Noetic Cyber, a firm founded by three veteran cybersecurity entrepreneurs, launched out of stealth mode today with $20 million in a Series A funding and an agentless technology that continuously monitors information technology assets and their relationships with each other.

The company’s software-as-service offering derives information about multiple security and IT management tools by monitoring application programming interfaces. It also uses graph database technology to discover and inventory both on-premises and cloud-based assets. The result is a dynamic map of cybersecurity relationships that highlights areas of risk and noncompliant systems. The product also has limited remediation capabilities.

“You need to get your handle on what you’re trying to protect,” said co-founder and Chief Executive Paul Ayers. “That sounds simple but with everyone rushing to the cloud, technology sprawl and remote work, it’s a big challenge.”

Noetic Cyber avoids using agents – an intrusive technology that Ayers said customers advised the firm to avoid – in favor of APIs, for which it has developed connectors to popular endpoints, vulnerability scanners and cloud services. “It’s amazing what you can derive from even a handful of connectors,” Ayers said.

Specifically, the monitoring service discovers new entities on the network and adds them as nodes on the open-source JanusGraph graph database and populates each node with cybersecurity information. It maps the relationship between nodes and also monitors for entities that have disappeared.

Continuous monitoring

The result is what the firm calls “continuous cyber asset management,” with a constantly updated view of the attack surface that maps to an organization’s internal policies or popular security frameworks. Building a holistic view gives information security teams a better idea of where gaps exist as well as a way to set priorities for response.

If a vulnerability falls above a certain tolerance threshold Noetic says its software can be programmed to respond automatically by, for example, shutting down a resource or applying a patch. The company has built interfaces to the most popular patch management tools.

Users can run queries such as “show me all systems on a production network that have access to personally identifiable information and don’t have an EDR agent configured correctly,” Ayers said, referring to endpoint detection and response. “You can continually query the graph and react.”

Graph databases are unique for their ability to represent complex relationships and enable rapid navigation between elements. The technology is widely used for customer recommendation systems and complex legal investigations like money laundering but “cyber has been a laggard in leveraging graph technology,” Ayers said.

Think like an attacker

The way data is represented in a graph more accurately reflects the way attackers work, he said. “Attackers think in graphs; defenders think in lists,” Ayers said. “We’ve got to move from a static to a dynamic view. To be dynamic you’ve got to look at multiple entities and understand the relationships. You can’t do that with traditional database environments that are list-focused.”

Noetic Cyber’s three founders all worked together at Resilient Systems Inc., maker of an incident detection and response platform that was acquired by IBM Corp. in 2016. Resilient is credited with pioneering a discipline and technology called Soar, for security orchestration, automation and response, which uses a combination of human and machine power to define, prioritize and drive standardized incident response activities. The three claim more than 85 years of cybersecurity experience at nine different startups.

The company’s service is available today. A free, downloadable version will be rolled out next year for prospective customers to experiment with and to encourage third parties to write their own connectors, Ayers said.

Funding was led by Energy Impact Partners LP, with participation from seed investors Ten Eleven Ventures LLC and Glasswing Ventures LLC.

Image: Wikipedia