CloudGrappler: An open-source threat detection tool for AWS and Azure

Illustration Cloud

Permiso Raises $18.5M Series A To Unify Threat Detection and Response In The Cloud

Permiso’s product offers a deep library of detection signals from known TTPs of modern threat actors and spans coverage across the cloud’s attack surface to detect threats in the cloud more quickly than ever 

PALO ALTO, CA – April 3, 2024 – After successfully detecting cloud identity-based attacks that bypassed existing security solutions and closing multiple six and seven figure license deals with Fortune 500 customers, Permiso has raised a $18.5m Series A led by Altimeter Capital with participation from Point72 Ventures. Permiso's unique library of detection signals feeds into their unified threat prevention, detection and response platform to provide organizations unprecedented visibility into their cloud environments.  

“Permiso has proven to be indispensable to the way we manage and secure identities across multiple cloud environments,” said Sebastian Goodwin, Chief Trust Officer at Autodesk. “The ability to correlate runtime behavior with static risk analysis across our identity providers, cloud service providers, SaaS applications and CI/CD pipelines enables my team to quickly detect suspicious activity in our environment, supporting my team’s mission to protect customer data and provide resilient cloud service to our customers.” 

After MGM and Caesars were targeted by LUCR-3 (Scattered Spider) last September, multiple casino groups turned to Permiso’s platform to help defend all layers of their cloud attack surface. In several other instances, Permiso was brought in to help victim organizations that were previously targeted connect the dots of activity in their environment that incumbent, enterprise systems couldn’t provide.  

“We were initially captivated with the impressive commercial traction and love from customers. These customers made it clear that Permiso had rapidly become as critical a pillar in their cloud security stack as Wiz, CrowdStrike, and Palo Alto Networks. Jason and Paul's clarity of vision in anticipating this market need, intimately understanding why other cloud security technologies can't adequately detect identity-based threats at scale, and the completeness of their approach for providing technology to fill those gaps is what gave us conviction to invest,” said Erik Kriessmann, Partner at Altimeter.

Permiso creates a composite, ‘meta’ identity to unify the disparate human and non-human identities within an enterprise and synthesize their runtime activity across the cloud’s attack surface. By providing multi-plane coverage across the layers of cloud environments, Permiso constructs user sessions from disparate runtime events that provides security teams the answer to the question ‘what happened in my environment, and should I be concerned?’  

“We don’t think in product acronyms when figuring out what detections to build - we observe threat actors in the cloud and follow them wherever they go to build detections in our product that find threat actors quickly and help our customers sleep better at night,” says Ian Ahl, SVP of Permiso’s cloud security research group P0 labs and former head of the Mandiant Advanced Practices and Adversary methods team. 

Tracking threat actor activity across authentication boundaries poses serious challenges for security teams. By tracking all entities that are configured to access an environment, whether through federation, role assumption, access tokens, or direct login – Permiso’s run-time graph and activity analysis engine creates high fidelity alerts with immediate attribution and context.  

“Over the course of many of their campaigns, threat actor groups have demonstrated how they are able to target the identity provider and move seamlessly from the IDP to cloud hosting providers, and into SaaS and CI/CD environments,” explained Co-founder and Co-CEO Jason Martin. “By correlating runtime activity across boundaries with static, posture-based information, Permiso can not only help organizations find evil across their cloud environments more quickly than ever, but also use our run-time graph data to make better decisions around control improvements needed to secure their human and non-human identities.” 

After delivering for customers and significantly increasing revenue since their seed round, Permiso will use this Series A to rapidly increase integrations and introduce new product capabilities to their customers and the market.  

Permiso emerged from stealth mode in 2022 and was named as one of the SINET16 Innovators. This prestigious award recognizes the 16 most innovative and compelling cybersecurity companies from around the world. Prior to this, they raised a $10m seed funding round from Point72 Ventures, Foundation Capital, 11.2 Capital, WorkBench Capital, and prominent angel investors from the security community. 

About Permiso 

Permiso is a threat detection company that finds evil in cloud-based environments. Detection in Identity, Cloud, and SaaS environments has suffered too long from a one size fits all SIEM approach. Modern environments require a purpose-built platform. Permiso uses human non-human identity attribution to pair runtime and static data in cloud and SaaS into complete sessions where detections no longer have to rely on single events and no context. Permiso’s platform provides high fidelity, high resiliency, and maximum context for actionable detections that cut through the noise. By analyzing human and non-human identity entitlements and behavior across authentication boundaries, Permiso gives companies a complete picture of every entity operating in and across their cloud environments and does not allow threat actors to hide in silos of overwhelming cloud activity data. For more information, please visit our website or find us on Twitter and LinkedIn. 

Illustration Cloud

Related Articles

LUCR-3: Scattered Spider Getting SaaS-y in the Cloud

Summary LUCR-3 overlaps with groups such as Scattered Spider, Oktapus, UNC3944, and STORM-0875 and is a financially motivated attacker that leverages the Identity Provider (IDP) as initial access into an environment with the goal of stealing

Introducing CloudGrappler: A Powerful Open-Source Threat Detection Tool for Cloud Environments

IntroductionWith the increased activity of threat actor groups like LUCR-3 (Scattered Spider) over the last year, being able to detect the presence of these threat groups in cloud environments continues to present a significant challenge to most

Agile Approach to mass cloud credential harvesting and crypto mining sprints ahead

Summary Developers are not the only people who have adopted the agile methodology for their development processes. From 2023-06-15 to 2023-07-11, Permiso Security’s p0 Labs team identified and tracked an attacker developing and deploying eight (8)

View more posts