[rosslazer]

I don't know why so many people here are shitting on you guys. It is an impressive demo and launch and a wide-open market. I'm rooting for you, guys. There's an easy opening even just after the "inbox" for the security alert use case.

[dogman144]

Maybe pointed at me - criticism comes from a sec startup selling a tool that, when deployed correctly, plugs into every upstream and downstream mission-critical data source, sees every security event worth responding too, and runs response… paired with zero upfront context on how the startup does security themselves (and upon further discussion, it’s not in their background, they have no hires, didn’t know 101 enterprise sec, and what is present is outsourced), what their roadmap is in this regard, why their tool is safe to use given those integrations, and the only info avail in this direction was a boilerplate security.md on GitHub.

All together, it tells me they know how to do great data eng, but not how to do their own blue team and didn’t consider this a critical topic to handle, but also want to sell to blue teams.

Security Saas with great tech are burning sec teams left and right these last 3 years, such that vendor risk questionnaires are changing to ask specifically about what I did in my thread.

[neochris]

D&R at startup scale = set up billing alerts for different resources. Get a good CSPM. Run Trufflehog every pre-commit.

[dogman144]

Yes can run the whole thing through a set of AWS lambdas, pull basic sec platform alerts from your GSuite and so on, dump all them into slack webhooks, dump into slack sec channels, align any sec IR processes to you Ops IR processes which you’ll need anyway.

From there, be disciplined about password managers early, get on at least separate OS logins if still doing BYOD, link up 2FA via Google auth, and figure out your email infra and where the root email that matters for infra is. Enterprise sec up and running.

[neochris]

Dude. I do not trust Lambdas. I've seen way too many CTFs and Cloud privesc paths to know how one even slightly misconfigured Lambda can led to full admin access.

We have a more local solution to query our security logs.

[neochris]

Thanks for the comment Ross. Folks seem to have strong opinions about integrating or separating workflows and ticketing ala alert inbox. We like integrations a lot, but of course there needs to be security specific innovations on top of "just" an inbox that will make us the no-brainer choice.