After successfully detecting cloud identity-based attacks that bypassed existing security solutions and closing multiple six and seven-figure licence deals with Fortune 500 customers, Permiso has raised a $18.5m Series A led by Altimeter Capital with participation from Point72 Ventures.
Permiso's unique library of detection signals feeds into their unified threat prevention, detection and response platform to provide organisations unprecedented visibility into their cloud environments.
Static risk analysis
“Permiso has proven to be indispensable to the way we manage and secure identities across multiple cloud environments,” said Sebastian Goodwin, Chief Trust Officer at Autodesk.
“The ability to correlate runtime behaviour with static risk analysis across our identity providers, cloud service providers, SaaS applications and CI/CD pipelines enables my team to quickly detect suspicious activity in our environment, supporting my team’s mission to protect customer data and provide resilient cloud service to our customers.”
Permiso’s platform
Permiso was got in to help victim organisations that were once targeted connect the dots
After MGM and Caesars were targeted by LUCR-3 (Scattered Spider) last September, multiple casino groups turned to Permiso’s platform to help defend all layers of their cloud attack surface. In several other instances, Permiso was brought in to help victim organisations that were previously targeted connect the dots of activity in their environment that incumbent, enterprise systems couldn’t provide.
“We were initially captivated with the impressive commercial traction and love from customers. These customers made it clear that Permiso had rapidly become as critical a pillar in their cloud security stack as Wiz, CrowdStrike, and Palo Alto Networks. Jason and Paul's clarity of vision in anticipating this market need, intimately understanding why other cloud security technologies can't adequately detect identity-based threats at scale, and the completeness of their approach for providing technology to fill those gaps is what gave us conviction to invest,” said Erik Kriessmann, Partner at Altimeter.
Disparate runtime events
Permiso creates a composite, ‘meta’ identity to unify the disparate human and non-human identities within an enterprise and synthesise their runtime activity across the cloud’s attack surface. By providing multi-plane coverage across the layers of cloud environments, Permiso constructs user sessions from disparate runtime events that provide security teams the answer to the question ‘what happened in my environment, and should I be concerned?’
Permiso creates a composite, ‘meta’ identity to unify the disparate human and non-human identities
“We don’t think in product acronyms when figuring out what detections to build - we observe threat actors in the cloud and follow them wherever they go to build detections in our product that find threat actors quickly and help our customers sleep better at night,” says Ian Ahl, SVP of Permiso’s cloud security research group P0 labs and former head of the Mandiant Advanced Practices and Adversary methods team.
Permiso’s run-time graph
Tracking threat actor activity across authentication boundaries poses serious challenges for security teams. By tracking all entities that are configured to access an environment, whether through federation, role assumption, access tokens, or direct login – Permiso’s run-time graph and activity analysis engine creates high-fidelity alerts with immediate attribution and context.
Permiso’s run-time graph and activity analysis engine creates high-fidelity alerts with immediate attribution
“Over the course of many of their campaigns, threat actor groups have demonstrated how they are able to target the identity provider and move seamlessly from the IDP to cloud hosting providers, and into SaaS and CI/CD environments,” explained Co-founder and Co-CEO Jason Martin. “By correlating runtime activity across boundaries with static, posture-based information, Permiso can not only help organisations find evil across their cloud environments more quickly than ever, but also use our run-time graph data to make better decisions around control improvements needed to secure their human and non-human identities.”
New product capabilities
After delivering for customers and significantly increasing revenue since their seed round, Permiso will use this Series A to rapidly increase integrations and introduce new product capabilities to their customers and the market.
Permiso emerged from stealth mode in 2022 and was named as one of the SINET16 Innovators. This prestigious award recognises the 16 most innovative and compelling cybersecurity companies from around the world. Prior to this, they raised a $10m seed funding round from Point72 Ventures, Foundation Capital, 11.2 Capital, WorkBench Capital, and prominent angel investors from the security community.