We are excited to bring Transform 2022 back in-person July 19 and virtually July 20 - 28. Join AI and data leaders for insightful talks and exciting networking opportunities. Register today!
Ermetic, which today announced a $70 million series B funding round, said that its platform for securing cloud infrastructure by focusing on identity security and reducing the attack surface across a multi-cloud deployment has expanded to hundreds of customers so far. The startup aims to grow rapidly in 2022 and ultimately to build a “very big company” around its unique approach to cloud and container security, cofounder and CEO Shai Morag told VentureBeat.
“This is probably the biggest opportunity in security in the last decade,” Morag said in an interview. “Cloud infrastructure is becoming the new datacenter. Everyone’s going to cloud infrastructure. Everyone needs it to support their digital transformation.”
However, issues such as misconfigurations and permissions errors have led to major security issues for many organizations in the cloud. A recent report from Fugue and Sonatype found that 36% of organizations had suffered a serious cloud data leak or a breach over the previous 12 months.
Reduced attack surface
Ermetic’s platform brings automation to enable businesses to dramatically reduce their attack surface — that is, to reduce the places where a business is vulnerable — by focusing on securing identities and permissions, according to Morag. Cloud security problems, he said, are “all about the access. It’s all about the identities that are over-privileged.”
The Ermetic platform works by connecting to an API and collecting all of a customer’s metadata — all the configurations, permission structures, and activities. It then proceeds to map out everything it’s found in order to provide customers with enhanced visibility. “It gives you the visibility of what resources you have, what identities you have in your environment, who’s accessing what, and who can access what in your environment,” Morag said.
The platform then shows customers where they have permissions issues, such as identities that are “over-privileged” by having the improper access. Finally, Ermetic enables remediation of the issues, either automatically or manually.
“We believe that in order to reduce the ‘blast radius’ as much as possible, you really want to make sure that you achieve least privilege,” Morag said. “You want to make sure that there is no unnecessary risk. This is what we help customers do.”
In the crowded cloud security space, Ermetic stands out by being the “only vendor” that takes an “identity-first” approach to securing cloud environments, he said.
Ermetic also brings a multi-cloud orientation, with the ability to work across the three largest cloud providers — Amazon Web Services (AWS), Microsoft Azure, and Google Cloud. Meanwhile, the platform is expanding its support for Kubernetes container orchestration, “which is like the fourth cloud — because eventually you need to dive deeper into the Kubernetes layer,” Morag said.
Along with expanding Kubernetes support, other plans for the platform in 2022 include strengthening its capabilities on the network side, providing greater “coupling between identity and network in the cloud,” he said.
Additionally, Ermetic plans to improve and expand its capabilities around infrastructure as code (IaC). Currently, when the company’s solution finds a misconfiguration, it generates Terraform or AWS CloudFormation code that enables the customer to fix the issue directly in the code. Looking ahead, Ermetic aims to help customers to spot misconfigurations in the code itself, from the get-go, before the code is released.
Founded in 2019, Ermetic expects that its revenue will grow at least 5X in 2021 compared to last year, Morag said.
Among the startup’s hundreds of customers are companies including Alkami, AppsFlyer, Beth Israel Lahey Health, Dataminr, IntelyCare, IronSource, Latch, Riskified, Symphony Talent, Tyler Technologies, and Wex.
With the help of the new funding, Ermetic aims to continue its strong growth pace in 2022, in markets that include the U.S., Europe, the Middle East and Africa, and Asia Pacific. Tel Aviv, Israel-based Ermetic currently employs 110, and expects to reach 170 within six months, Morag said.
The company’s series B round was led by Qumra Capital, and included participation from Forgepoint Capital, Accel, Glilot Capital Partners, Norwest Venture Partners, and Target Global. Ermetic has now raised a total of $100 million in funding to date. The company did not disclose its valuation.
Along with Morag, the company’s founding team includes chief business officer Arick Goomanovsky, chief technology officer Michael Dolinsky, and chief product officer Sivan Krigsman.
Morag previously cofounded Secdo, acquired by Palo Alto Networks, while Goomanovsky previously cofounded Sygnia Consulting, acquired by Temasek Holdings. Dolinsky previously cofounded Aorato — where Krigsman was the first employee, and which went on to be acquired by Microsoft.
VentureBeat's mission is to be a digital town square for technical decision-makers to gain knowledge about transformative enterprise technology and transact. Learn more about membership.