ESPROFILER: MAXIMISING YOUR SECURITY ROI

THE CHALLENGE

Organisations are swimming in choices of security products. But it can be challenging to see beyond the marketing rhetoric and understand exactly what they do and what security challenge they’re solving.

THE INNOVATION

ESPROFILER helps translate the promises made about products into measurable security outcomes.

Its methodology contains four key elements: Map, Correlate, Investigate and Report.

Using industry recognised threat frameworks as a foundation, ESPROFILER describes products based on the threats they address.

The platform introduces a new standardised model for capturing highly detailed descriptions of a product’s features and functions. It then compares these against frameworks as part of its Map element. This enables customers to assess products with a single lens.

ESPROFILER enables customers to analyse their organisation’s full technology stack, highlighting where the capability gaps are, which products are failing, what you’re currently spending and even how a new vendor’s product could slot into your existing infrastructure. It quantifies what security products do.

Working closely with a FTSE20 early adopter, ESPROFILER is currently delivering a mechanism that captures a full picture of a product’s capability to help the organisation make more informed decisions during the renewal or request for product phases. This early adopter is using ESPROFILER’s platform to understand the capability of over 300 vendors around the world.

WHY NCSC FOR STARTUPS?

ESPROFILER is interested in working out how to tackle misconfiguration and capability overlap – challenges many big organisations face. It wants to get to the point where it can look at an incident report, examine the steps that led to the incident, apply a natural language processing layer and work out which security frameworks would be relevant, what products could have stopped it from happening or where the security gaps are.

It’s looking for support from academics, researchers and the NCSC with incorporating natural language processing that would enable it to achieve this.

“We want to integrate threat intelligence, incident reports and attack simulation telemetry into our platform as part of our Correlate functionality. NCSC’s technical expertise and guidance in this area would be of significant interest.”

– Louis Holt, co-founder, ESPROFILER

ESPROFILER believes it would benefit from support with the following:

• Expanding the team
• Solidifying its vision and growth roadmap
• Legal issues. It’s building tools that enable large organisations to request information about a product’s capability from vendors using its standards and wants to capture this information centrally. It needs to create the right legal frameworks to be able to do this.
• Marketing
• Professional commercial advisory, cyber methodology support and technical design advice
• Financial analytics support that can help the startup understand how to maximise security return on investment
• Getting investment-ready and connecting with investors, which will help ESPROFILER achieve its aggressive growth ambitions