Gem Security, a New York- and Tel Aviv-based startup that is building a cloud threat detection, investigation and response (TDIR) platform, is coming out of stealth today and announced an $11 million seed funding round led by Team8. With support for all of the major cloud platforms like AWS, Azure, Google Cloud and Kubernetes, Gem Security promises to provide security teams with a single streamlined tool to discover all their cloud assets and the real-time threat detection and contextualized alerts to ensure that they remain secure, in part by automating a large part of a company’s cloud security operations.
The company was co-founded by CEO Arie Zilberstein, CTO Ron Konigsberg and VP of Product Ofir Brukner. Like so many other Israeli security startup founders, the team previously held roles in Israel’s Unit 8200, as well as at cybersecurity company Sygnia. At Sygnia, Zilberstein told me, the team noticed that attacks in the cloud were becoming more common and that these cloud attacks were quite hard for security teams to detect and contain.
“By the time we were brought in to respond, it was often too late,” he said. “We realized these problems stemmed from the fact that detection and response tooling for the cloud just wasn’t there. On the endpoint, organizations had specialized endpoint detection and response technology that gave security operations teams a solid platform for investigation and containment. The cloud is no less complicated than the endpoint, but the equivalent technology just didn’t exist. All the cloud security tooling focused on security posture and attack prevention — this is important, but SecOps teams were on their own when they were actually under attack.”
He noted that most of the existing tools the team saw in the marketplace focused on prevention. That’s important but not enough, the team believed and decided to focus on real-time detection and mitigation. “We recognize that attacks are inevitable and security is imperfect, bringing the “assume breach” approach into the cloud era. We see this as the next frontier of cloud security technology and believe other vendors will follow,” said Zilberstein.
And while the cloud platforms also offer their own security tools, the Gem Security team believes that it is able to take a more holistic service that can ingest data from more sources (think identity providers, code repositors and other security tools) and — maybe even more importantly — perform better in multi-cloud environments.
The team also noted that its service is able to generate higher fidelity alerts for SecOps teams and cut down on the notification noise that often numbs modern security teams. “Our detection engine starts with our own library of cloud-specific tactics, techniques and procedures (TTPs) informed by our experience in incident response and sourced from both internal and external threat research,” Zilberstein explained. “We layer cloud entity behavioral analytics on top of these TTPs to automatically tailor detection for the context of a particular environment. The combination of both TTPs and behavioral analytics is much more powerful than either approach is on its own.”
While the company isn’t able to disclose any customers yet, the team says it is working with a number of companies already, including Fortune 500 firms.
“Gem’s unique platform offers a first-of-its-kind solution to deal with the inevitable attacks on cloud environments, and is based on an intuitive, automatic, and efficient approach that allows organizations to identify cloud security events in real-time; investigate them based on behavior analysis and threat intelligence; respond quickly, and enable isolation of the threat. All this — to minimize the impact of cloud attacks,” explained Nadav Zafrir, managing partner at Team8 Group and the former head of Unit 8200.