Dan DeCloss, PlexTrac: “teams without consistent communication are more prone to a serious breach”
The importance of communication among employees and teams is disregarded by some companies. However, it’s crucial to promote it and ensure awareness and efficiency when it comes to an organization’s biggest threats, vulnerabilities, and findings.
Without the right cybersecurity tools, it’s nearly impossible to maintain digital security within your organization, and, what’s more, it’s even harder to retrace the roots of the threat. And, considering that it’s a tough case for a single individual, team effort promises much better results.
While implementing antivirus software to fight against malware is a step to take for individual users, businesses should consider more complex security solutions, one of them being a teaming platform.
To learn about such security measures and their benefits, we reached out to Dan DeCloss, the Founder and CEO of PlexTrac – The Proactive Security Management Platform.
How did the idea of PlexTrac come to life? What has the journey been like since your launch?
I started building PlexTrac to solve some of the pain points I experienced as a penetration tester and then as a program director. I hated writing reports and hated receiving 300-page documents. It felt like a very inefficient way to deliver and collaborate on some of the highest risks an organization has related to its security posture. So I set out to solve the problem of automating the report writing process with a more collaborative platform for resolving the reported vulnerabilities. I soon saw that the concept I created for my own needs could help the industry as a whole and grow to encompass much more than what I originally envisioned.
From there, things have just exploded as PlexTrac gained some awesome early adopters and amazing investors. Building a team of rock stars that have taken PlexTrac far beyond what I could have imagined has been incredible.
Can you tell us a little bit about your PlexTrac platform? What issues does it help solve?
PlexTrac is a proactive cybersecurity management platform. It is designed to be an end-to-end workflow management solution specific to the needs of the cybersecurity lifecycle. The primary use case was a reporting platform for pentesters to streamline their processes by bringing data together and providing an accessible database for reusable findings with a client portal that could ultimately eliminate the need for static documents. The platform has grown into a solution that supports purple teaming and proactive security assessments, data aggregation and analytics creation, assigning and tracking remediation and communication between internal and external stakeholders. PlexTrac can make nearly any security practitioner or team more effective, efficient, and proactive. We aim to keep everyone focused on the right things daily. We help eliminate the noise and wasted time on tasks that don’t move the needle in security improvement.
What technologies do you use to assess one’s cybersecurity posture?
PlexTrac allows teams to prioritize, assign, and track remediation tasks to measurably improve and attest to their posture. We integrate data from the most popular security testing tools, including vulnerability scanners, pentest-as-a-service (PTaaS) platforms, breach and attack simulation tools, and provide a robust capability of custom ingestion of data from any form of proactive assessment. From there, PlexTrac provides the mechanism to track the progress of remediating the most critical vulnerabilities which result in real-time analytics that reflect an overview of their progress and posture. Analytics and visualizations allow companies to have better visibility into what their biggest gaps are and how they are trending over time.
Do you think the pandemic affected the way people approach cybersecurity?
I think that the pandemic has made issues in cybersecurity more visible to the general public. Supply chain attacks, for example, have brought interruptions to the lives of everyone and raised awareness of cybersecurity.
For the industry, I would say that the pandemic posed an immediate challenge of supporting and securing a fully remote workforce and dramatic increases to online transactions of all kinds. Companies had to think creatively to manage these challenges with restricted resources. I think that organizations quickly realized the importance of their security measures and adjusted to prioritize them as best they could.
In many ways, PlexTrac is filling an essential need at the right moment as it helps teams make the most of their resources, have better visibility into their security posture, and act more proactively and strategically to prioritize remediation – all things that have become essential to securing against the rise of ransomware and other threats that have become more prevalent since the pandemic.
What are some of the most serious problems that can arise if one’s cybersecurity team doesn’t have appropriate communication platforms in place?
One of the biggest challenges facing the cybersecurity industry, and more specifically cybersecurity teams, is communication silos and the lack of quality collaboration. These silos and a lack of information sharing across the security department lead to inefficiencies in the work being done, a lack of cohesion and unity across the team, and a weaker security posture as a result. Teams without healthy and consistent communication are less mature and more prone to a serious breach.
Red and blue teamers have one of the most important relationships on the security team, and they’re two groups that have tended to have a more adversarial relationship without a lot of visibility into the other team’s activities. Changing the communication paradigm to be much more collaborative is essential as everyone needs to be in the know about an organization’s biggest threats, vulnerabilities, and findings, and the work that needs to be done to remediate those threats.
In your opinion, why do certain companies still struggle with improving their security posture, despite all the solutions and providers available on the market nowadays?
I’d say the biggest issue is information overload and the vast amount of work that must continuously be done. While there are many tools and providers, few solve administrative issues specific to cybersecurity work. Organizations need to be able to understand their environment and the threat landscape and prioritize the most important work. The ongoing talent shortage means even very well-resourced programs will have more work to do than they can ever get done. This can lead to burnout and loss of morale. PlexTrac addresses this very issue by helping teams gain insight into their posture so they can prioritize the most critical issues and track those through to remediation and improve morale by empowering teams to be more effective.
What cybersecurity best practices do you think are crucial for every company nowadays?
One best practice we see many of the most mature security teams on the planet doing is investing in and moving towards a proactive mindset for security. This includes adopting a practice of continuous assessment in short iterative cycles rather than a once-a-year penetration test, conducting tabletop exercises and other purple teaming activities, developing a habit of consistent testing and communication, and more. This allows them to focus on the biggest gaps and collaborate quickly to improve their security.
Talking about average Internet users, what security solutions do you think everyone should implement?
The first piece of advice I’d give to every single person on the Internet should be using multi-factor authentication (MFA) on all of their accounts to ensure there’s a backup plan in case someone is able to crack your password from their device. Many platforms require MFA nowadays, but if you haven’t set it up yet that’s a good place to start. Another tip I’d give everyone reading is to maintain good password hygiene by using a password vault like 1Password or LastPass. These vaults let you use different passwords for each account and generate passwords for you that are long, complex, and not easily guessed by bad actors. Password vaults are a great solution for the average Internet user to realistically maintain secure accounts.
The last thing I’d say is to NEVER click that link. Any link that you can’t confirm is legitimate, especially in your email or sent to your phone, is one you need to delete and/or report to your company’s security team. In today’s world, there are phishing attempts everywhere, and if the message looks questionable or you’re not sure where it came from, odds are it’s an attempt to steal your information.
Would you like to share what’s next for PlexTrac?
Starting with the platform, we’re doubling down on what makes the product great and expanding PlexTrac’s functionality for new use cases and features that align with our mission to help security professionals win the right security battles. PlexTrac is also heavily driven by customer feedback and requests, and we use that information to influence our product roadmap. Our goal is truly to mature and evolve the platform to continue to meet the growing needs and maturity of the industry as a whole.
And yes, this also means we’re hiring! PlexTrac has been and will continue to invest in bringing top-tier talent across the entire organization and in every department, from Customer Success, Engineering, Marketing, Sales, and everything in between.
If you’re reading this and are interested in joining the PlexTrac family, visit plextrac.com/company/careers to see our job openings and apply today.