Why we built Crowdalert
It all started with apple juice and a balloon
For too long, people who work in security have been sounding off about alert fatigue. The outcry has grown so incessant that we think it’s time to move on from calling it alert fatigue to alert exhaustion.
All the noise around this issue is justified because the pain of the problem is very real. We know-we’ve lived it, first hand. We’ve experienced it from both the security and the engineering sides at several companies. Philip in senior engineering positions at Eventbrite, Stripe, and Patreon where he acted as a partner to security teams; and John where he led security operations teams at Cisco, Slack, and Carta.
In our respective roles, we saw an alarming growth in alerts from the ballooning security tools stack. We noticed something else as well: a lack of trusted and timely communication between security teams and the rest of the company which contributes to false positives and potentially missing real threats.
Our lived experience led us to build Crowdalert, which finally fixes the alert overload problem for security teams. We’re sharing the story of how we got here so you can better understand who we are and what kind of company we’re building. And, why making home-brewed cider is a great way to brainstorm a new start-up. (Don’t worry, we’ll explain.)
We couldn’t buy it - so we built it
The frustration with operational bottlenecks and delays in incident response from too many alerts – and the absence of any good solution on the market - inspired John to create an internal tool in Slack to automate the alert verification process. Necessity may be the mother of invention but exasperation is often the father. John built this solution around a critical missing link in the battle to intelligently automate the security alert process. Namely, humans.
We don’t mean more people to respond to more alerts; that’s a vicious cycle that doesn’t scale. We’re talking about the human element. Remember, every single alert involves a human. Their actions are central to understanding the root cause of an alert to find out what’s really going on. To do that, you need to quickly communicate with the employee to get first-hand knowledge of the actions they take to do their jobs and why. We believe that only by bringing humans into the security loop can SecOps focus on lower volume, higher fidelity investigations and reduce real risks to an organization.
So we talked to people in the industry, many of whom had cobbled together some kind of internal tool themselves to try and reduce the volume of alerts. We saw an opportunity to take our very good tool and turn it into a bonafide commercial solution with a great UI.
We also realized that we needed to innovate further to build a sustainable product that can go beyond creating efficiencies. So we included a risk scoring and routing engine that sends the right alerts to the right team. And, a machine-learning engine that prioritizes alerts based on the severity and sensitivity of employee actions.
And because employees are well, human, we designed Crowdalert to map employee identities across systems so security teams can quickly see all actions taken by a specific account before and after an alert. We proved this approach twice while leading security operations at other companies (You can learn more about what Crowdalert does here.)
Let’s get back to the human element. We believe there is often a communication gap between security teams and the rest of the company. By enabling a frictionless way for a security analyst to connect with an employee when an alert is raised - a quick, simple ping on Slack - we create a connection between teams that are (let’s be honest) sometimes at odds. We think Crowdalert can help bring more people into the security circle of trust and help build relationships across functions. And that’s good for the company as a whole.
People are a priority in our product and the company
Our belief in the power of human intelligence and connections also informs the way we are building and growing Crowdalert. We know many founders who say that, and sometimes it’s even true, but we put our money where our mouth is. We intentionally leverage existing tools or combine technologies as much as possible and avoid any big infrastructure spending, so that we can invest more of our budget in people. That includes offering competitive compensation, a commute-free virtual structure, and a four-day workweek. We have other benefits that encourage our team to support their local community. (Interested? Email hello@crowdalert.com.)
If you’ve read this far, you might be wondering - where’s the part about home brewing?
Before we joined forces at Crowdalert, we only knew each other through a Slack channel frequented by security and engineering nerds like us. And that’s where we discovered a shared passion for home brewing wine and cider. While making a few batches together (using only apple juice, yeast, and a balloon) we found ourselves brainstorming about what would eventually become Crowdalert. A humble start, but one that suits us pretty well. And just in case you’re wondering, yes, free homemade cider is another Crowdalert employee benefit, and one we’re particularly proud of.
- By
- Philip James
- John Sonnenschein
Last Updated 2024.05.30