Noetic's acquisition by Rapid7: Giving our customers more comprehensive visibility of their attack surface

2023 Noetic Cyber team gathered in Boston for their annual kickoff event

Today is a significant day in Noetic Cyber’s history, as we announce our upcoming acquisition by Rapid7. This is not the end of the Noetic story, but our vision and technology will continue as part of a more comprehensive exposure management solution.

When my co-founders, Allen Hadden & Allen Rogers, and I founded Noetic Cyber in late 2019, our primary goal was to address one of cybersecurity’s hard fundamental challenges – how to understand and manage the growing enterprise attack surface.

Security teams have struggled to get an accurate picture of how vulnerable and exposed they are to attack. The nature of modern distributed computing means they are not able to understand what assets they have; they don’t know where their most critical gaps are and as a result they can’t prioritize based on real business need.

Our idea was two-fold. First, we wanted to use our experience with security automation, gained from our previous start-up – SOAR pioneer Resilient Systems. Effective use of automation in cybersecurity is essential if we are going to scale to meet the volume and variety of cyber-attacks today. The second belief was that modern cyber asset & exposure management was a data problem. The sheer number of different security and IT management tools in organizations had the data and insights we needed, but we had to unlock these siloes to make it usable and actionable for security teams.

In July 2021 we came out of stealth and announced the first release of the Noetic platform, our response to these two challenges. We delivered an innovative approach to the cyber asset management problem using innovative graph database technology to ingest, correlate and map security data from a wide range of different systems.

With this, we were able to provide organizations with unparalleled visibility across their environments, enabling them to find coverage gaps and prioritize remediation based on business criticality and asset exposure. All this was powered by a comprehensive, no-code automation engine that allowed them to dynamically improve their security posture, driving and updating existing processes.

Noetic’s momentum

In the three years since that launch, we have continued to innovate, adding critical capabilities to the platform to simplify cyber asset management at scale. We’ve delivered support for a wide range of environments and use cases as a result of direct customer feedback. We’ve also embraced data science, building out machine learning capabilities in Noetic to reduce the time to value for customers, enabling them to quickly drill down into large datasets to focus on what’s important.

We have been fortunate to work with innovative security leaders across Europe and the United States on their attack surface and exposure management programs. Our customers represent organizations from manufacturing, financial services, pharmaceutical, oil & gas and critical national infrastructure.  Although their requirements differ based on geography, industry and technology footprint, the underlying challenges remain the same and we have developed significantly based on their invaluable feedback.

We’ve also seen wider acknowledgement of our efforts, with industry recognition and awards, including the prestigious SINET16 award, and multiple SC Europe awards for Best Risk Management solution and Best Emerging Technology. We value these awards as the judging panels consist of CISOs and industry experts who are working on addressing the challenges we face every day.

The Changing Market Landscape

One of the biggest changes that I have seen since we founded Noetic has been the growth in interest in the broader attack surface and exposure management market. Just as we launched Noetic in 2021, Gartner first introduced the category Cyber Asset Attack Surface Management (CAASM) in their Hype Cycle™ for Network Security. This helped to classify an emerging market but for most organizations, it was still early and security leaders, while intrigued, were investigating the technology rather than adopting it in large numbers.

If we fast forward to 2024, we can see that the broader exposure management market, or Continuous Threat Exposure Management (CTEM) as Gartner defines it, has become a strategic initiative for security teams worldwide, and CAASM is a critical enabler for this.

Forward-looking security leaders are evolving their current vulnerability management programs to take a more ‘holistic’ look at exposure – across high risk users, cloud & container misconfigurations, unmanaged devices and more. It’s also about how to effectively align limited resources across IT, cybersecurity and the business to focus on the most critical exposures. The reality is that effective security hygiene is about more than patching vulnerabilities and security teams need a wider program that addresses cyber risk across the organization.

Gartner estimates that by 2026, ‘organizations prioritizing their security investments, based on a continuous threat exposure management program, will realize a two-third reduction in breaches.  This shift to exposure management as one of the central pillars of an effective cybersecurity program has been an important evolution and requires a tightly integrated approach across asset inventory, vulnerability management and attack surface assessment to be successful.

The partnership between Rapid7 and Noetic Cyber

As I’ve said, addressing these wider exposure management needs for organizations requires a broad technology strategy. Security teams need insight into exposure across their external attack surface, together with intelligence and insights into the most relevant threats and attackers. They also need to understand where exposures are across their cloud and on-premises environments, and which machines and networks are most important to the business.

Noetic Cyber already had a partnership with Rapid7, integrating with their market-leading vulnerability risk management, XDR and cloud security solutions. It has been a natural progression from that partnership to where we are today. The addition of our CAASM solution to Rapid7’s existing technology will deliver significant value for both of our customers as we are able to align our unique asset visibility and context with Rapid7’s view of the attacker to enable focused prioritization and drive efficiency and productivity for security teams.

As the joint roadmap evolves, customers can look forward to a truly complete exposure management solution, combining best-in-class threat intelligence, detection & response, vulnerability management and cyber asset management to deliver complete visibility and remediation across the extended attack surface. I am excited for the opportunity to take our innovative technology and scale it to Rapid7’s worldwide partners and customers.

Thanks & Acknowledgements

To get Noetic to this point has taken the energy and support of a wide range of people. My co-founders and I have been very fortunate in the partners that we have had on the journey.

From our investors who backed us consistently – Alex, Mark and the team at Ten Eleven Ventures who led our seed round, Rick at Glasswing Ventures, Shawn and everyone at Energy Impact Partners who led our Series A and Iren, Rob and the team at S Ventures.

We have also benefited from world class advisors and individual investors who have helped us with crucial feedback and guidance – Freddy Dezeure, Richard Fry, Richard Horne, Niloofar Razi Howe, Jim Reavis, Nick Warner, Brendan Welter and others.

We are also fortunate to be supported by our partners and customers worldwide in their feedback on developing and building out the Noetic solution and we look forward to continuing to work with them on the next phase of the evolution of the technology.

Finally, we would be nothing without the hard work of our team. From the early engineering efforts across three continents during lockdown, through successful customer wins and deployments, we have been able to recruit and retain a world-class team across all functions. I am excited to see how they continue to exceed expectations as part of the wider Rapid7 team.

Today’s announcement is the first step in the next phase of Noetic’s evolution, as a critical part of Rapid7’s cybersecurity platform and I look forward to the Noetic team continuing to support our customers in their initiatives to identify exposures and reduce cyber risk.

You can read more about today’s announcement here.