When a critical security flaw can't be immediately fixed, IT teams lack tooling to systematically identify and implement interim containment — network isolation, proxy rules, monitoring, and access restrictions — to minimize blast radius.
Analyzes a described vulnerability and affected system, then generates a prioritized containment playbook: firewall rules, VLAN segmentation, proxy configurations, access restrictions, and monitoring alerts to deploy while waiting for full remediation.
Freemium — free for basic containment plans, paid ($200-800/mo) for continuous monitoring recommendations and integration with firewalls/SIEMs
The Reddit thread and broader industry signals confirm this is a genuine, high-stress pain point. Security teams are told 'you can't patch this' and left scrambling with tribal knowledge to contain risk. The emotional intensity (people losing sleep over unfixable architectural flaws) and the fact that careers end over breaches from known-but-unpatched vulns makes this an 8. Not a 9 because large enterprises sometimes have senior architects who can do this mentally — it's painful but not impossible without tooling.
TAM is tricky. The broad vuln management market is $16B+, but this is a narrow slice — the 'compensating controls' wedge. Addressable market is roughly: ~200K organizations running legacy systems with dedicated security teams × $500/mo avg = ~$1.2B theoretical. Realistically serviceable market for a startup is maybe $50-100M. Solid for a venture-scale business, excellent for a bootstrapped one. Score reflects that this is a real but niche market.
Security teams have budget and are accustomed to paying for tooling ($2K-$100K+/year is normal). $200-800/mo is well within 'team lead can approve' range at most companies. The value prop is concrete: 'reduce risk of breach from known vulns while waiting for remediation.' Compliance requirements (PCI DSS compensating controls documentation) create a forcing function. Score isn't higher because buyers may initially see this as 'just a checklist' they could build internally.
Core MVP is essentially a decision-tree/rules engine: take vulnerability type + system context → output prioritized containment recommendations (firewall rules, VLAN suggestions, monitoring alerts, access restrictions). An LLM layer on top of a structured knowledge base of compensating controls makes this very buildable. No hardware, no agents to deploy, no complex integrations for v1. A solo dev with security domain knowledge could ship an MVP (web app with vulnerability intake form → containment playbook PDF/export) in 4-6 weeks. Integrations with firewalls/SIEMs are v2.
This is the strongest signal. Every major player focuses on finding vulns and driving patches. The moment a vuln is marked 'can't fix right now,' existing tools essentially abandon the user. No one owns the 'containment while waiting' workflow. SOAR tools CAN execute containment but don't RECOMMEND it. This is a genuine whitespace. Score is 8 not 9 because large consultancies (Deloitte, Mandiant) do this as professional services, and internal red teams sometimes fill this role — but no product does it.
Strong recurring dynamics: (1) new vulns are discovered continuously, (2) legacy systems don't go away — they accumulate, (3) containment posture needs continuous monitoring and adjustment, (4) compliance requires ongoing documentation of compensating controls. The 'continuous monitoring recommendations' tier at $200-800/mo maps naturally to subscription. Churn risk is moderate — once a vuln is finally patched, that specific need ends, but new vulns constantly replace it.
- +Clear whitespace — no product owns the 'compensating controls recommendation' workflow between vuln discovery and remediation
- +High-emotion, career-risk pain point with real Reddit/forum signal from practitioners, not just executives
- +Compliance tailwind — PCI DSS 4.0, HIPAA, and SOC2 increasingly require documented compensating controls, creating a regulatory forcing function
- +Low technical complexity for MVP — rules engine + LLM + structured knowledge base, no agents or deep integrations needed for v1
- +Price point ($200-800/mo) sits in the sweet spot where a security team lead can expense it without VP approval
- !Vulnerability management giants (Tenable, Rapid7, Wiz) could add 'containment recommendations' as a feature — you'd be competing with a checkbox on their roadmap
- !Credibility gap — security teams won't trust containment advice from an unknown vendor without strong domain authority; a bad recommendation could cause an outage or a breach
- !Knowledge base maintenance is the real moat AND the real burden — compensating controls vary wildly by system type, network topology, and compliance framework, requiring continuous curation
- !Market education needed — many teams don't realize they SHOULD have a systematic containment process; they just wing it and accept the risk
- !LLM-generated security recommendations carry liability risk — a hallucinated firewall rule that blocks legitimate traffic or leaves a gap is a serious trust destroyer
Vulnerability management platform that identifies, prioritizes, and tracks vulnerabilities across infrastructure. Offers some remediation guidance and workflow management.
Cloud security platform providing agentless vulnerability detection, attack path analysis, and risk prioritization across cloud environments.
Vulnerability remediation orchestration platform that connects scanners to ticketing and automation tools to drive fix workflows.
Vulnerability management with built-in SOAR
IT service management module that creates structured workflows for vulnerability remediation, integrating with CMDB and change management.
Web app where a user describes the vulnerability (CVE or free-text), affected system type (Windows server, network appliance, legacy app, etc.), and network context (internet-facing, internal, cloud). Output is a prioritized containment playbook as a downloadable PDF/Markdown: specific firewall rules to restrict access, VLAN isolation recommendations, monitoring queries (Splunk/Elastic format) to detect exploitation attempts, access restriction changes, and a 'what to watch for' checklist. No integrations in v1 — just smart, actionable recommendations. Include a 'compliance documentation' section that maps each control to PCI DSS / NIST / CIS frameworks for auditor-ready output.
Free tier: 3 containment playbooks/month with basic recommendations → Pro ($200/mo): unlimited playbooks, compliance mapping, exportable formats, monitoring query generation → Team ($500/mo): shared playbook library, historical tracking of containment posture, team collaboration → Enterprise ($800+/mo): SIEM/firewall integration APIs, continuous monitoring recommendations, custom compliance frameworks, SSO/RBAC
8-12 weeks. Weeks 1-4: build MVP with 20-30 well-curated containment playbook templates covering the most common unfixable scenarios (legacy SMB, unpatched network appliances, architectural auth flaws). Weeks 5-6: beta with 10-15 security practitioners from Reddit/Discord communities for feedback. Weeks 7-8: launch on Product Hunt, r/sysadmin, r/netsec with free tier. Weeks 8-12: convert power users to Pro tier. First paying customer realistic by week 8-10.
- “taking actionable steps to lock down access to this thing to the extent I can”
- “core issue is a fundamental security architecture flaw”
- “Can you isolate the system while still providing functionality? firewall that sucker off/get it behind a proxy/stick it in its own vlan”
- “strategies to monitor, lower the blast radius, and add additional protection”