well as a community edition in 2022,” Ayers said.