Gutsy – a company that uses process mining to help organizations visualize and analyze their complex security processes to understand how they actually run, based on observable event data – was recently launched by cybersecurity veterans and serial entrepreneurs Ben Bernstein (Co-founder and CEO), Dima Stopel (Co-founder and VP R&D), and John Morello (Co-founder and CTO). Gutsy’s founders were the founding team of Twistlock, which is a cloud-native security pioneer acquired by Palo Alto Networks in 2019. The company also raised $51 million in a seed round of funding led by YL Ventures and Mayfield.
Gutsy’s 2023 State of Security Governance survey – with responses from over 50 enterprise CISOs – highlighted the problems the company is solving. Surveyed enterprise CISOs have reported that 55% of their security tools are poorly operationalized, which led to process failure being the root cause of 38% of security incidents. Plus, 63% of audit findings result from breakdowns in security processes.
The company’s solution applies process mining to cybersecurity for the first time. It provides automatic and data-driven insight into how an organization’s teams, tools, and processes work together and what outcomes they deliver. Gutsy gives security leaders the data and understanding to answer complex questions and make good decisions.
George Kurtz – CEO of CrowdStrike; Chenxi Wang – Managing Partner at Rain Capital; Mickey Boodaei – CEO of Transmit Security; Udi Mokady – Founder of CyberArk; Assaf Rappaport – CEO of Wiz, and several others joined the funding round. And Navin Chaddha, Managing Partner at Mayfield, and Yoav Leitersdorf, Managing Partner at YL Ventures, have both joined Gutsy’s board of directors. Michael Cortez, Partner at YL Ventures, is a board observer.
Customers are tapping into Gutsy to:
1.) Improve Outcomes – Gutsy helps CISOs gain insight into how their teams, tools, and service providers work together, identifying friction, removing delays, and reducing risk. And Gutsy enables security leaders to define KPIs across all their security functions, automatically measure performance, and instantly drill into what outcomes they’re getting and why.
2.) Transform Auditing – Gutsy automatically gathers data about every execution of every process, automatically correlates activity across complex workflows, and helps security organizations find unknown unknowns. Plus, Gutsy transforms auditing from a time-consuming checkbox exercise into a real understanding of how risks develop and linger.
3.) Drive Strategic Change – Gutsy helps leaders reduce risk from strategic projects like cloud migration, and managed services adoption and deploys new security tools. And Gutsy offers comparative insights on operationalizing changes so ROI can be measured and investments aligned with best practices and standards.
Gutsy’s beta (available now) offers three modules covering processes in identity management, incident response, and vulnerability management. And the platform integrates with a broad range of tools, from cloud providers to HR systems, vulnerability management tools, ticketing systems, EDR platforms, and more. Gutsy is agentless and is available globally in any customer-selected region.
KEY QUOTES:
“Customers often tell us they have 80 or 100 different security tools, but they consider less than half of them to be well operationalized, so they struggle to get the outcomes they need. That’s because security is more than just tools; it’s people, process, and technology. But today security processes are more complex and opaque than ever. Gutsy revolutionizes governance by taking a process and outcome-focused perspective, helping you understand how all the pieces work together, what results you’re delivering, and why you’re getting them.”
— Ben Bernstein, CEO and co-founder of Gutsy
“There is a misconception that the single answer to security is technology, so CISOs increase budgets in hopes that more tools will equal better defenses. Instead, they end up increasing complexity and spending more money on resources to track down what’s broken and why. As a People First investor, we look forward to the journey with the world class-founding team at Gutsy, as they solve this age-old problem with a data-driven approach to understanding security processes so that CISOs can maximize their technology investments, streamline auditing and improve outcomes.”
– Navin Chaddha, Managing Partner, Mayfield
“Gutsy’s seed round check was the largest we’ve written, but one of the easiest decisions we’ve made. These entrepreneurs have a proven track record of consistently and accurately anticipating the market’s needs and addressing business and security priorities, as well as building a startup that had some of the most impressive growth metrics we’ve seen to date. This tried-and-tested approach, along with their vision and determination, ensures that Gutsy will lead the market in their category.”
– Yoav Leitersdorf, Managing Partner of YL Ventures
“At Redis, we are all about the positive impacts of real time data. We’re happy to partner with Gutsy to get a continuous data-driven view of the effectiveness of our security processes, ultimately helping us better secure our products and systems.”
– Quincy Castro (CISO, Redis)
“True cloud transformation requires operational transformation. You can’t safely operate at cloud scale and speed without a new way to do security governance. Gutsy’s innovative, software-driven approach to helping security organizations visualize, gain semantic awareness, and optimize security operations enables organizations to maintain ongoing security governance at cloud scale.”
– Nancy Wang (Former Director of Engineering & GM – Amazon Web Services)
“For decades, security vendors have focused on detections and settings. But without understanding how and why something occurred, it’s hard for CISOs to prevent it from happening again. Gutsy’s application of process mining to security governance can provide customers a different perspective – focusing on processes and outcomes. This process centric approach can help CISOs see the full series of events that leads to an outcome, so they can better mitigate cyber-risk and deliver desired security results more quickly and reliably.”
– Jon Oltsik (Distinguished Analyst and ESG Fellow, Enterprise Strategy Group)
“I’ve always had a hard time understanding and improving my security processes. The way it’s done today is pretty much the same way it was done 20 years ago. It takes too much time and too much manual effort to understand disparate and disconnected tools. Gutsy transforms governance, auditing, and operations by applying software to automatically and continuously gather data about every execution of a security process, correlate the steps within it, and measure compliance with control objectives and SLAs. Gutsy transforms not just your day-to-day but your overall security program by using software to offload mundane tasks so teams can focus on taking action.”
– Frank Kim (Former CISO, Kaiser Permanente)
“Security organizations are constantly going through strategic change to keep up with evolving threats and business needs. Whether that change be organizational, like moving the SOC to a managed service provider, or technical, like deploying a new cloud security platform, these changes are often complex and risky. Gutsy helps organizations lower that risk and quantify ROI by understanding the big picture of how new capabilities work with the rest of their security ecosystem and compare to vendor and industry best practices.”
– Ryan Gurney (Former CISO, Looker)
