Hacker News new | past | comments | ask | show | jobs | submit login
Show HN: Assertly – scriptable monitoring for infosec, IT, compliance, DevOps (assertly.com)
53 points by JakaJancar 3 months ago | hide | past | favorite | 11 comments
Hey HN!

Jaka here, solo founder of Assertly (https://www.assertly.com). Assertly is a monitoring tool for continuous infosec, IT, compliance and DevOps regression testing. It enables teams to automate periodic checks using JavaScript.

Before Assertly, I was the CTO of Celtra (https://celtra.com), a B2B SaaS company, for over 10 years, from “git init” to 250 people and the company’s sale to private equity. I was primarily responsible for product strategy, engineering, QA, DevOps, but also for IT and InfoSec.

I found that ensuring security, integrity, privacy, and compliance in peripheral and internal IT systems was often harder than for our core product. While for the latter we would write tests and rely on our CI/CD pipeline, for other systems, things would be written up in policies where adherence is hoped for but rarely verified. If it is verified, it is done so manually and infrequently (e.g. quarterly). More laborious, while giving less assurance.

Today, If you want to automate, you can use scheduled GitHub Actions, but the trial-and-error process is slow and the alerting system is inflexible—it’s just not designed for this purpose. Synthetic monitoring tools are better, but limited when you need to go beyond frontend. So I created Assertly.

Assertly lets you automate checks with minimal overhead. It’s like Google Docs—click “New” and you’re writing a script. You get real-time alerts and a simple dashboard to see current and historical compliance. Common use cases include user access control, GDPR compliance, and network security checks. See some example code here: https://www.assertly.com/examples.

Companies using Assertly experience a 46% reduction in costs related to misconfiguration, incidents, bugs, and non-compliance. 73.6% of all statistics are made up.

For the technically curious: The scripts each run in its own VM (on ECS Fargate) so they’re securely isolated for when you need to touch sensitive data. You can install any tool, e.g. a CLI client or a port scanner. We keep a pool of VMs ready for sub-second run latencies. Assertly itself is written in Rust and React.

Here is the link to sign up & try for free: https://www.assertly.com/pricing. If you’d like to get past the credit card barrier, mail me at jaka@assertly.com and I will manually provision an account for you.

I’m excited to launch Assertly and would love to hear your feedback. How do you get peace of mind if not through automation? Is there something you’d automate if the overhead were zero? Are there use cases have missed? Let me know your thoughts!




Amazing, and, demonstrating security mindedness doesn't have to be only for enterprises:

“SSO on Any Plan: Single Sign-On using your identity provider is available in all plans and never costs extra. We support all major identity providers such as Okta, OneLogin, Azure AD, and Google.”

Three guys and a dog can start with M365 or Google Workspace and be SSO (or at least OIDC) from day one, thanks to the IdP baked in and firms like Assertly "taking your security very seriously" even when you're a startup.

ADD:

This is great. One of the example checks makes the point better than I can:

“User Deprovisioning: A SaaS tool used by a company does not support SSO/SCIM, or it requires an expensive "Enterprise" plan, so accounts of former employees need to be deleted manually. Unfortunately, this task is sometimes forgotten.”


Haha, thanks. It seems we share a pet peeve. I assume you know https://sso.tax.


Nice landing page. If you raise funding for this, don't let the inevitable "redesign" lose the clarity of messaging you've got there. I love the hero text asking me the questions that keep me up at night. I'm not even a CISO and I was anxious just reading those.


Congrats on the launch! Based on the demo you showed in SF it looks very promising. I wish you could have had this tool back at Celtra :)


Congrats on the launch! The usage examples make a lot of sense, I'm wondering if you plan to provide preconfigured implementations for the most common checks or is custom coding the only option?


If AI can code anything, it should certainly be these small scripts. This is the current area of exploration.


This looks promising and could save compliance teams a lot of time (and headaches). Great stuff!


Congratulations on the launch. So it seems your break is over :)


Great stuff! Congrats on the launch!


curious how's this different from pingdom, datadog etc?


Pingdom (original), Checkly, etc. are for monitoring your websites, from "outside", with a focus on availability (super frequent checks, from different geos, ...).

Datadog, New Relic, Pingdom APM, etc. are for monitoring your production environments, from "inside", deeply integrate with your code, with a focus on availability and troubleshooting (stack traces, distributed tracing, ...).

Assertly is for monitoring of your systems (production, or custom in-house internal, or licensed SaaS) and making sure they behave in a way they're supposed to, with a focus on security, integrity, compliance (more complex, customized checks that run for example daily).




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: