Concept: Isreali cloud security startup Ermetic has developed an identity-first cloud infrastructure security platform that provides multi-cloud protection in an easy-to-deploy SaaS solution. The new platform enables the users to address the risk to cloud infrastructure by detecting, prioritizing, and remediating risky entitlements and misconfigurations at scale. The new platform leverages full-stack analytics to identify risk accurately and in context.
Nature of Disruption: The startup provides a comprehensive platform that detects and prevents security threats across different cloud places including AWS, Google Cloud, and Microsoft Azure. It claims that the new platform combines Cloud Infrastructure Entitlement Management (CIEM) and Cloud Security Posture Management (CSPM) to provide the visibility and automation customers require to protect their cloud platforms in one place. CIEM reduces an organization’s cloud attack surface and risk from lateral movement upon a cloud data breach by identifying all cloud identities and detecting and mitigating excessive entitlements. CSPM enables the organization to determine whether its cloud applications and services are securely configured. It acquires configuration data from the cloud services in use and monitors the data continuously for risk. Seemingly, CSPM can analyze against compliance benchmarks to detect vulnerabilities, threats, and account hygiene violations. By integrating both functionalities into a single platform, Ermetic enables users to address two key elements of cloud security including the detection and visualizing of attack vectors in the cloud configuration and access permissions, and full-stack visibility into identity entitlements and resource settings to understand and manage cloud risk.
Outlook: The primary threat to cloud infrastructure is entitlements and permissions because identifying risky permissions and misconfigurations is very difficult. It requires insight into the access that all users and services have and need. The new platform enables organizations to overcome the identity and access threat to their cloud infrastructure. It helps prevent breaches by continuously analyzing permissions, configurations, and behavior across the full stack of identities, network, data, and compute resources. In December 2021, the startup raised $70M in Series B funding led by Qumra Capital and participation from Forgepoint Capital, Accel, Glilot Capital Partners, Norwest Venture Partners, and Target Global. It aims to use the new funding to recruit new talents and expand its geographic presence.