PlexTrac Priorities Launch

Transcript

Hello, everybody, it’s Jeremy Nazarian, CMO at PlexTrac. And today I’m joined by our founder and CTO, Dan DeCloss. And we’re really excited to talk to you about our new update to our PlexTrac platform with the introduction of Priorities that we announced this week. Priorities introduces a layer of contextual scoring on top of our pen test reporting and management platform and really takes things to a new level here at PlexTrac. And I’m pleased to share with you the latest details today.

Dan, what were you hearing from customers? And what trends in the market were you seeing that informed the decisions you made around building Priorities?

Yeah, I think it came pretty organically. But also part of the bigger vision that we’ve always had at PlexTrac is to really help customers and security teams understand what are the most critical things they should be working on. And how do we actually know if we’re working on the right things? Right. You have a multitude of vulnerabilities from lots of different sources, and then obviously, we service the pentesting community, and pentest results are going to be some of the most critical risks identified at an organization. So how do you overlay the pentest results with the other proactive scanning results that come in from various sources and truly identify what are the most important things that we should be working on?

And then I think the other really critical piece to that was also, how do we get this to be a more continuous notion, a continuous paradigm. How do we support a continuous assessment program? And that really was the impetus for Priorities.

That’s great. The customers and prospects that you talk to, what do they cite as the main barriers to adoption for this continuous validation strategy you just referred to?

Yeah, I think being able to have a grasp on, hey, what are the themes that continue to pop up? Right. So it’s one thing to just continue to be able to identify vulnerabilities, but then also to be able to say, like, hey, what are the key themes? How do we stack rank those against everything else that’s coming out? And then what’s most important is what we call that last mile of continuous validation, of being able to actually show the progress that you’re fixing the issues, not just the fact that a scan didn’t identify the issue again, but did somebody actually go in and validate that it’s actually resolved? Because there can be a multitude of reasons why something’s not fixed or doesn’t show up in the next scan, but actually having that audit trail of like here’s what we did to fix it and somebody came in and validated it. That facilitates that continuous threat and exposure management capability. Right.

Excellent. So with respect to the Priorities product capabilities that we announced this week, what does it mean for MSSPs and enterprises? What’s different here? What’s unique?

Yeah, I think if we talk about it from the enterprise perspective, it really gives a central location to truly stack rank all the key risks that are coming out from your proactive security program. Right. And being able to truly provide a risk-based scoring approach that you control. Right. A lot of products out there have that black box for scoring. But here you control the algorithm, you control the weighting categories that make it unique to your business. And I think that’s super important from an enterprise perspective.

And then conversely, on the service provider side, you can take that scoring, contextual scoring of risks, to all of your customers. So it could almost allow you to expand your service offering beyond pentest and vulnerability management to more like virtual CISO and just security program management at large. But the ability to aggregate the data and contextually score those risks within the context of that environment or that customer or your enterprise, I think is super critical to the success of an organization, and we’re now able to facilitate that for everyone.

So up until now, PlexTrac’s been primarily known for its pentest reporting and management capabilities. How would you say, Priorities builds on that capability set?

Yeah, I think that the fact that we have additional data sets and additional workflows around risk assessments, vulnerability management, and application security scanning, overlaying the pentest reporting and management capabilities — with that aggregation of those findings from other sources — truly gives you a holistic view of the key elements in your key risks within your organization. So being able to actually bring that all together really continues to expand your capabilities and visibility across the environment, not just from what exists today in terms of findings and what are the status of those, but then actually being able to now show holistically the trends and mark your progress to truly get to the root of the question, which is, “Are we getting better?” “Is our security posture improving?”

Excellent. So based on kind of the conversations we’ve had in beta and limited availability, what kind of results can customers expect in the first 90 days?

Yeah, I think that you’ll be able to really start to get a better picture of, hey, how do we aggregate these risks into these vulnerabilities, into more programmatic areas of risk? We’ve had early adopter groups that have already shown great excitement and usage of the product itself to be able to not only aggregate data and vulnerability data into key areas of risk, but truly then score it contextually within their environment.

So it’s not only a huge benefit for them, but also being able to support that continuous assessment mindset. Right. So it’s not a point in time engagement anymore, it’s, hey, how often are we going to be doing these? All those findings can be then aggregated into higher-level priorities for stack ranking and then truly being able to show progress. So I think people in the early adopter group in the first 90 days are starting to recognize that this can really elevate their game from a continuous perspective and a true visibility of progress across their holistic security program.

That’s great. How do you see capabilities like Priorities changing the adoption and role of offensive security in the context of a broader security program over the next 12 to 18 to 24 months?
Yeah, I think it continues to give them a stronger seat at the table when we talk about risks. Right? Because pentesting and proactive security assessments, red teaming, all of those really focus on some of the most critical elements of are we getting breached? What TTPs are we vulnerable to within an organization? And so this now continues to bring that into the conversation around the holistic picture of risk. And I think that that really then continues to solidify how they can approach those conversations to all stakeholders, how they can continue to elevate their capabilities from a continuous perspective. So both on the enterprise side from the security program management, it really helps facilitate that as well as bringing a more continuous service offering, even like a managed service offering for service providers, to be able to do this on a continuous basis and show it in the context of the holistic security risks that exist within the organization. So I think it’s just only continuing to facilitate deeper adoption of pentesting and offensive security as part of your continuous assessment program.

That’s great. So how do customers get it? How do folks engage?

Yeah, we will have a link to our blog post that talks more about priorities in the comments of the post, and that also has a small demo. And then just reach out to either. If you’re a current customer, reach out to our customer support and we will get you hooked up with a free trial up to the end of April. And then if you’re interested in PlexTrac as a new prospect, you have the opportunity to engage with us. We will demo and really get you a free trial as well, or a proof of concept to be able to test it out. So just reach out to us, www.PlexTrac.com, go to the blog, but we’re really excited about it.

That’s excellent. Well, thanks, everybody. That concludes our discussion for today. Please stay tuned here for further developments on PlexTrac and Priorities. We’ll have lots of exciting things to share with you in the coming days as we continue to roll the new capability set out. Thanks again.

Thanks, everybody.