4/24 KPMG + Permiso LUCR-3 (Scattered Spider) Threat Briefing

Illustration Cloud

Former FireEye Executives Emerge from Stealth with $10M Seed Round to Tackle Cloud Detection and Response

PALO ALTO, CA – January 18, 2022 – Permiso.io, a Palo Alto-based startup that provides the first of its kind in cloud identity detection and response for cloud infrastructures, today announced a $10 million seed funding round with participation from leading institutional investors and angels. The round was led by Point72 Ventures and included Foundation Capital, Work-Bench, 11.2 Capital, Rain Capital, as well as numerous security industry leaders such as: Jason Chan, former VP of Information Security at Netflix; Talha Tariq, Chief Security Officer at Hashicorp; Travis McPeak, Head of Product Security at Databricks; Tyler Shields, CMO at JupiterOne; and Brandon Dixon, Founder of PassiveTotal. Additionally, Sebastian Goodwin, CISO at Nutanix; Alek Armani, CISO at Sentry.io, Julien Soriano, CISO at Box; Caleb Sima, CSO at Robinhood, and Tim Byrd, CISO at TIAA have joined Permiso in advisory roles.

Permiso Investor and Advisor Jason Chan, who led Netflix’s cyber security program for ten years, is emphatic that cloud security needs to be focused on identities:

Permiso Security brings the first of its kind in cloud identity detection and response for your public cloud infrastructure. With engineering and infrastructure teams aggressively adopting public cloud, security teams are drowning under the millions of activities and changes made daily by human and machine identities. At cloud speed, the ability to identify suspicious or malicious behaviors by those identities is nearly impossible. Permiso pioneered a unique identity-based detection and response platform to profile and monitor human and machine identities and credentials for malicious or anomalous behaviors that could indicate compromised credentials, policy violations, or insider threats. Customers today leverage Permiso to gain visibility into their identity landscape to achieve these key outcomes:

  • Mature their cloud security programs – As enterprises move to cloud, identity practices move from high levels of human access and change toward primarily machine access and automated changes. Enterprises utilize Permiso to help measure their progress towards their identity and access management objectives of secure access methods and minimized human access as well as change management objectives around reducing or eliminating human driven change.

  • Detect Credential Abuse – The myriad of cloud credentials (passwords, access keys, certificates, key pairs) creates complexity in detecting potential abuse by attackers or insiders. The ability to profile each identity and credential allows Permiso to detect anomalous and malicious abuse of any cloud access credential.

  • Investigate Smarter and Faster – With over 11,000 different privileges and event types, it is impossible for security teams to remember and understand all of them. Enterprises utilize Permiso to create a cohesive story and timeline using the identity as the narrator and translator in support of their incident response and investigations.

The company is founded by Co-CEOs Paul Nguyen and Jason Martin, CTO Stephen Demjanenko, and VP of Engineering Phani Modali. Prior to founding Permiso, Nguyen was SVP of Product Strategy and Product Management, and Martin was the EVP of Global Engineering and Security Products at FireEye. They each joined FireEye separately via acquisitions of their previous companies, Invotas and Secure DNA. Demjanenko and Modali held senior engineering and product leadership roles at Meraki and FireEye respectively.

“Permiso was founded with the goal of identifying the next evolution of cloud security,” said Nguyen. “After being in the security industry for 20 years, it’s a bit of déjà vu again with cloud security. Cloud security tools today started the way we did 20 years ago with solutions to gain visibility into what’s in my environment and asking, “am I vulnerable?” We saw the next evolution with the advent of Advanced Persistent Threats back then and the emergence of detection and response solutions like FireEye which is the opportunity we see for Permiso today in public cloud.”

“We’ve done hundreds of customer interviews and worked with over 10 co-development customers over the last year and we find that when it comes to cloud infrastructure runtime security, most organizations are collecting data in their SIEM or a data lake; however, they can’t really make sense of it rapidly or in a manner that answers the questions their cloud security and infrastructure teams have,” explained Martin.

With the $10 million seed round, Permiso intends to continue scaling its engineering team, expanding its current customer footprint, and building partnerships.

“Permiso’s identity-based runtime approach bridges the current cloud security expertise gap by providing security teams with greater visibility into user activity in the cloud, resulting in better controls and more accurate remediation of malicious activity,” said Noah Carr, Partner at Point72 Ventures. “We expect Permiso to become a critical piece of the cloud security stack as organizations continue to adopt and rely on cloud infrastructure to run their businesses.”

Permiso unlocks unique visibility into my cloud infrastructure environment that I currently don’t get from a Cloud Security Posture Management (CSPM) or SIEM. The ability to measure the maturity of my identity governance program helps me proactively identify risks from insecure identity practices and detect real-time threats within my cloud infrastructure from those identities.


Erik Bataller, VP of Security at ACV Auctions, a Permiso customer

Identity is the silver bullet in the cloud. If you don’t get it right, you’re dead!


Jason Chan, Former VP of Information Security at Netflix

About Permiso

Permiso uncovers intent behind every behavior in your cloud environments by providing visibility for identities in your cloud infrastructure at runtime to give you insights into who is in your environment and what they are doing. By making identity the anchor of your cloud security posture, Permiso allows for easy and efficient attribution of access, activity, and changes occurring in monitored environments, turning your team into cloud heroes with a few clicks.

Illustration Cloud

Related Articles

Permiso Launches Cloud Console Cartographer to Help Security Teams Make Sense of Console Activity in Cloud Logs

The open-source tool helps security teams easily transcribe log activity generated from events of AWS console sessions

Permiso Raises $18.5M Series A To Unify Threat Detection and Response In The Cloud

Permiso’s product offers a deep library of detection signals from known TTPs of modern threat actors and spans coverage across the cloud’s attack surface to detect threats in the cloud more quickly than ever

Permiso Launches CloudGrappler To Help Security Teams Better Detect Threat Actors In Their Cloud Environments

Free open source tool detects activity in cloud environments related to well-known threat actors such as LUCR-3 (Scattered Spider), the group responsible for MGM and Caesars breaches last September

View more posts