There are many cyber security threats that can be prevented every year if you are aware of the problem. It could be a classic vulnerable Amazon S3 bucket or a firewall vulnerability. These are what many security professionals might call rookie mistakes, but one that hits companies all the time because of the complexity of monitoring security across your entire IT stack.
Opshelm, a startup from a long-standing group of cybersecurity experts, wants to remove the complexity and fix many common security mistakes right away.
Today, the company has come out of hiding to make the product widely available in public beta, with general availability expected early next year.
What we’re trying to do is where a lot of currently manual, interrupt-driven workflow security tools push an alert to you. And then you need to either fix the problem they’ve identified or decide it’s not an issue,” company founder and CEO Bill Gambardella told TechCrunch.
Prior to founding OpsHelm, Gambardella was COO at Leviathan Security Group and previously worked at Sprout Social Security. His three other co-founders have similar backgrounds, and that means they’ve experienced the same issues themselves that they’re trying to fix with OpsHelm.
What he and his co-founders saw was that the same mistakes and issues were happening over and over again, resulting in late-night or weekend meetings to solve problems that could have been prevented in the first place.
“What I’ve seen from both ends are these little misconfigurations, little cloud issues, little cloud issues, somebody who was once innocent, getting into a big, big problem, say, on a Saturday night, on an all-hands-on-deck emergency call where we were all at.” . And then you need an expensive consultant to help you clean up. Not an ideal place to be but it kept happening again and again.
OpsHelm monitors your security landscape by observing these issues, notifies you in a shared communication tool like Slack or Microsoft Teams that you can accept or reject a fix, and learns how the system will handle it next time no matter what action you take.
Gambardella says it’s not about learning from the environment your company operates in and helping teams move forward without too much discussion, leaving room for later audits if needed.
“We’re trying to get out of the ‘warning where you need to stop what you’re doing and spend 15 minutes talking to people,'” says Tim on the Ops team. “It’s OK if this S3 bucket is on the Internet and can be publicly exposed.”
Security Ops can track all of these through the operations dashboard and still decide to talk to the person who gave the specific green light to see if there is a valid reason for this specific action, but the idea is to empower people to deal with these. matters at present.
It’s a very stealth startup that launched earlier this year and has raised $1.3 million.