Did you miss a session from the Future of Work Summit? Visit our Future of Work Summit on-demand library to stream.
Permiso, which provides an identity-based search and response platform for the public cloud, announced today that it has stepped out of stealth with બીજ 10 million in seed funding. The Palo Alto, California-based startup says its platform is “the first of its kind” and is a direct response to the complexity of trying to use identity and access management in public cloud infrastructures.
Focuses on providing visibility in identity in the cloud infrastructure at runtime with profiling of product behaviors – according to the company, ultimately enabling improved search and response to security issues in the cloud. Today the platform in relation to getting out of the steam of Permiso starts in general availability.
Identity based approach
The startup is led by two co-CEOs, Paul Nguyen and Jason Martin, who previously held executive roles at the cybersecurity firm FireI. With that experience, Jason Chan, formerly vice president of information security at Netflix, and 150 “customer search” conversations over the past two years, have been focused on production by consultants like Jason Chan, Nguyen told VentureBeat.
“We realized that an identity-based approach to search and response was fundamental to the public cloud because most violations today arise from identity-related issues,” Nguyen said in an email. “Our clients have constantly brought to the cloud the complexity of identification and access management and the sensitivity to make mistakes that could lead to unintentional breaches.”
Consumers also pointed out the difficulty in answering questions about who is in their environment, what they are doing there and whether the activity is normal, suspicious or malicious, he said.
“Permiso saw this as a unique opportunity to use identity as the center of description, as opposed to today’s approach, which is very wealth-centered,” Nguyen said.
Managing and securing digital identities is notoriously difficult for an enterprise, and for many cybersecurity professionals it has become even more complicated to move to the cloud with a short supply of cloud security skills and a straightforward learning curve. A recent study conducted by One Identity found that almost all organizations – 95% – report challenges in digital identity management.
Permiso’s solution to the issue of complexity is to translate the millions of events that occur every day in the organization’s public cloud environment into a simple “security language” that allows security professionals to understand what’s going on without the need to become an expert, Nguyen said.
The platform works by monitoring cloud identities જેમાં including both human and machine identities અને and profiling identities to detect inconsistent or potentially malicious behaviors. These behaviors can be a sign of issues such as identity card compromises, policy violations, or internal threats.
Permiso gives customers the ability to combine the observed activity with a specific identity to create a variety of events together, Nguyen said. This enables customers to “quickly tell the story of ‘whodunit’ and convict in seconds whether the activity is malicious.”
The goal is to “reduce the security analysis cycle from inspection to decision and action,” he said.
All of this sets Permis’ offer apart from the tools for Cloud Security Posture Management (CSPM), Nguyen noted. While CSPM focuses primarily on configuration and compliance, the company’s platform focuses on what the cloud infrastructure environment is really doing, he said.
While the Permiso product is now reaching general availability, the company said it has been working with 10 co-development customers since last year and hopes to convert it into paying customers. Of those, Fortune 100 is a healthcare company and multiple Fortune 100 tech companies, the company said.
The startup has two paid customers so far, including ACV Auctions, a wholesale automotive marketplace. Permiso landed those customers in its private beta for about six months at the end of 2021.
Eric Butler, vice president of information security for the ACV auction, said in a news release that Permiso provides visibility that is not available from CSPM and SIEM (security information and event management) tools. Permiso helps ACV evaluate the maturity of its identity governance program, actively identify vulnerable practices around identity, and “detect real-time threats to my cloud infrastructure from those identities,” he said.
The company is now announcing a બીજ 10 million seed fund, including a small angel round that was raised earlier.
Funding was led by Point72 Ventures, along with other supporters, including Foundation Capital, Work-Bench, 11.2 Capital, and Rain Capital.
Participants in the round included Chan; Talha Tariq, Chief Security Officer of Hashikorp; Travis McPick, Head of Product Safety at Databrix; Tyler Shields, Chief Marketing Officer at JupiterOne; And Brandon Dixon of Microsoft (which he joined through the acquisition of RiskIQ).
The funding will allow the startup to “scale its engineering and threat research teams to deliver customer value and increase our momentum in enhancing our threat research capabilities,” Nguyen said.
Permiso currently has a team of 15 people, and he expects it to double in six months and triple in 12 months, he said.
The startup was founded in April 2020 by Nguyen, Martin and two other members of the executive team – Chief Technology Officer Stephen Demjanenko and Funny Vice President of Engineering Funny Modley. Three of the four came from FireEye – Nguyen previously served as Senior Vice President of Product Strategy and Product Management, Martin as Executive Vice President of Global Engineering and Safety Products and Modali as Vice President of Engineering. Demjanenko was previously a senior member of the engineering team at Cisco Meraki.
With the new funding, the effort around production will include expansion integration and visibility among cloud service providers and identity providers, Nguyen said.
He said the company would continue to develop and manufacture additional detection models and publish research. “We are already seeing emerging risks related to vendor risk and malicious patterns of behavior in the areas of compromised credentials,” Nguyen said.
While startups recognize that AI and machine learning (ML) can help identify signals across large data sets, “Currently, our focus is more on ‘intelligence growth’. We believe that the human mind is still the most powerful tool for determining whether something looks suspicious, malicious or normal, “he said.
The startup is currently focused on creating an elegant production experience that provides analysts with accurate and properly curated information when needed, ”Nguyen said over a set of signals.
That said, the company is investing heavily in data science and threat research to develop ML models and classifiers that could support its ability to bring information and alerts to the surface for consumers, he said.
“Creating extraordinary products means first creating an experience that allows for quick realization by humans and then computing the process computationally and taking advantage of AI and ML where appropriate,” Nguyen said. “We see a lot of companies that focus more on their models and forget about the users of their product. We believe that by focusing on the user and using AI and ML properly, we will supercharge our customers’ cloud detection and response capabilities. “
VentureBeat’s mission is to become a digital town square for technical decision makers to gain knowledge about transformative technology and practices. Our site delivers essential information on data technologies and strategies so you can lead your organizations. We invite you to access, to become a member of our community:
- Up-to-date information on topics of interest to you
- Our newsletters
- Gated idea-leader content and discounted access to our precious events, such as Transform 2021: Learn more
- Networking features and more
Become a member