Security Operations , Vulnerability Assessment & Penetration Testing (VA/PT)
Rapid7 Purchases Noetic for Better Attack Surface Management
Deal Aims to Enhance Internal and External Attack Visibility, Security EfficiencyRapid7 plans to purchase a SentinelOne-backed cyber asset attack surface management startup to get better visibility into internal and external assets in customer environments.
See Also: The Annual Microsoft Vulnerabilities Report 2021
The Boston-based vulnerability management vendor said the proposed buy of Boston startup Noetic Cyber will help organizations better understand their attack surface and better recognize the most acute risk signals and exposures. Rapid7 said the deal will enable focused prioritization and fidelity, improve asset inventory and content, and build resiliency with pragmatic remediation guidance and automation.
"Fragmented attack surface is stifling security productivity, efficiency, collaboration and credibility," Rapid7 CEO Corey Thomas said in a statement. "The addition of Noetic's solution to our platform positions Rapid7 to deliver the most productive security operations experience while making it more accessible to the teams who need it most."
Why CAASM Startups Are Getting Snatched Up
Noetic Cyber, founded in 2019, has been led since inception by Paul Ayers, who was previously an executive at businesses acquired by IBM, Thales and Symantec. The company employs 46 people. It emerged from stealth in July 2021 with a $15 million Series A funding round led by Energy Impact Packers and received an undisclosed amount from SentinelOne's S Ventures in September 2022 (see: SentinelOne's $100M Venture Capital Fund Seeks Data Startups).
"The addition of Noetic Cyber to Rapid7's portfolio ensures even more security teams can be confident they have the right visibility of their security data," Ayers said in a statement. "Rapid7 customers will now be able to better prioritize exposures based on the meaningful insights from Noetic and take action to identify security gaps and reduce cyber risk."
Terms of the acquisition - which is expected to close by the end of September - weren't disclosed, and Noetic's capabilities will be available to Rapid7 customers this summer. This is the second buy of a cyber asset attack surface management startup in the past month, and it comes 18 days after proactive security vendor NetSPI bought Hubble to create a platform to manage the internal and external attack surface (see: NetSPI Strengthens Attack Surface Management With Hubble Buy).
The acquisition is expected to improve the signal-to-noise ratio for cyber teams by continually enhancing asset inventory and content, reducing risk and building resiliency through better remediation guidance and automation, according to Rapid7. Security teams will benefit from highly correlated asset and resource views, along with searchable risk context, leading to greater efficiency and productivity.
"Modern cyber asset and exposure management was a data problem," Ayers said in a blog post. "The sheer number of different security and IT management tools in organizations had the data and insights we needed, but we had to unlock these siloes to make it usable and actionable for security teams."
How Customers Will Benefit from Noetic's Capabilities
Gartner found that only 17% of organizations can clearly identify and inventory most of their assets, and the addition of Noetic Cyber aims to address this challenge by providing more accurate asset visibility. Noetic Cyber said it has tapped into security automation and graph database technology to enhance security tools and control efficacy, allowing organizations to eliminate threats quickly and precisely.
"We delivered an innovative approach to the cyber asset management problem using innovative graph database technology to ingest, correlate and map security data from a wide range of different systems," Ayers said in the blog.
Rapid7 and Noetic Cyber had a pre-existing partnership, which the companies said made the acquisition a natural progression. Going forward, customers can anticipate a complete exposure management solution combining threat intelligence, detection, response, vulnerability management and cyber asset management for comprehensive visibility and remediation across extended attack surfaces.
"We were able to provide organizations with unparalleled visibility across their environments, enabling them to find coverage gaps and prioritize remediation based on business criticality and asset exposure," Ayers said in the blog. "All this was powered by a comprehensive, no-code automation engine that allowed them to dynamically improve their security posture, driving and updating existing processes."
This is the 13th acquisition in Rapid7's 25-year history, and it comes 16 months after the company bought ransomware prevention firm Minerva Labs for $38 million. The Noetic deal comes just five days after an activist investor announced a "significant" stake in Rapid7, and The Wall Street Journal reported that Jana Partners wants investment firm Cannae Holdings to team up with a private equity firm to buy Rapid7 (see: Why Activist Investor Jana Is Pressing Rapid7 to Sell Itself).