L1 help desk staff can accidentally skip identity verification steps during password resets and other sensitive operations, leaving organizations vulnerable to social engineering attacks.
A middleware/plugin for ITSM tools (ServiceNow, Jira Service Desk, Freshdesk) that blocks privileged actions (password resets, MFA changes, access grants) until automated 2FA verification is completed. The system sends a challenge to the user's registered device and only unlocks the action upon confirmation. Includes manager override with audit trail.
SaaS subscription per seat/agent, tiered by org size. $5-15/agent/month.
This is a hair-on-fire problem post-MGM. The Reddit pain signals are visceral ('I completely fucked up'). A single missed verification can lead to a full org compromise. CISOs are actively seeking solutions after Scattered Spider demonstrated this attack at scale. Cyber insurance and compliance are forcing the issue. The pain is existential — one social engineering call can cost $100M+.
TAM for help desk identity verification is estimated $500M-$1.5B. At $5-15/agent/month, even capturing 1% of the ~2M+ IT help desk agents globally yields $12-36M ARR. Mid-to-large enterprises (10K+ companies globally with dedicated help desks) are the sweet spot. MSPs managing multiple clients are a force multiplier. Not a massive market, but large enough for a very successful outcome.
$5-15/agent/month is trivial compared to the risk. A single help desk social engineering incident costs $100K-$100M+. Cyber insurance premium reductions alone could offset the cost. Security budgets at mid-to-large enterprises are $500K-$50M+. This is a compliance checkbox item that CISOs can justify easily. The buyer (CISO/IT manager) has budget authority and clear motivation post-breach-headlines.
Core concept is straightforward: middleware that intercepts privileged ITSM actions and triggers 2FA. However, building production-quality plugins for ServiceNow, Jira Service Management, AND Freshdesk in 4-8 weeks is ambitious. ServiceNow alone has a complex plugin architecture. Recommend starting with ONE ITSM platform (ServiceNow — largest enterprise market share) for MVP. The 2FA verification layer (Twilio Verify, Duo API) is easy. The ITSM integration and action-blocking middleware is the hard part.
The gap is clear and validated: no existing product integrates directly into ITSM ticket workflows to block privileged actions with automated verification. Specops does phone-call verification but has no ITSM plugins. Nametag uses heavy biometrics. Duo/Okta/Silverfort require custom development. The 'lightweight 2FA embedded in the ticket workflow' approach is genuinely unoccupied territory. The risk is that Specops, ServiceNow, or Okta could build this, but incumbents move slowly on niche features.
This is a natural SaaS subscription. Per-agent/month pricing aligns with ITSM buying patterns. Once deployed, it becomes a compliance requirement that's nearly impossible to remove. High switching costs (integrated into ITSM workflows, audit trails, compliance reporting). Expansion revenue as orgs add agents and ITSM platforms. MSPs create multi-tenant recurring revenue. Security tools have among the lowest churn rates in SaaS.
- +Hair-on-fire problem validated by $100M+ breaches (MGM, Caesars) — CISOs are actively buying
- +Clear competitive gap: no one does ITSM-native ticket-level verification with lightweight 2FA
- +Strong recurring SaaS model with high switching costs and compliance lock-in
- +Price point ($5-15/agent/mo) is a rounding error vs. the risk, making it an easy budget approval
- +Timing is ideal: post-breach urgency + deepfake threats + cyber insurance requirements converging
- +MSP channel is a force multiplier — one MSP sale = dozens of end-customer deployments
- !Platform risk: ServiceNow, Atlassian, or Freshworks could build this natively and kill you overnight
- !Specops (established player with domain expertise) could add ITSM integrations and out-execute you
- !Enterprise sales cycles are 3-9 months — you need runway and patience before revenue flows
- !Multi-ITSM-platform support is an engineering tax: each platform is a separate integration to build and maintain
- !CISO buyers are conservative and prefer established vendors — a no-name startup faces trust barriers in security
- !If organizations adopt self-service password reset (SSPR) widely, the help desk volume for password resets shrinks
Purpose-built help desk caller verification tool that enforces identity verification
Newer entrant using facial biometrics + government ID verification specifically for help desk and account recovery. Directly markets against MGM/Scattered Spider attack vectors. Verifies requesters before password resets, MFA changes, and account recovery.
Enterprise MFA/Zero Trust platform. Organizations use Duo's Admin API to trigger verification pushes to users before help desk agents process requests. Verified Push with number matching can verify identity. Not a dedicated help desk product but the building blocks exist.
Identity platform with workflow automation that can be configured to require step-up authentication before processing privileged requests. ServiceNow integration for access request workflows. Identity Verification feature adds document/selfie matching for high-assurance scenarios.
Agentless identity threat detection and MFA enforcement platform. Can extend MFA to any resource including help desk tools and password reset operations. Detects anomalous authentication patterns and enforces step-up verification across hybrid environments.
Build a ServiceNow plugin (largest enterprise ITSM market share) that intercepts password reset and MFA change tickets. When an agent attempts to process a privileged action, the plugin blocks execution and sends a push notification or SMS code (via Twilio Verify or Duo API) to the requester's registered device. Action only unlocks after successful verification. Include a manager override with mandatory audit logging. Ship with a simple admin dashboard showing verification rates, bypass attempts, and compliance reports. One ITSM platform, one verification method, three privileged action types — that's your MVP.
Free 14-day trial with full features → Starter tier at $5/agent/month (single ITSM platform, basic verification, 5-agent minimum) → Professional at $10/agent/month (multi-platform ITSM, advanced verification methods, risk-based policies, compliance reporting) → Enterprise at $15/agent/month (SSO, custom integrations, dedicated support, SLA, manager override policies, API access). Expand via MSP partner program with volume discounts and multi-tenant management. Add-on revenue from compliance audit reports and advanced analytics.
8-14 weeks to first paying customer. Weeks 1-6: build ServiceNow MVP plugin + verification layer. Weeks 6-8: private beta with 3-5 design partners (find them in r/sysadmin, IT security communities, or MSP networks). Weeks 8-12: iterate on feedback, harden for production. Weeks 10-14: close first paid pilot. Enterprise sales will take longer (3-6 months), but MSPs and mid-market IT teams can convert faster with self-serve trials.
- “I completely fucked up and forgot to authenticate the user”
- “I reset the AD password without authenticating the user”
- “implement some automation to ensure that password resets physically cannot be processed without a 2FA code”
- “an opportunity for management to maybe add a few more guardrails”
- “SOP for password resets done over phone is to send a 2FA code but I forgot”