A New Way To Do Governance: Gutsy Brings Security Process Mining to Life

Gutsy has pioneered taking the family of data science techniques known as process mining and applying it to security governance. By mining events from an organization’s systems and tools, Gutsy can show how security teams, tools, and processes really work together to expose what works, so it’s easier to fix what doesn’t.

Gutsy Staff | October 6, 2023

Decorative image

For a long time, the mindset of many in security has been to add more tools in an attempt to thwart threats and reduce risks. Security tools have evolved dramatically throughout the years, but that has only helped with one side of the equation. We believe it’s clear that organizations don’t need more detection and protection tools, the real challenge lies in how they are being operationalized. It’s all about tying together people, processes, and tools. The team behind Gutsy has pioneered taking the family of data science techniques known as process mining and applying it to security governance. By mining events from an organization’s systems and tools, Gutsy can show how security teams, tools, and processes really work together to expose what works, so it’s easier to fix what doesn’t.

Gutsy's CEO Ben Bernstein goes to the floor of the NYSE to explain how Gutsy is transforming security outcomes and driving change for CISOs

Ahead of the company’s launch, CEO Ben Bernstein, CTO John Morello, and VP of R&D Dima Stopel discussed how their decades of experience at the intersection of intricate systems, people, tools, and processes influenced this bold new way to do security.

What is the problem Gutsy solves?

John: All three of us have worked in security for pretty much our whole careers with a lot of different technologies. One of the things we kind of all saw was: you have everything from cloud security, to authentication, to cryptography. Yet, for all the tool options people have, they still struggle with seemingly basic things like patching vulnerabilities and removing users and things of that nature.

Ben: And at these enterprises and organizations where we worked it was (and still is) processes and people that tie everything together. Not necessarily just in security. But when we zoomed into the security space we realized it has become fixated on applying technology for detection and protection, rather than operationalization. It’s clear to many security leaders that many of the technology investments they’ve made are not operationalized. The processes around them are broken. They have a hunch about what things work and what don’t but it’s almost impossible given the complexity of the security landscape, based on a hunch to understand how to consistently deliver the outcomes needed.

John: The reason for that, we believe, is that people have been looking at things from a very tool centric perspective versus a process centric perspective. The reality is that almost everything in security is about process. If you don't really understand how those processes works, and where the inefficiencies and inconsistencies are, you're not going to get good outcomes and that’s really where the idea for Gutsy was created.

[Watch] Applying process mining to cyber allows organizations to adapt to detect - and mitigate - new threats faster than traditional methods.

Walk me through the process of building Gutsy.

Dima: We started brainstorming different ideas, and when you hear different ideas, it’s usually easy to say a specific idea is bad. But with this idea, saying it was bad was hard because every question had a good answer for it.

Ben: The brainstorming wasn’t so much about realizing processes are broken. I think we all knew and experienced that. Actually, anyone that’s ever practiced cybersecurity knows that. It was about finding a technology that isn’t “cookie cutter” on one hand, and fits complexity of large organizations, but on the other hand, based on data. Using process mining to solve the operationalization of security is the innovation. And then we start from the customer and work our way back to make sure the platform solves real world problems.

John: We knew the idea itself was a good idea because we didn’t really have to convince people of it. With Gutsy pretty much everyone we’ve talked to has not only identified with the problems we are solving, but they keep telling us that everyone they know at this level, and every place they’ve ever worked, has the same issues. They all agree this is a genuinely different way to think about security that can improve the outcomes they deliver.

What is a measurement of success for you that isn't tied to a number?

Ben: I’m glad to say, for me, significant success was already in getting the band back together. We had so much fun at Twistlock. Now that we’re here, we need to build a big, sustainable company. It’s still far out - but this is where we want to go. Anything less than a big sustainable company would feel, wouldn’t be success, as far as I see it. We have both good timing for working on this profound problem, and the ability to execute on a really big vision a lot of people support.

John: From a product standpoint, it's always doing something that's genuinely useful, that people find real value and utility in and say our solution really changed the way they run their business. That’s not a common thing to be able to do in security. Professionally, the most satisfaction I get is from giving the people that work with us opportunities to do something bigger and to grow their own lives and careers. The kind of opportunities we helped make for our people and seeing them capitalize on them and the impact on them and their families is awesome.

Dima: For me, it’s building a team that can continuously deliver a really high-performing SaaS product. We run it for the customers, so it needs to scale well to provide service to everyone with a high quality user interface. To make our customers happy will make me happy.

What’s the next milestone on that path to success?

Ben: Right now, we need to be very mindful of every little change we make both to the product, and the way we go to the market with it. Building a successful company is about iteratively making changes in the product and going to market. What you do in the beginning has the biggest effect on what you end up with later. When you do these things right in the beginning, you get to the point where you can aggressively go to market. So what’s next? We have a pretty unique offering and with the amazing team we have, we are going to do exactly that.

John: It’s ultimately always about the customers. We have to continue understanding the kinds of governance problems they want us to help solve, meet them wherever they are by integrating with all their tools, and ship a high quality product that inherently helps people do their jobs better. We say that Gutsy helps you 'Know It,' so you can answer hard questions and make good decisions. That’s honestly the core of what I think about when we build.

To learn more about Gutsy’s new way to do security governance, download our free eBook.