Automated incident reporting and response
BreachRx is an incident reporting and response platform designed for security, legal, and privacy teams to get ahead of incidents when they occur. The company’s core mission is to help organizations harness the power of automation to reduce risk with modern response capabilities.
With over 20 years of experience in security, BreachRx Co-founder and Chief Product Officer Matt Hartley discovered a gap in the market. “Security and IT professionals understand the technical side of incident response, but they struggle with reporting and notification,” Matt says. This is especially true for companies that are highly regulated, or handle a lot of sensitive data, such as healthcare and financial organizations.
As a SaaS provider of an incident response solution, BreachRx was designed with security in mind from the very beginning. BreachRx explains its security and compliance ethos in a blog post announcing its SOC 2 Type II attestation with Vanta. “Proactively preparing for regulatory and contractual requirements is a fundamental and necessary foundation for any security and privacy program, and that is core to our product.”
In addition to incident response, BreachRx recently developed a product feature that helps companies handle incident response requirements and exercises for frameworks like SOC 2.
Carving out a new market category
According to Matt, many companies are still handling incident reporting and response with traditional, outdated tools and practices. “By and large, companies are just not ready to properly handle incident response. Using spreadsheets is still very common.”
This creates a considerable challenge for BreachRx—market a solution that many prospects don’t know they need. “Awareness is a big challenge for us,” Matt says. “The market is very inefficient in dealing with incident response. Incidents are increasing and the number of laws is also increasing.”
In addition to handling incident response, the rapid change of regulation also creates challenges for companies, even if they don’t know it yet. Laws like GDPR and CCPA are two of the most well-known data protection laws, but there are over 180 data protection regulations across the world, including every state in the US. This creates a need for organizations to stay agile. “Right now we’re focused on generating sales and building awareness to help security professionals understand regulatory pressure,” Matt says.
But prospects that do recognize the need for a smarter incident response strategy also demand partners that can be trusted. “The data we're holding for customers is some of the most sensitive data they have,” Matt comments. “Big companies want to feel good about doing business and partnering with us. They want to be able to check the SOC 2 box.”
Make every sales opportunity count with SOC 2
In order to gain traction in a new market, BreachRx needs a way to prove security and accelerate the sales process. After a number of security questionnaires, BreachRx decided to prioritize SOC 2 as fast as possible. “We always knew that SOC 2 would be table stakes for us to grow, but as we went out to market, we had customers asking us to do security surveys and all of them were different. We realized we should just move to SOC 2 more quickly,” Matt reflects.
Most of BreachRx’s prospects are based in the US which made SOC 2 the preferred compliance framework for proving security. After assessing multiple compliance solutions, BreachRx chose Vanta to pursue a SOC 2 Type I attestation. “Speed to compliance was number one for us,” Matt says.
Another big factor was finding a solution that looked and felt like BreachRx. “We wanted to find a compliance partner that offered a highly automated platform built by security experts with a strong reputation.” BreachRx also wanted to find a partner that offered scaleable compliance and growth. Although SOC 2 Type II was the original priority, the company wanted a partner that could easily launch them to ISO 27001 in the future.
More trust leads to accelerated sales cycles
Because BreachRx had already established a strong security program, Matt and his team felt prepared to quickly obtain a SOC 2 report. BreachRx was able to navigate the SOC 2 Type I process in only five days. “We had already built a lot of processes and retained good documentation to prove it.”
To expedite the audit process, BreachRx decided to separate audit prep into two categories—technical tasks and administrative tasks. “Our lead engineer handled the AWS side of things and I handled policies,” Matt says. “I used Vanta’s templates to improve what we had already written. I used all my non-sales time to get it done.” The result? BreachRx was able to float through the SOC 2 Type I audit process in under a week.
After speeding through Type I, BreachRx immediately pursued Type II with the same auditor as fast as possible. Vanta’s platform kept BreachRx on track through continuous monitoring and automated evidence collection. “One of the great things about Vanta is that it sends you a lot of notifications when something is falling out of compliance. This made it really easy to get our Type II.”
Vanta’s ability to integrate with BreachRx’s tools and serve as a single source of truth played a key role in BreachRx’s streamlined audit process. “We were able to easily link Vanta to our automated infrastructure with quick updates to some infrastructure code,” Matt says. Since achieving SOC 2 Type II attestation, BreachRx regularly shares its SOC 2 report with prospects and other interested parties.
After a positive audit experience with Vanta, BreachRx realized its platform could help other companies quickly achieve SOC 2 attestation with its own solution. BreachRx leveraged its own platform for their SOC 2. They’re now helping their customers successfully create, organize, and monitor compliance controls revolving around incident response. “We’re also creating an automated wizard that will guide people through required incident exercises. Instead of wasting time or stressing about this, we hope to narrow that process down to an hour.”
BreachRx has since become a Connectors API partner and developed an integration specifically for Vanta users. “As it expands, the integration will let Vanta customers flip the BreachRx switch and make everything related to incident response go green,” Matt says. “We want to raise the bar for security across the board and help people get compliant faster.”