CIO Bulletin
Identity is at the center of how we approach protecting our cloud assets, making it essential to confirm that each identity looking to access our assets can prove that they are who they say they are and that they have the right permissions for those assets. The way we think about accessing our valuable assets has shifted significantly in recent years as work has moved out of the network and into the cloud. Organizations now depend on Software as a Service (SaaS), Infrastructure as a Service (IaaS), and other cloud services for larger portions of their operations. With the right credentials, a user can gain access to your organization’s most valuable assets like customer PII, financial data, IP, and other “Crown Jewels” that could have a sizable negative impact if exposed. Recognizing that identities are the “keys to the kingdom”, organizations are shifting their focus to how to better protect them. This means adopting a Zero Trust approach that better fits the needs of the cloud environment.
Ermetic is an identity-first cloud infrastructure security platform that provides holistic, multicloud protection in an easy-to-deploy SaaS solution. The company helps prevent breaches by continuously analyzing permissions, configurations and behavior across the full stack of identities, network, data and compute resources. Using advanced analytics to assess, prioritize and automatically remediate risks, Ermetic makes it possible to reduce your attack surface and enforce least privilege at scale even in the most complex cloud environments.
The company is led by proven technology entrepreneurs whose previous companies have been acquired by Microsoft, Palo Alto Networks and others. Ermetic has received funding from Accel, Glilot Capital Partners, Norwest Venture Partners and Target Global.
Identity-First Cloud Infrastructure Security
If you’re like many, cloud infrastructure is your new data center. It’s also an attacker’s playground. To protect it, you must reduce your attack surface and blast radius. The thousands of services, configurations, identities and policies determining access make it difficult to see into your cloud, let alone control it. Enter identity-first cloud infrastructure security – the only effective way to understand and smartly secure your AWS, Azure and GCP environments. Ermetic provides a holistic solution from asset management through anomaly detection and compliance that enables Security and DevOps teams to work together seamlessly. See and mitigate the toxic scenarios that put your data at risk and enforce least privilege – improving your cloud security posture and maturity.
Ermetic enables you to address the risk to your cloud infrastructure – identities – by detecting, prioritizing and remediating risky entitlements and misconfigurations at scale. It continuously discovers your entire multi-cloud asset inventory and applies full-stack analytics to identify risk accurately and in context. Enterprises use Ermetic to expertly manage access permissions, ensure cloud compliance and shift left on least privilege — reducing their cloud attack surface from the outside and in.
Leveraging Best-in-Class Identity-First Services and Solutions
Cloud Infrastructure Entitlements Management (CIEM): CIEM is the essential next step in your cloud security strategy. CIEM solutions constantly monitor human and service identities, permissions, and activity. Applying analytics and machine learning, CIEM continuously analyzes risk and generates least privilege access policies. Cloud Infrastructure Entitlement Management (CIEM) – also called Cloud Identity Governance (CIG) – is a security segment that addresses the need to eliminate excessive entitlements and reduce access risk. CIEM solutions automate the detection, analysis and mitigation of cloud infrastructure access risk to help organizations meet evolving protection requirements for cloud-native applications across virtual machines, containers and serverless workloads.
Shared responsibility models of cloud providers place the bulk of responsibility for securing Infrastructure as a Service (IaaS) and Platform as a Service (PaaS) on the cloud customer. This includes being responsible for securing the network controls, configurations, applications — and IAM and customer data. Getting this done in IaaS is especially hard because understanding cloud identities and their permissions to access resources is one of the most elusive and risk-bearing aspects of cloud use. CIEM protects an organization’s cloud infrastructure by automating analysis of access risk and its severity for all permissions granted to all resources across all clouds. By analyzing risk deeply, and at scale, CIEM can identify even toxic combinations of permissions that would be near-impossible to identify manually. Most importantly, robust CIEM offers suggestions for risk remediation, including policy corrections integrated across workflows, to facilitate implementation by teams and offer rapid mitigation that reduces potential damage from unintended entitlement use.
Cloud Security Posture Management (CSPM): CSPM acquires configuration data from current cloud services and monitors the data continuously for risk, making it a priority for cloud security decision makers. Meanwhile, managing cloud infrastructure entitlements (CIEM) remains the most serious risk to address. So organizations need focused resources for managing both entitlements and cloud security posture to ensure iron-clad protection. Ermetic offers a unified and robust solution for both CSPM and CIEM. Cloud Security Posture Management (CSPM) helps organizations determine that their cloud applications and services are securely configured. It offers a broad view of network, data storage and API settings. CSPM acquires configuration data from the cloud services in use and monitors the data continuously for risk. It can also analyze against compliance benchmarks to detect vulnerabilities, threats, and account hygiene violations.
Cloud Infrastructure Entitlement Management (CIEM) goes deeper, identifying all permissions across the stack to find, mitigate and pre-empt risk to identities and sensitive data. Gartner says mismanaged entitlements are the #1 source of cloud security failure – and a high priority to address.
Cloud-Native Application Protection Platform (CNAPP): CNAPP is a new cloud security approach defined by Gartner that emphasizes the need for unified lifecycle security as opposed to patchwork solutions. CNAPP encompasses a wide set of overlapping tools spanning development and production, including but not limited to: Infrastructure as Code (IaC) scanning, cloud infrastructure entitlement management (CIEM) and cloud security posture management (CSPM). CNAPP simplifies cloud security by combining the capabilities of tools such as: Cloud Security Posture Management (CSPM), Cloud Workload Protection Platforms (CWPP), and Cloud Infrastructure Entitlement Management (CIEM) in one platform. The Ermetic platform provides a strong entry point to CNAPP by delivering cloud native, context-aware security for AWS, Azure and GCP – achieved via a unique combination of cloud infrastructure entitlement management (CIEM) and cloud security posture management (CSPM). Ermetic provides deep visibility and actionable risk intelligence, automated remediation, real-time anomaly detection and compliance across your multi-cloud environment.
Public Cloud Security: Moving to the cloud is all about agility and flexibility, but comes at a cost with regard to security. With thousands of new identities, compute, data and network resources, come intricate interdependencies. It can be difficult to spot the toxic misconfigurations that pose a huge risk to your cloud. Ermetic discovers all resources, human and service identities, permissions and configurations across AWS, Azure and GCP to provide a contextual asset inventory for managing your assets. By augmenting asset findings with log details and historical activities, security practitioners can spot toxic combinations that directly impact their cloud attack surface and the damage that could follow a breach. Every cloud resource that is exposed to the public internet represents a potential entry point for malicious actors. Ermetic determines the exposure of your cloud resources by continuously assessing and prioritizing risk across the environment.
Shai Morag | Co-founder & CEO
Shai has over 20 years of product management, technology leadership and senior executive experience. Before Ermetic, Shai served as the co-founder and CEO of Secdo, a cybersecurity company, where he led the company from its inception to a successful acquisition by Palo Alto Networks for $100M in only three years. Before Secdo, Mr. Morag served as the CEO of Integrity-Project, a company specialized in connectivity, networking and security solutions. He led them to significant growth and an acquisition by Mellanox. He also served for 10 years as an officer in the IDF Intelligence Corps Unit 8200, where he held a variety of roles in management and product development, and won several national awards for excellence. Shai is a graduate of the Talpiot program and earned an MBA from Tel Aviv University.
Digital-marketing
Artificial-intelligence
Lifestyle-and-fashion
Food-and-beverage