There are so many preventable cybersecurity incidents each year, if only you were aware of the problem. It could be the classic exposed Amazon S3 bucket or a firewall vulnerability. These are what many security experts might call rookie mistakes, but which hit companies all the time because of the sheer complexity of tracking security along your entire IT stack.
OpsHelm, an early-stage startup from a group of longtime cybersecurity professionals, wants to strip away the complexity and automatically correct a lot of the most common security mistakes, the kind that can cause big problems if they go undetected.
Today, the company emerged from stealth to make the product more widely available in a public beta with general availability expected early next year.
“What we’re trying to do is automate a lot of what’s currently a fairly manual, interrupt-driven workflow where security tools push an alert to you. And then you’ll have to go fix the problem that they’ve identified or decide whether it’s not an issue,” company co-founder and CEO Bill Gambardella told TechCrunch.
Prior to founding OpsHelm, Gambardella was COO at Leviathan Security Group, and previously ran security at Sprout Social. His three other co-founders have similar pedigrees, and that means they have experienced firsthand the kinds of issues they are trying to fix with OpsHelm.
He said what he and his co-founders saw was the same mistakes and issues occurring over and over again, resulting in late-night or weekend meetings to try and fix a problem that could have been preventable in the first place.
“What I saw from both ends of that spectrum was that these little misconfigurations, little cloud problems, little cloud issues, somebody innocently committed at one point, cascading into big, big problems on let’s say, Saturday night, where we all were on an all-hands-on-deck call dealing with an incident. And then you need an expensive consultancy to help you clean it up. Not an ideal place to be, but it did keep happening over and over again,” he said.
OpsHelm monitors your security landscape looking for those issues, letting you know in a common communications tool like Slack or Microsoft Teams where you can accept or reject the fix, and whatever action you take, the system learns about how to handle it next time.
Gambardella says this is not based on so-called best practices so much as learning from the environment in which your company is operating, and helping teams move on without a lot of discussion, while leaving room for auditing later if it’s required.
“We’re trying to move away from ‘Here’s an alert you need to go investigate, drop what you’re doing, and spend 15 minutes talking to people,’ to more of ‘at 3:04 pm Tim on the Ops team said he is OK that this S3 bucket can be on the internet and publicly exposed,’” he said.
Security ops can track all of this in an operations dashboard, and could still decide to talk to the person who greenlighted the exception to find out if there was a justifiable reason for this particular action, but the idea is to empower people to deal with these issues in the moment.
The very stealthy startup launched earlier this year, and has raised $1.3 million.