In this three-part series, we take a closer look at each of the finalists and their story in the words of the founder(s). Presented below, is a Q&A with Alex Moss, the Co-founder and CEO of NorthStar. You can hear more from Alex, and the other finalists on The CyberWire Daily Podcast (Ep 1694, Oct 31, 2022).

About NorthStar

NorthStar is a next-generation vulnerability management platform that enables enterprises to remediate the highest priority threat exposures by integrating business context to have the biggest impact on the organization’s security.

Q&A with Alex Moss, Co-founder and CEO

Q: Tell us about your background.

While I always had a natural affinity for technology, my foundational understanding was established through my training as a Data Systems Technician in the Navy.  Eighteen months of eight-hour days learning basic electricity and electronics, advanced digital theory, machine language, and ultimately learning how to troubleshoot logic faults in floating point multiply operations not only provide a deep understanding of how computers work, it ignited a passion.

Translating my technical skills into the civilian sector was not as difficult as imagined and I soon found a home at The PGA TOUR. This was also my first introduction to the security space as I owned endpoint security and found myself knee deep in my first security incident.  A zero-day Korgo variant spread ferociously, directly impacting our headquarters office and our live scoring systems in the field. I became less focused on equipping myself with better incident response tools and more focused on how I could prevent these types of issues.

Digging deeper into security lead me to Symantec, where I met my future business partner and operational yin to my technical yang, Sarah Issacs.  Shortly thereafter we set out on our own, with the conviction that our customers needed more than software, they needed help solving problems.  Our approach was, and always will be, focused on identifying business requirements and aligning the technical solution appropriately.

Q: Tell us about your business/idea.

Security teams are perpetually fighting an uphill battle, particularly in the vulnerability management space.  With the wide adoption of DevOps, both the speed of development and the deployment of software has continued to increase, bringing with it dramatic increases in the volume of vulnerabilities published in each of the last five years. And there’s no relief in sight.  The result for vulnerability management teams is that conventional wisdom has evolved, and teams are accepting the new reality that it is impossible to remediate every issue.  Combined with a CVSS model that does not effectively account for exploits or threats, organizations are seeking new methods to effectively apply their limited remediation resources. We believe that a model that incorporates threat intelligence, exploit intelligence, and business context will enable organizations to address the issues that could have the greatest impact to their business.

Q: What was the original inspiration for your company/product?

In my years implementing and optimizing SIEM solutions, the most labor-intensive portion of each project was dedicated towards tuning configuration rules, primarily in an effort to reduce the number of correlations being promoted to incidents that would, ultimately, require investigation.

All too often the gating factor as to whether an issue should be promoted to an incident would be the context of the asset(s) involved. Armed with little more than a hostname or IP address, I would look at the client and say ‘what is this thing, and is it important’?  That very simple question then set off a very manual expedition to mine the detailed information on whether it truly was a real threat, or if the impact was minimal to non-existent. Client after client, a common thread began to emerge that all the data required to answer that crucial question already existed, we just needed to find and make sense of it.

Q: What’s your vision for the future … “What will the market you are pursuing look like in 5-10 years?”

The largest change that I believe we’ll see is the evolution from ‘vulnerability’ to ‘exposure’ as an organization’s attack surface includes far more than just vulnerabilities that have been assigned a CVE. More broadly, these issues include:

  • static/dynamic code analysis results
  • missing controls
  • misconfigurations
  • breach and attack simulation results
  • penetration test results
  • privilege escalation & entitlement issues
  • missing patches
  • exceptions
  • end of life software
  • inferred vulnerabilities
  • non-scannable devices
  • security benchmark scanning
  • middleware vulnerabilities

Additionally, as organizations realize the criticality of incorporating business context into their security programs, ownership of the ‘asset issue’ will begin to blur as security and operations teams collaborate to identity, create, and automate the process of maintaining insight into the context of how technology is enabling their business. The functional result will be a more holistic view of their total attack surface, with all exposures being measured on the same scale and greater collaboration across cross-functional teams to quickly remediate exposures that could cripple the business.

From a product market perspective, this will result in near term merging of the Risk Based Vulnerability Management, Application Vulnerability Correlation, and Cyber Asset Attack Surface Management markets. Longer term I believe we will see these, and a few other segments come under the larger umbrella of what is now being categorized as Cyber Threat Exposure Management.

Q: How does your business address pressing cyber and data challenges for the commercial sector?

We built NorthStar Navigator to redefine vulnerability management by infusing business context into vulnerability prioritization and remediation.

Knowing that conventional wisdom has evolved beyond one-size-fits-all solutions and vulnerability management teams cannot remediate every issue, NorthStar provides the flexibility and transparency needed to deliver a tailor-made early warning system of risks for each enterprise. Our approach provides more time to remediate the greatest current and future risks through vulnerability prioritization and an exploit prediction engine that delivers a definitive yes/no for upcoming threats.  While most risk tools are limited to the application of threat intelligence alone, NorthStar’s focus on context first gives security and patching teams more time to remediate, more time to plan, and more time to focus on other risk priorities.

With the proliferation of tools over the last decade, organizations are swimming in a mountain of valuable data but still struggle to make it useful.  NorthStar has always been focused on leveraging that existing data to tell the stories and provide the insights that are unique to each organization and to help them effectively and efficiently reduce their attack surface.

NorthStar’s platform not only empowers organizations to leverage their existing data, but also guarantees that they are using the best data available as a result of NorthStar’s capability to prioritize aggregated data at both the source and field level while maintaining 100% traceability. Through our data translation engine, we empower organizations to transform their existing data into contextual insight through an automated process that is easily matured over time.

tl;dr: We help organizations maximize risk reduction efforts while minimizing remediation costs by providing an early warning system of current and future risks.

Q: What attracted you to the DataTribe Foundry? Why did you choose to participate in the DataTribe Challenge?

We are data nerds, so the name alone IMMEDIATELY piqued our interest. Quickly, and much more importantly, we met a team that is genuinely ready to dig in to understand our business and bring resources to bear that can help drive NorthStar’s reach.  The focused attention and quality of insight from DataTribe at every step has been not only impressive, but a clear differentiator.

The DataTribe challenge will provide us with deeper refinement of our messaging, greater insight into our strengths and weaknesses, visibility into the fund-raising process and opportunity to measure the value of our mission against others in our industry.  The greatest value is the continued engagement with the DataTribe team as they provide feedback throughout the process that, regardless of the outcome, will put us on stronger footing as we push the business forward.

Q: What’s your long-term vision for your business?

As organizations continue to mature their vulnerability managements programs, NorthStar will continue to push towards aggregating deeper varieties of data and help evolve from basic vulnerability management into contextual exposure management.  This is the future of exposure management. The data leveraged to enable exposure management will become intelligence that is leveraged not only with the security estate, but across other functional areas of IT as NorthStar becomes the data broker providing the single source of truth for assets, exposures, and privileges.

With trust in the data solidified, organizations will approach their onboarding processes for applications, business services, people, and assets with foresight that will further enable the ability to infuse additional context into their program. The continued refinement will enable security teams to focus on deeper understanding of how individual threats could impact their unique technical environment and automate the incorporation of that knowledge into the broader view of their total attack surface.

NorthStar’s most valuable asset is our data engine, and our evolution will largely be driven by our customers’ needs as they continue to address their most pressing security issues. Our goal will always be to deliver information that enables effective decision making.