The crew is out of stealth!

Idan Tendler
Bridgecrew
Published in
6 min readApr 16, 2020

With $18M in funding we are launching our Free Community Version for the Devops & Security Engineering Community

These are challenging times. I am humbled as I watch people do the extraordinary as they battle this global pandemic. It’s a time of change and uncertainty, but also one of hope and resilience. I’ve seen it everywhere, as people and companies adapt to operate in this new reality.

During these times of change, I am excited to announce the official launch of the Bridgecrew Codified Security Platform, which delivers automation designed to make cloud security engineering simple and scalable.

I am also excited to announce our free community offering that everyone can use to detect and address misconfigurations in their cloud, greatly reducing the time and costs associated with remediating them.

And I’m sure you will excuse my long text here — it was important for me to explain this huge milestone for the company. So here we go.

Why now? The tectonic shift that is security engineering

As organizations move more and more IT services and software to the cloud and adopt faster, more decentralized development techniques, such as infrastructure-as-code (IaC), they need to maintain the security of those deployments. Enforcing encryption, least privileges and logging — they now have to be embedded within all the services and applications built for that environment. If not, all this code that is being quickly created will leave security behind, and across platforms that make it easy for errors, bugs and misconfigurations to creep in.

Security is no longer in the hands of traditional security teams, but rather the responsibility of developers who are building and maintaining all these cloud environments. As a result, it’s becoming a code problem as well an opportunity.

Unfortunately, developers lack the tools they need to implement effective security at scale. Fixing misconfigurations and compliance violations within the cloud can take way too long and require too many resources, which creates a big bottle neck in cloud security.

It’s time we equip engineers and developers with automation tools, delivered as code, so they can quickly and effectively deal with infrastructure security. That’s where Bridgecrew comes in.

Introducing Bridgecrew

A year ago, me and my incredible co-founders and friends Guy Eisenkot and Barak Schoster Goihman. set out to deliver codified security in order to automate DevSecOps. We scale infrastructure security to fit it seamlessly into the CI/CD practices of developers. We spent the last year building a platform that makes security consumable for the cloud, making it easy for everyone to be part of the solution and the community.

Me, Guy, Barak [before COVID-19 don’t worry]

As I described in an earlier blog, we vetted our approach with future customers and current luminaries to ensure we were creating solutions for the industry’s hardest problems. We took the best automation concepts and productized them, leveraging the simplicity of Infrastructure as Code to scale security remediation.

The platform automates the deployment and ongoing management of security workflows, so anyone, anywhere can use them.

With Bridgecrew, you have:

  • Visibility — detect all misconfigurations within your cloud. Bridgecrew constantly monitors your environment, alerting on any violations to ensure you can maintain consistent enforcement of security and compliance best practices.
  • Remediations — provides fixes through your command line; existing development platforms, including CI/CD tools, such as GitHub or CircleCl; ticketing systems, such as Jira; or your cloud providers’ consoles.
    You get:
    Code to automate the remediation in runtime — provides the playbooks you need, all delivered as code, to take care of misconfigurations in your AWS environment (GCP & Azure are coming soon)
    Code to automate fixes in build-time — scans IaC templates (Terraform and CloudFormation) in your CI/CD to detect potential security risks before they are ever deployed intro production and provide quick fix to remediate them
  • Quick deployment — as a SaaS solution, the Bridgecrew platform can be set up in minutes.

Some of our early users told us they were able to automate the fixes and remediations for almost 90% of the open violations in their public clouds. They simply double-clicked on our playbooks or embedded the code we provided as a pull-request on Github and it was taken care of.

Coming out of stealth with our Series A funding

To help us shape the paradigm shift taking place right now in the market, we sought leading investment partners who understand the pressing need to change the way infrastructure security is consumed.

Battery’s Dharmesh Thakker

Dharmesh Thakker from Battery Ventures is exactly that partner — he believed in our passion to change the way engineers run infrastructure security, so we are honored to announce we closed a new round of investment, led by Battery Ventures. Dharmesh will join our board to provide his wealth of market experience.

NFX’s Gigi Levy-Weiss

We have raised a total of $18M in only one year. Our early investors, which included NFX and its incredible Founding Partner Gigi Levy-Weiss, as well as Sorenson Ventures, DNX Ventures, Tectonic Capital, and Homeward Ventures, also participated in the Series A round. In addition, strategic security and Devops leaders joined the round, including Lookout Founder, Kevin Mahaffey; Spotify Head of Security, David Hannigan; Marqeta VP of Security Engineering, David Tsao; Netflix Head of Cloud Security, Srinath Kuruvadi; and the AWS Security Hub Product Manager, Ely Kahn.

We are proud to have the backing of all these industry heavyweights as we lead the charge into the codified security era!

Continued commitment to the engineering community

This codified security era is a collective one. We are committed to working with and contributing to the security engineering community. It’s why we wanted to accompany our launch with the release of a free community tier. Anyone can go, sign up and get codified security for their workflows.

When you sign up, it takes about two minutes to get full visibility into all your public cloud misconfigurations, along with the ability to fix them with one or two clicks.

I invite you to join the movement of codified security!

All possible because of a great team

When trying to change the way an industry operates, you need people who are open to the possibilities and have the talent and vision to see a better way forward.

I am so proud to be part of this Bridgecrew team, which is committed to making security more consumable for all. You guys have done the unimaginable in only one year, and we are just starting!

I am also thankful to our early users and customers, who helped us refine our Platform to deliver maximum value, fast.

We know that if we can do for infrastructure security what others have been doing for application security, we can make it a whole lot easier for engineers to fulfill their security roles and enable their companies to take full advantage of the public cloud.

--

--