Virtualization Technology News and Information
Article
RSS
VMblog QA with Michael Nov, CEO of Prime Security: How AI is Transforming Software Security from the Design Stage

interview-prime-nov 

With the rise of sophisticated cyber threats, integrating security into the design phase of software development has become more crucial than ever. Recently, Prime Security emerged from stealth, unveiling an AI-powered solution that enables security teams to establish guardrails early in the design process, helping to detect and mitigate risks before development even begins.

To explore how this new solution is reshaping security processes, I spoke with Michael Nov, co-founder and CEO of Prime Security.

VMblog:  You recently launched Prime Security and the Prime Product Security Platform. Tell us about the background of the company.

Michael Nov:  Prime Security started ten months ago, born out of a pain point we encountered as Technical and Security leaders in our respective companies. We constantly saw friction between security and engineering, which slowed down product velocity and stifled innovation. While there are plenty of tools to secure the SDLC once code is written, the design stage-the first stage-remains manual. Security teams don't yet have a scalable way to monitor and mitigate risks at this early phase. As a team of four co-founders and long-time friends, we knew we could change this. Advancements in Generative AI finally provided the infrastructure needed to automate design-stage security, which is where Prime Security comes in.

VMblog: What can companies expect from the Prime Product Security Platform?

Nov: After a 10-minute integration, companies using Prime Security typically see initial value within 24 hours of deployment. Our product delivers value across three critical areas:

  1. Risk Visibility: Prime enables security teams to proactively identify emerging security and compliance risks in planned development work, solving a problem that was previously managed manually through long conversations between security and engineering teams.
  2. Context Interpretation: Every development task has a history, often spanning multiple components and sources across the organization. Prime aggregates and interprets this data to provide a clear, concise summary for the security engineer, allowing them to quickly understand the task's goals and potential risks.
  3. Mitigation Recommendations: For every identified risk, Prime generates customized recommendations tailored to the customer's environment. These recommendations can be based on standard frameworks like NIST and PCI or internal policies. The recommendations are easy to review and share with technical teams at the click of a button.

VMblog: What are the benefits of starting security product design at code, and what are best practices?

Nov: The two main benefits are:

  1. Enhancing Product Security: Design flaws can be critical to the overall security of a product, but they are often only detected through manual reviews. Automating this process makes it more reliable.
  2. Improving Product Velocity: Late-stage security remediations are both costly and slow down the business. Addressing risks at the design stage eliminates delays caused by last-minute fixes.

At a certain scale-typically around 50 engineers-organizations become acutely aware of the need to integrate security into the SDLC. While there are many tools to secure code post-development, the design stage remains manual. Teams address this in various ways, including Security Design Reviews, Threat Modeling, or training Security Champions, but these approaches don't scale well, especially when you have one security engineer for every 100 developers. As a result, critical risks are often missed.

VMblog: How does the platform leverage AI?

Nov: AI, particularly Generative AI, is at the core of Prime Security. Since the majority of our input data is unstructured (e.g., text), we leverage large language models (LLMs) to assist with risk identification, context summarization, and generating actionable recommendations. We also incorporate deep learning techniques to continuously improve the accuracy of our insights. The combination of LLMs and traditional AI methods allows us to offer precise and actionable risk management.

VMblog: How are enterprises using it now, and are there any use cases that you can tell us about?

Nov: Enterprises are using Prime Security to gain visibility into risks during the planning stages of development, quickly grasp the context of tasks, understand potential risks, and generate actionable recommendations. One of our customers said, "Prime Security turns a single security engineer into a one-person army with AI-driven automation and insights. Your engineering and product teams will think you hired five extra security engineers."

In terms of use cases, our product helps customers identify and mitigate risks across three key areas:

  • Gaps in security architecture, like a lack of authentication for a new API.
  • Design-stage security violations, such as disabling HTTPS for testing purposes.
  • Compliance violations, including moving PII to a non-PII zone.

VMblog: Is there anything else our readers should think about?

Nov: While we began by focusing on the design stage of software development, we don't plan to stop there. We are building a platform targeting product security, which is broader than just Application Security. True product security covers applications, infrastructure, and policy management. The design stage is just the first step in a much larger journey.

##

Bio:

Michael Nov is the co-founder and CEO of Prime Security, where he is helping organizations scale security from the design phase of software development. With a strong background in technology leadership, Michael previously held key roles at companies including Deloitte and OwnBackup. Michael is also an angel investor and actively supports startup initiatives in the Greater New York City area.

Published Monday, October 14, 2024 7:30 AM by David Marshall
Filed under: ,
Comments
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
Calendar
<October 2024>
SuMoTuWeThFrSa
293012345
6789101112
13141516171819
20212223242526
272829303112
3456789