Ermetic Enables Organizations to Protect Cloud Workloads from Breaches by Exposing and Remediating High Risk Threats

Company Extends Cloud Native Application Protection Platform with Full Stack Context into Vulnerabilities and Misconfigurations

Ermetic Team By Ermetic Team
Ermetic Enables Organizations to Protect Cloud Workloads from Breaches by Exposing and Remediating High Risk Threats

BOSTON and TEL AVIV, Jan. 25, 2023 -- Ermetic, the cloud infrastructure security company, today announced it has extended its Cloud Native Application Protection Platform (CNAPP) with cloud workload protection capabilities that enable customers to detect, prevent and remediate security risks in virtual machines, containers and serverless functions. Using context that spans infrastructure configurations, network, access entitlements and other settings, Ermetic identifies and prioritizes threats on AWS, GCP and Microsoft Azure that require immediate attention. This full stack approach automates cloud workload protection against breaches, while allowing organizations to satisfy compliance requirements and implement industry best practices.

According to Gartner, Inc., “Optimal security of cloud-native applications requires an integrated approach that starts in development and extends to runtime protection. SRM (security risk management) leaders should evaluate emerging cloud-native application protection platforms that provide a complete life cycle approach for security.”1

Ermetic uses an agentless approach to efficiently scan workloads - including virtual machines, container images, runtime containers and serverless functions - for critical risks. The platform enables organizations to secure their cloud and maintain compliance by detecting vulnerabilities, exposed secrets, sensitive data, malware and misconfigurations. Stand-alone Cloud Workload Protection solutions can generate a large volume of alerts. In isolation, determining which are most serious and need immediate attention is manually intensive and time consuming. In contrast, Ermetic puts workload risks in context, automatically prioritizing and facilitating remediation.

“Protecting cloud workloads from breaches requires a continuous and full stack assessment of installed software, the operating system, configurations, access entitlements, suspicious activity and more,” said Sivan Krigsman, Chief Product Officer at Ermetic. “With our platform's unmatched, end-to-end insight into cloud workloads, Ermetic enables security and DevSecOps teams to prioritize remediation by identifying resources that are exposed to threats or have the largest blast radius.”

Holistic Cloud Workload Protection
The Ermetic CNAPP provides enriched cloud workload protection not available from single purpose products. Using an identity-first approach Ermetic unifies workload protection with cloud infrastructure entitlement management (CIEM) and cloud security posture management (CSPM) to provide deep, centralized visibility into all of the resources in the cloud environment. These capabilities enable the Ermetic CNAPP to deliver comprehensive cloud workload protection that covers:

  • Detection of installed packages, software vulnerabilities, stored secrets, sensitive customer data, malware and configuration errors
  • Protection for virtual machines, K8S Clusters, container images and serverless functions
  • Vulnerability assessment and visualization into cloud workload risk with intelligence gathered across virtual machines, serverless functions, container images and Kubernetes clusters
  • Risk-based prioritization that correlates vulnerabilities across operating system packages, applications and libraries with additional workload characteristics, such as network exposure and permission levels
  • Help in achieving compliance with standards that mandate a vulnerability management program, such as AWS Well Architected, CSA, NIST, ISO 27001 and SOC II.

1 Gartner, Inc., Innovation Insight for Cloud-Native Application Protection Platforms, 25 August 2021, Neil MacDonald, Charlie Winckless.

The new cloud workload protection capabilities are available immediately in the Ermetic CNAPP from Ermetic and its business partners worldwide.

About Ermetic
Ermetic reveals and prioritizes security gaps in AWS, Azure and GCP and enables organizations to remediate them immediately. The Ermetic cloud native application protection platform (CNAPP) uses an identity-first approach to unify and automate cloud infrastructure entitlement management (CIEM), cloud security posture management (CSPM), cloud workload protection and IaC security posture management. It unifies full asset discovery, deep risk analysis, runtime threat detection and compliance reporting, combined with pinpoint visualization and step-by-step guidance. The company is led by proven technology entrepreneurs whose previous companies have been acquired by Microsoft, Palo Alto Networks and others. Ermetic has received funding from Accel, Forgepoint, Glilot Capital Partners, Norwest Venture Partners, Qumra Capital and Target Global. Visit us at and follow us on LinkedIn, Twitter and Facebook.

Media Contact:
Marc Gendron
Marc Gendron PR for Ermetic