Introducing Amplifier: Self-Healing Workforce Security

Introducing Amplifier: Self-Healing Workforce Security

Today we’re amped up to unveil what we’ve been laser focused on building for the past year - Amplifier Security

First, a hat-tip and salute to our band of design partners who made our product and this day a reality – Nick Vigier @ Oscar Health, Daniel Wong @ Skyflow, Steve Mancini @ Guardant Health, Dave Lavelle @ Instabase, Mike Shannon @ Guardant Health, Tom Hettick @ Skyflow, Johan Dowdy @ Asana, Jess Snipes @ Pixar, Aftab Banth @ TikTok, JR Lanteri @ Squarespace 🫡🤘

Each of these modern security practitioners featured in the above collage has been a trailblazer, problem-solver and true amplifier of our vision and mission. Our sincere thanks to each of you for taking time out of your busy days to embrace our product, provide constant feedback and believe in us 🙏.

We’re stoked to launch Amplifier with a $3.3m over-subscribed pre-seed funding round led by Cota Capital with participation from WestWave Capital and Shift Left Ventures, as well as angel investments from industry luminaries and founders of Slack, MobileIron, Centrify, PeopleNet, Skyflow and Mercury. 

With over two decades of experience in security and technology companies, we’ve witnessed how businesses are becoming hybrid and dynamic at a record pace. Security teams are struggling to keep up with this trend, which is manifesting itself in a record number of breaches, disgruntled security teams and new security tools coming to market that frequently don’t move the needle. It is time to break this cycle, flip the problem on its head, and use the latest AI technology to take a new approach to securing your workforce. 

This is why we built Amplifier Security, which enables self-healing security for your workforce. Powered by a security data fabric, AI copilot and human-in-the-loop automation, Amplifier helps your workforce resolve their own security issues autonomously. With Amplifier, security teams can finally get a comprehensive picture of their organization’s security health and automatically engage employees to take self-healing actions to remediate risk. Getting your whole company involved creates a synergy between the security team and the workforce that allows you to build a world-class and sustainable security program.

Today, we’re eager to go live! But first, allow us to set the stage.

The Last Mile Problem with Security Tools and Operations 

Security has a last mile problem. Every company has the best of breed cybersecurity tools in place, but it requires every employee to use all those tools effectively. 

For example – looking at large recent breaches, like MGM or Lastpass, many started with one user doing the wrong thing. All it takes is one employee to not use strong multi-factor authentication or have an unpatched vulnerability for a breach to occur. Unsurprisingly, basic user security hygiene can still protect against 99% of all cyber attacks.

So how do you solve this? Human interaction is needed to fix it, but that’s easier said than done. 

Security teams often don’t have the bandwidth to engage every employee to elicit action, which requires empathy, nuance and constant context switching to adjust your messaging and tone based on whom you’re interacting with. 

In the B2C world, some industries have solved this last mile security challenge with automated human engagements. For example, credit card companies reach out to you in real time to validate that a suspicious transaction is actually yours. Based on your responses, the credit card provider will either approve the transaction or refuse payment. We call this human-in-the-loop automation.

Human-in-the-loop security automation is hard to build in workplaces. The problem is that in workplaces, security teams can’t be everywhere, and corporate security tools are not designed to interact with your workforce. They’re meant to mostly work in the background.

Our Journey: Learnings from Human-in-the-Loop Automation in Workplaces

From our 20+ years in the security industry, we know firsthand how difficult it can be to engage employees to gain context and solve security issues. We solved this in our prior roles with a suite of expensive enterprise security tools and deep subject matter expertise across multiple departments using data lakes, data visualization tools, security automation platforms and custom chatbots. Our complex patchwork of out-of-the-box tools still yielded significant improvements in security tooling effectiveness, workforce productivity and security culture change. 

By operationalizing security as a team sport, we were able to get the most out of our existing cybersecurity investments by ensuring tooling coverage was always at 100%. Security issues got fixed faster with less involvement from the security team – no more cat-herding employees for outstanding security gaps and tasks. Employees didn’t get blocked from using their productivity applications because they participated to help resolve or triage a false positive. We saw a 30% increase in security teams’ bandwidth and created a delightful employee experience. When security teams engaged with every level of the business and employees in a more informative, empathetic, contextual style, it truly transformed their relationship and reputation with the entire company.

But we knew that, with purpose-built technology, it could be even better. And we were not alone –  we spoke with security and IT teams at 20+ organizations. It became clear that many companies were experiencing the same challenges we had faced and were actively looking for a solution. Some teams we spoke with had built piecemeal components of an end-to-end solution with similar homegrown approaches. Unfortunately, most security teams don’t have the time, budget or team bandwidth to comprehensively solve the problem. It became clear that there was a massive gap in the market that was preventing security and IT practitioners from being successful with their existing tools across their workforce. This gave us the idea to take it to the next level with Amplifier…we’ll say more about that in a minute! 

The Role of AI and Human-in-the-Loop Automation

Truly engaging with users to solve problems requires a highly nuanced complex conversation. Instead of thinking of automation as multiple steps in a complex workflow, we imagined it as a conversation with your workforce — a conversation that could orchestrate security remediations for both the employee and the security team. AI-based automation provides the technology to do this at scale.

So, inspired by B2C consumer experiences, and the advent of AI, we figured, what if, instead of thinking of automation as the removal of human involvement from a security task, we imagined it as the selective inclusion of human participation? 

There was a clear opportunity for this type of a new approach, that flips the script by engaging employees on behalf of all security tools and leverages the power of AI in a human-friendly way. In Amplifier, that manifests in an AI security copilot that can help the workforce secure themselves to maximize security without blocking productivity.

Meet Ampy - Your AI Security Buddy

Amplifier is our answer to all those challenges and ideas. Amplifier brings this capability as an engagement layer to all your existing security tools through Ampy, a trusted copilot that acts as an AI security buddy who helps employees understand the risk they are creating for the organization and empower employees to take self-healing security actions. Ampy engages with employees, guiding them through security protocols based on real-time insights. Instead of taking a blunt hammer approach, Ampy loops in employees in a friendly and collaborative way to enforce security controls. And does it with empathy and humor, always explaining the why behind each security risk, finding and required action. This approach not only speeds up response times but also significantly boosts an organization's security posture by involving employees directly in the security process. 

Ampy is backed by Amplifier’s human-in-the-loop automation platform, composed of a security data fabric, security hub and engagement studio. The platform integrates into all your corporate security tools and normalizes data across those tools to provide you with unique data insights – such as “Are all our security tools deployed and operational across all employees?” “Who are our riskiest users and departments?” “What are our highest priority security findings?” So when a security finding is discovered by Amplifier’s platform, Ampy reaches out and solves problems in an engaging way with employees that has never been seen in the market – transforming how employees interact with corporate security tools, enhancing security without hindering productivity.

Join the movement

Without humans in the loop, AI security automation loses its meaning. It is just another siloed, disruptive security process that gets in the way of employees’ actual jobs. But with human participation, AI automation becomes a tool to harness the power of your workforce and improve your organization’s security health. After all, Gartner predicts that by 2027, 50% of CISOs will have adopted human-centric security design practices to minimize cybersecurity-induced friction and maximize control adoption.

We believe security should be a friendly, approachable and cooperative discipline. Our vision is to shift the cybersecurity focus back to include both technology and the people who use it, creating a balanced and more secure environment for businesses. Self-healing security means helping employees to understand the meaning behind security controls, encouraging them to actively contribute information, and empowering them to take action. This is Amplifier’s superpower — and we can’t wait to share it with the world.

Calling modern security practitioners - if you think and operate at our frequency, we invite you to join the movement to amp up your workforce security!

Checkout more

User-Friendly Automation for JAMF Smart Group Compliance

4 Modern Human Security Trends We Learned at Black Hat & Bsides 2024

Human-Centric Security Means Coaching Instead of Diagnosing

Sound Check