Are you ready to bring more awareness to your brand? Consider becoming a sponsor for The AI Impact Tour. Learn more about the opportunities here.

Permiso, which offers an identity-based detection and response platform for the public cloud, today announced it has emerged from stealth with $10 million in seed funding. The Palo Alto-based startup says that its platform is the “first of its kind” and a direct answer to the complexity of trying to utilize identity and access management in public cloud infrastructures.

The product focuses on providing visibility into identities in cloud infrastructure at runtime along with profiling of behaviors — ultimately enabling improved detection and response for security issues in the cloud, according to the company. The platform launches into general availability in connection with Permiso’s exit from stealth today.

Identity-based approach

The startup is led by two co-CEOs, Paul Nguyen and Jason Martin, who formerly held executive roles at cybersecurity firm FireEye. Along with that experience, the product focus has been informed by advisors such as Jason Chan, formerly the vice president of information security at Netflix, and by 150 “customer discovery” conversations held over the past two years, Nguyen told VentureBeat.

“We realized that an identity-based approach to detection and response for public cloud was foundational since the majority of breaches today stem from identity-related issues,” Nguyen said in an email. “Our customers consistently brought up the complexity of identity and access management in cloud and the susceptibility to making mistakes that would inadvertently lead to breaches.”

VB Event

The AI Impact Tour

Connect with the enterprise AI community at VentureBeat’s AI Impact Tour coming to a city near you!


Learn More

Customers also pointed to the difficulty of answering questions about who’s in their environment, what they’re doing there, and whether the activity is normal, suspicious, or malicious, he said.

“Permiso saw this as a unique opportunity to use identity as the center of the narrative, versus today’s approach, which is very asset-centric,” Nguyen said.

Learning curve

Managing and securing digital identities is notoriously difficult for enterprises, and has only been complicated further by the move to the cloud — with cloud security skills in short supply and steep learning curves for many cybersecurity professionals. A recent study commissioned by One Identity found that nearly all organizations (95%) report challenges in digital identity management.

Permiso’s solution to the complexity issue is to translate the millions of events that occur daily in an organization’s public cloud environments into a simplified “security language,” allowing security professionals to understand what’s going on without needing to be an expert, Nguyen said.

The platform works by monitoring cloud identities — including both human and machine identities — and profiling the identities in order to detect anomalous or potentially malicious behaviors. These behaviors could be a sign of issues such as a compromise of credentials, a policy violation, or an insider threat.

Permiso provides customers with the ability to piece different events together by tying observed activity to a specific identity, Nguyen said. This enables customers to “quickly tell a story of ‘whodunit’ and convict on whether the activity is malicious within seconds.”

The goal is to “reduce the security analysis cycle from observation to decision and action,” he said.

All of this makes Permiso’s offering distinct from tools for cloud security posture management (CSPM), Nguyen noted. While CSPMs focus mainly on configuration and compliance, the company’s platform is focused on what the identities are actually doing in a cloud infrastructure environment, he said.

Customer traction

While Permiso’s product is only now reaching general availability, the company said it has been working with 10 co-development customers over the last year that its hopes to convert into paying customers. Among them are a Fortune 100 healthcare company and multiple Fortune 100 tech companies, the company said.

The startup has two paying customers so far, including ACV Auctions, a wholesale automative marketplace. Permiso landed those customers at the end of 2021, about six months into its private beta.

Erik Bataller, vice president of information security for ACV Auctions, said in a news release that Permiso provides visibility not available from CSPM and SIEM (security information and event management) tools. Permiso helps enable ACV to assess the maturity of its identity governance program, proactively identify insecure practices around identities, and “detect real-time threats within my cloud infrastructure from those identities,” he said.

Growth funding

The $10 million in seed funding now being announced by the company includes a small angel round that was raised previously.

The funding was led by Point72 Ventures, with other backers including Foundation Capital, Work-Bench, 11.2 Capital, and Rain Capital.

Individuals who participated in the round included Chan; Talha Tariq, chief security officer at Hashicorp; Travis McPeak, head of product security at Databricks; Tyler Shields, chief marketing officer at JupiterOne; and Brandon Dixon of Microsoft (which he joined through the acquisition of RiskIQ).

The funding will allow the startup to “scale its engineering and threat research teams to increase our velocity in delivering customer value and increasing our threat research capabilities,” Nguyen said.

Permiso currently has a team of 15 people, and expects to double that within six months and triple that in 12 months, he said.

The startup was founded in April 2020 by Nguyen, Martin, and two other members of the executive team — chief technology officer Stephen Demjanenko and vice president of engineering Phani Modali. Three of four came from FireEye — Nguyen previously served as senior vice president of product strategy and product management, Martin had been executive vice president of global engineering and security products, and Modali had served as vice president of engineering. Demjanenko had previously been a senior member of the engineering team at Cisco Meraki.

Product plans

With the new funding in hand, efforts around the product will include expanding integrations and visibility across cloud service providers and identity providers, Nguyen said.

The company will also continue to enhance and build additional detection models and publish research, he said. “We are already seeing emerging threats related to malicious patterns of behavior in the areas of vendor risk and compromised credentials,” Nguyen said.

While the startup recognizes that AI and machine learning (ML) can help to identify signals in large data sets, “right now, our focus is more on ‘intelligence augmentation.’ Our belief is that the human mind is still the most powerful tools for deciding if something looks suspicious, malicious or normal,” he said.

The startup is “currently focused on creating an elegant product experience that provides the appropriate and properly curated information to an analyst when they need it” on a set of signals, Nguyen said.

That being said, the company is investing heavily on data science and threat research to develop ML models and classifiers that can support its ability to surface information and alerts for customers, he said.

“Building exceptional products means first creating an experience that allows for rapid conviction by a human and then codifying that process computationally and leveraging AI and ML where appropriate,” Nguyen said. “We see too many companies that focus more on their models and forget about the users of their product. We believe that by focusing on the user and using AI and ML in the right way, we will supercharge our customers cloud detection and response capabilities.”

VentureBeat's mission is to be a digital town square for technical decision-makers to gain knowledge about transformative enterprise technology and transact. Discover our Briefings.