It’s a new beginning! Ermetic is now Tenable Cloud Security.

Assess Multi-Cloud Security with the Open-Source CNAPPgoat Project

New open-source CNAPPgoat project helps organizations assess multi-cloud security and their tools

Ermetic announces CNAPPgoat, a new open-source project for cloud security testing

Silicon Angle shares about our newest open-source project CNAPPgoat, which enables organizations to safely test processes and tools

Reducing Security Debt in the Cloud

Security debt exists on premises and in cloud platforms — but preventing it from accumulating in the cloud requires different skills, processes and tools

Why Compliance In The Cloud Is A Multi-Faceted Problem

In his latest article for the Forbes Technology Council, Ermetic co-foundfer and CEO Shai Morag explores the challenges of achieving compliance in the cloud.

CNAPPs: The Business Case For Automating Cloud Security

Ermetic CEO Shai Morag writes for Solutions Review, where he gives an overview of CNAPPs and makes the case for automating enterprise cloud security

The 10 Hottest Cybersecurity Startups In 2023 (So Far)

CRN names Ermetic one of the top ten cybersecurity startups that stood out from the pack in the first half of 2023

Azure API Management flaws highlight server-side request forgery risks in API development

New SSRF vulnerabilities highlight the weaknesses of using blacklisting techniques as a defense mechanism

Forbes Tech Council: The Cloud Security Dilemma

I suggest a systematic evaluation of risk and effort required to minimize that risk, to rank damage potential and likelihood of attack.

Achieving Kubernetes Security Posture Management (KSPM)

Kubernetes introduces powerful management capabilities, but it also presents some formidable security challenges—especially in multi-cloud environments.

Top Security Takeaways from Cloud Savvy Organizations

From conversations with customers in industries that are in advanced stages of cloud adoption, Ermetic's Moshe Ben Dahan shares key takeaways

Microsoft Patches Serious Azure Cloud Security Flaws

A recent article in Dark Reading takes a look at the vulnerabilities Ermetic found in Azure's API Management Service that could allow access sensitive data.

Ermetic Researchers Discover 3 Vulnerabilities in Microsoft Azure API Management Service

New security flaws have been disclosed in Azure API Management service that could be abused to gain access to sensitive information or backend services.

Using Just-in-time Access to Reduce Cloud Security Risk

Ermetic co-founder explains how implementing JIT helps security teams move closer to achieving a least-privilege model and implementing zero trust security.

Ermetic Named Best Cloud Native Application Protection Platform of the Year at RSA Conference 2023

Ermetic Platform recognized in Global InfoSec Awards by Cyber Defense Magazine 

Ermetic Adds Kubernetes Security to CNAPP

Dark Reading - Ermetic unveiled Kubernetes security posture management to its cloud-native application protection platform (CNAPP).

Ermetic Adds Kubernetes Support to CNAPP

Ermetic Kubernetes support addition enables IT & cybersec teams to discover & fix misconfigurations, compliance violations & risky or excessive privileges.

Understanding the Risks and Rewards of CNAPP

Ermetic CEO explains how CNAPP takes a holistic view of risk in the cloud.

Building Up IAM in a Multicloud World

A Dark Reading article explains how the security goal in the cloud-first world is to ensure only qualified users can access information across clouds.

Why Insider Threats Are So Difficult to Detect in the Cloud

Arick Goomanovsky breaks down the challenges and strategy of confronting insider threats in the cloud.

How the Cloud Is Shifting CISO Priorities

Shai Morag advises CISOs to protect identities as the new perimeter and describes key areas of competency for every cloud security team

CRN Recognizes Ermetic as a Cloud 100 Company for 2023

Ermetic has been included on CRN's annual Cloud 100 list -- named one of the 20 Coolest Cloud Security Companies in 2023.

CSRF Vulnerability in Kudu SCM Allowed Code Execution in Azure Services

SecurityWeek covers the Ermetic discovery of a cross-site request forgery (CSRF) vulnerability impacting the source control management (SCM) service Kudu

Cross-site Forgery Bug would Facilitate Remote Code Execution in Microsoft Azure Services

Ermetic research team reported a cross-site request forgery vulnerability software management tool used across multiple Microsoft Azure cloud services.

New Microsoft Azure Vulnerability Uncovered — EmojiDeploy for RCE Attacks

The Hacker News coverage of the Ermetic discovery of a new critical remote code execution (RCE) flaw impacting multiple services related to Microsoft Azure.

EmojiDeploy Attack Chain Targets Misconfigured Azure Service

Dark Reading coverage detailing Ermetic's recent discovery

EmojiDeploy: Smile! Your Azure web service just got RCE’d ._.

Ermetic's research team discovered a remote code execution vulnerability affecting Azure cloud services and other cloud sovereigns including Function Apps, App Service and Logic Apps.

Understanding Infrastructure-as-Code Risks in the Cloud

Ermetic's Head of Research Igal Gofman takes a closer look at the rise and risks of Infrastructure as Code (IaC)

Globes Names Ermetic One of the Most Promising Startups in 2022

The prestigious list is based on selections made by more than 80 of the leading local and foreign investment firms operating in the Israeli high-tech market.

Ermetic Honored with 2022 ‘ASTORS’ Homeland Security Award

Company recognized for Groundbreaking Cloud-Native Application Protection Platform

Skills Shortage Threatens Cloud Security

Ermetic CEO explains how organizations can leverage upskilling to close internal skill gaps, and why investing in employee growth is a win-win approach.

Implementing Shift Left Security in the Cloud

Ermetic co-founder Arick Goomanovsky explains how this zero-day surge has increased interest in shift left practices, making security a priority in the development process

CRN Names Ermetic One of the 10 Hottest Cloud Security Startup Companies Of 2022

CRN has compiled a list of the 10 Hottest Cloud Security Startup Companies Of 2022, and we are honored to be included

What to Expect in Cloud Security in 2023

Arick Goomanovsky, co-founder and Chief Business Office of Ermetic, shares his top four cloud security predictions for 2023 on VMBlog.

Ermetic Ranked #2 on Dun’s 100 list of Best Startup Companies to Work for

We're honored to be included in this year's rankings of "leading and successful companies in the Israeli economy."

Identity Defined Security Alliance Introduces New CIEM Best Practices

Ermetic Senior Cloud Architect Lior Zatlavi write for RSA Conference.

Companies Lack Capabilities to Secure Cloud Infrastructure

A recent article in IT Pro Today takes a look at findings that reveal that most organizations have just entry-level solutions for their cloud security

Implementing Zero Trust for Government Clouds

Ben McGucken explains why government agencies should embrace identity-centric security strategies like least privilege and zero trust to secure cloud-based operations for the future.

How To Assess Your Cloud Security Capabilities

Shai Morag writes for Forbes Technology Council about the 4 levels of the Ermetic Security Maturity framework and cloud security best practices

Think Like an Attacker to Improve Your Security Posture

Lior Zatlavi explains for Solutions Review why defenders need to think like an attacker as cyber-attacks get more complex every day

Leveraging Identity-First Cloud Security Platform That Gives Full Visibility and Context to Understand Security Risks

The Silicon Review has named Ermetic one of the Top 10 Startups to Watch in 2022

Four Cloud Security Lessons from the Wegmans Data Breach

Ermetic Head of Research Igal Gofman writes about best practices for cloud security in SC Magazine.

Microsoft, Cloud Providers Move to Ban Basic Authentication

Robert Lemos takes a look at how Microsoft and other major cloud providers are planning to eliminate basic security weaknesses

How Tech Entrepreneurs Can Weather Economic Downturn

Ermetic's CEO and Co-Founder Shai Morag lists five recommendations for managing during the current economic climate for the Forbes Technology Council.

The Missing Link in DevOps Cloud Security

Ermetic's Co-Founder Arick Goomanovsky writes for

Black Hat 2022: Why Machine Identities are the most Vulnerable

Ermetic's Igal Gofman and Noam Dahan explained how different the dominant cloud platforms’ approaches to IAM are.

16 Tech Leaders’ Tips For Developing And Maintaining A Robust Incident Response Plan

Sixteen members of the Forbes Technology Council recently shared their top tips for developing and maintaining a "robust incident response plan."

14 Emerging And Ongoing Cyberthreats Every Organization Needs To Be Aware Of

Ermetic SEO and Co-Founder Shai Morag talks about overly permissive cloud entitlements in a Forbes article.

Ermetic Addresses IAM Weaknesses in Multi-Cloud Environments

Ermetic's Igal Gofman and Noam Dahan discussed weak spots they observed in multi-cloud infrastructure environments at Black Hat USA 2022.

Most Companies are at an Entry-Level when it Comes to Cloud Security

Ermetic released a study by Osterman Research that found 84% of respondents were at an entry-level in terms of their cloud security capabilities

84 Percent of Companies have only Basic Cloud Security Capability

According to a new study, most companies are only at the most basic level in terms of their cloud security.

Capital One Breach Conviction Exposes Scale of Cloud Entitlement Risk

Ermetic's CEO Shai Morag writes about preventing attacks such as the recent Capital One breach and what organizations should do

Cyberattackers Increasingly Target Cloud IAM as a Weak Link

At Black Hat USA, Ermetic's Igal Gofman plans to present how machine identities in the cloud and the explosion of SaaS apps are creating risks for IAM

How A Cloud Center Of Excellence Can Transform Your Enterprise

Ermetic's CEO and co-founder Shai Morag writes in Forbes about cloud center of excellence (CCOE) and explains how it helps companies.

Ermetic Spotlighted on the CRN® 2022 Emerging Vendors List

We are thrilled to share that CRN®, a brand of The Channel Company, has named Ermetic on its 2022 Emerging Vendors list in the security category.

How to Secure Cloud Environments by Simplifying their Complexity

A VentureBeat article offers views from senior executives at some of the world’s leading enterprises as they explore applied Data & AI success stories.

Ermetic’s Technology Enables Any Organization to Manage Cloud Infrastructure Security Automatically

Forbes Israel writes about how Ermetic answers one of the most complex questions in cloud security: “Who can access my data?”

5 Security Mistakes Cloud Engineers Make in 2022

In a runX article by Jane Fazackarley, Ermetic Senior Cloud Security Architect Lior Zatlavi explains that many cloud users fail to segment resources.

Can Hackers take over Respiratory Systems in Hospitals?

Ermetic's CBO and Co-Founder Arick Goomanovsky writes for Maariv about how hospitals can protect themselves from the next cyber attack.

Reduce Risk with a Cloud Security Maturity Model

Ermetic's CBO Arick Goomanovsky, discusses on Toolbox how cloud security models could help with risk management.

Ermetic Wins Two Global InfoSec Awards from Cyber Defense Magazine

We are excited to announce that we have been listed as a winner of two of the 2022 Cyber Defense Magazine Global InfoSec Awards for CIEM and CSPM.

Forbes Israel Names Ermetic One of “The Next Billion Dollar Startups”

Forbes Israel has named Ermetic one of the top 10 startups most likely to reach a $1 billion dollar valuation.

Corvus Insurance Adds First Organizations to ‘Smart Cyber Partnerships’ Ecosystem to Drive the Future of Cyber Risk Management

We've partnered with Corvus Insurance as part of the first of its Smart Cyber Partnerships with cybersecurity firms.

Best Practice: Enabling Visibility as Part of Cloud Infrastructure Entitlements Management (CIEM)

The goal is to constantly track ALL existing connections between identities, the actions they can perform and the resources on which they can perform them.

Using a Least Privilege Framework to Boost DevSecOps

Arick Goomanovsky says to involve developers and security teams earlier in the process to efficiently improve DevOps and overall security.

Ermetic names Liat Dvir as Chief People Strategy Officer

Ermetic's newest hire Liat Dvir has more than 15 years of human resources management experience, including her work at leading technology vendors.

The Role of Cloud-Based Identities in Cloud Security

CEO Shai Morag writes on Security Boulevard about the new challenges that organizations face after moving to the cloud.

What Log4j Can Teach Us About Cloud Security

Ermetic's co-founder Shai Morag writes for eWeek about best practices for improving cloud defenses in light of the Log4j attacks.

New Open-Source Tool Tackles Pesky Access Denial Messages in AWS

In an interview with CSO Ermetic Research Lead Noam Dahan explains the new open source tool for AWS.

Ermetic Partners Get New Synergia Partner Program for Cloud Security

Channel Futures writes about Ermetic's partner program called "Synergia" geared towards IT service providers, SIs, consultants, MSPs/MSSPs and ISVs.

Forbes Logo

Considering A CNAPP? 11 Important Details Every Company Should Know

In the Forbes Technology Council article Ermetic co-founder and CEO Shai Morag contributes his thoughts on CNAPP.

Cloud Security Predictions for 2022

Ermetic's CEO Shai Morag writes on Geektime about the absolute need for cloud security and shares his cloud security predictions for the year ahead.

Gold Winner of the 2022 Cybersecurity Excellence Awards

We are excited to announce that we are a multiple Gold winner of the 2022 Cybersecurity Excellence Awards in five categories!

Forbes Logo

Ermetic Provides Expert Cloud Security Tips in Forbes Article

In the Forbes Technology Council article Ermetic co-founder and CEO Shai Morag writes about ways to reduce the cloud security blast radius.

How Ermetic’s CFO Adapts Business Models to a Rapidly Growing Business interviewed our CFO Avi Israel about the changing needs of the role he holds for a fast-growing company.

Why Cloud Storage Isn’t Immune to Ransomware

Cloud security is a shared responsibility which sometimes leads to security gaps and complexity in risk management.


Cloud Security Startup Ermetic Closes $70M Funding Round

According to Gartner, cloud security boasts a compound annual growth rate of 41%, making it the fastest-growing part of the information security and risk management segment.

Ermetic raises $70M for ‘identity-first’ cloud security

Ermetic Raises $70M for ‘Identity-First’ Cloud Security

Shai Morag, Ermetic CEO and co-founder, talked to VentureBeat about where we've been and where we're going.

Forbes Logo

Why Everyone is Talking About CNAPP

For his latest Forbes Technology Council article, Shai Morag takes a look at cloud-native application protection platforms and their potential to revolutionize security. 

Forbes Logo

16 Potential Cybersecurity Solutions For Protecting Sensitive Data In The Cloud

16 industry experts share new and trending cybersecurity paradigms that companies must consider to best protect their sensitive data in the cloud.

Toolbox Logo

Top 5 AWS Misconfigurations That Led to Data Leaks in 2021

The most disruptive security incidents associated with AWS misconfigurations and how businesses can prevent misconfigurations in the future.

Ermetic raises $70M for ‘identity-first’ cloud security

Amazon Web Services security: 5 issues startups aim to fix

VentureBeat spoke to leaders from 10 cybersecurity startups about 5 AWS cloud security issues that their startups are aiming to fix.

Ermetic CIEM Solution Earns Platinum at 2021 ‘ASTORS’ Homeland Security Awards

Company recognized for groundbreaking Cloud Infrastructure Entitlements Management (CIEM) solution.

Toolbox Logo

Top Security Considerations for Transitioning from Private to Public Cloud

Organizations should re-evaluate how they safeguard data and apps as they expand their public cloud usage and implement four key security principles while migrating from private to public cloud infrastructure.

Toolbox Logo

Cloud Security Is a Top Priority for Financial Institutions

A main challenge for banks is managing identities and permissions in the cloud while maintaining uniform access across multiple clouds.

AST Names Ermetic a Finalist for the 2021

AST Names Ermetic a Finalist for the 2021 ‘ASTORS’ Homeland Security Award

We are honored to be included as a Finalist at the Annual ‘ASTORS’ Awards, designed to honor distinguished security solutions.

Ransomware’s evolution: 6 key trends to watch

As security teams start to fight back, attackers have only become more sophisticated.

Ermetic Named Finalist in Computing’s Security Excellence Awards 2021

The Awards celebrate the achievements of the security industry through recognition and rewarding of exceptional companies, people, products and projects.

Toolbox Logo

What Makes AWS Buckets Vulnerable to Ransomware and How to Mitigate the Threat

As more data is being migrated to cloud, the risk of ransomware attacks on AWS’ S3 buckets have increased.

2021 Euroscape Ermetic

Ermetic Named in Accel 2021 Euroscape Top 100

Euroscape Top 100 is global VC firm Accel’s annual list of the hottest European and Israeli cloud companies to watch.

‘Toxic Permissions’ Leave AWS S3 Buckets Vulnerable to Ransomware

The “toxic combination of overprivileged identities and poorly configured environments” can potentially expose data.

Cyber OSPA

Ermetic Named a Finalist in the First-Ever Cyber OSPAs

The awards recognize the outstanding contribution organizations, people and technology are making to protect society from all areas of cybercrime.

eweek logo

Secure Cloud Migration: Beware Identity Failures and Misconfigurations

It’s critical to operate within a least privileged identity model and remediate unnecessary entitlements and misconfigurations.

Forbes Logo

How M&As Expose Cloud Security Shortcomings

In his recent article for the Forbes Technology Council, Shai Morag takes a look at some best practices for addressing multicloud security.

Ermetic Named a Top Startup to watch in Big50’s 2021 Startup Report

The 2021 Big50 Startup Report has been published…and we’re excited to be included! The Report, by Startup50’s Jeff Vance, highlights top tech startups — like us — that he believes are reshaping fast-growth markets. The startups featured in this year’s report have collectively raised more than $2B in funding since their last report published and […]

Managing Entitlements and Access in the Cloud is a Leading Security Risk

Public cloud environments offer a flexible way for organizations to provision resources, spin up containers based on ever-changing requirements, and more. Public cloud deployments can quickly turn into a complicated highway of interconnected machines, users, applications, services, containers and microservices. The huge undertaking of keeping track, evaluating risks and defining access policies and permissions for […]

Ermetic Named Finalist in Black Unicorn Awards for 2021

We are excited to share that Ermetic was named a finalist in the Black Unicorn Awards for 2021! We were up against many of the industry’s leading providers of cybersecurity products and services for this prestigious award. The term “Baby Black Unicorn” signifies a cybersecurity company that has the potential to reach a $1 billion […]

Shai Morag Named One of the Top 25 Cybersecurity CEOs of 2021

We’re excited to share that the Software Report has named Ermetic co-founder and CEO Shai Morag one of the Top 25 Cybersecurity CEOs of 2021. According to The Software Report, “these accomplished executives lead some of the most sophisticated operations that protect businesses and individuals across the globe. Hundreds of exceptional CEOs were nominated in […]

A Six-Step Process For Managing Cloud Entitlements

If your cloud strategy and infrastructure is stressing you out, you’re not alone. As companies add more and more cloud services and providers, the process of managing entitlements becomes more and more complicated.

What is Cybersecurity? Defined, Explained, and Trends

In a recent article, Troy Cogburn, Director of Vation Intelligence explores cybersecurity as a discipline that reduces the risk of a cyber attack against IT systems, devices, and networks. “Cybersecurity covers a broad remit of principles, measures, and processes that help protect devices, services, and IT systems during both online and offline use,” he says. […]

Almost All Organisations Suffered At Least One Data Breach in Past 18 Months

In a recent article, CPO Magazine takes a deep dive into our IDC Survey Report: State of Cloud Security 2021 where we found nearly all organizations experienced a cloud data breach within the last 18 months. The survey polled 200 CISOs and other key IT security decision-makers and found that lack of visibility and identity […]

Ermetic Named CRN Emerging Vendor 2021

We are proud to share that Ermetic has been selected to be featured on CRN’s Emerging Vendors list for 2021 in the Security category. Chosen by the CRN editorial team, this annual list highlights the new and innovative technology suppliers that have shown an unwavering commitment to delivering the latest technology services and solutions through […]

Major Threats to Cloud Infrastructure Security Include a Lack of Visibility and Inadequate IAM

In a recent article, HelpNet Security did a deep dive into our recent findings in the IDC Survey Report: State of Cloud Security 2021.

IDSA Report: 2021 Trends in Securing Digital Identities

The Identity Defined Security Alliance recently published their “2021 Trends in Securing Digital Identities” report. Sponsored by the IDSA, the report is based on an online survey conducted by Dimensional Research of more than 500 security and identity professionals from the United States who worked at companies with more than 1,000 employees. The survey examined […]

98 Percent of Companies Experience Cloud Data Breaches

In a recent article on BetaNews, Ian Barker takes a look at our recent IDC Survey results which found that in the last 18 months, 98% of companies experienced at least one cloud data breach — up from 79 percent last year. In addition, almost 70% of companies spend more than 25 hours per week […]

14 Expert Recommendations For Creating An Effective Cloud Governance Policy

When small businesses are inundated with messages of the benefits of a shift to the cloud, they may mistakenly think that once they’ve moved, their “tech responsibilities” are over. But businesses need to develop and implement policies that govern cloud access, cost management and compliance, otherwise, their processes may perpetuate inefficiencies, costs and security issues […]

Taming the Overprivileged Cloud

In his latest article for eWeek, Ermetic Chief Business Officer Arick Goomanovsky explains how to tame an overprivileged cloud. “Enterprises are struggling with a swelling number of cloud identities, credentials sprawl and privilege creep,” he wrote. “Gartner has sounded the alarm: by 2023, 75% of cloud security failures will result from inadequate management of identities, […]

Cybersecurity for Multi Clouds: Why the Cloud Needs Native Security

In a recent article, Ermetic co-founder and CBO Arick Goomanovsky explores how the process of managing multi-cloud cybersecurity forces organizations to rethink traditional approaches. According to Arick, cloud native controls were specifically built to manage privileges and access for any cloud platform, therefore, they provide capabilities that are missing in on-premise and cloud provider-specific […]

Ermetic Included on Tracxn List of Emerging Startups 2021

We are excited to share that we were included on Tracxn's list of Emerging Startups for 2021 in the Top Cloud Infrastructure Startups category.

Five Approaches for Securing Identity in Cloud Infrastructure

In his recent article for the Cloud Security Alliance, Ermetic co-founder and CEO Shai Morag explained that the migration of business processes to the cloud has become mainstream and organizations are enjoying the many benefits of streamlining processes, cutting costs and creating new ways to work. There are, however, also drawbacks including the fact that […]

It is Time to Treat Privilege Like Privacy

Carla Roncato, Senior Analyst at Enterprise Strategy Group, shared that ESG recently asked organizations, “approximately what percentage of your organization’s human and non-human identities have permissions associated with their use of cloud services that are greater than what is required to do their task/job?” We spoke with her last week about the fact that privilege […]

Ermetic Named “Hot Company in Cloud Infrastructure Entitlement Management” at RSA Conference 2021

Ermetic embodies three major features we judges look for to become winners: understanding tomorrow’s threats, today, providing a cost-effective solution and innovating in unexpected ways that can help stop the next breach.

Protecting Collaboration Channels for Remote Work

In a recent article for Security Boulevard, Ossi Tiainen identified 15 high-potential companies in the cybersecurity space…and Ermetic is included! Tiainen posits that securing collaboration and communication apps is more important than ever because of the recent huge shift to remote work. Even before 2020 and the age of COVID-19, enterprises had shifted from email […]

Ermetic Named Finalist in Computing DevOps Excellence Awards

We are excited to share that we’ve been named a finalist in Computing’s DevOps Excellence Awards in the Best DevSecOps Implementation category, for our work with Latch. The DevOps Excellence Awards showcase “outstanding achievement from organizations, personalities and solutions that have successfully applied DevOps methodologies.” The Awards recognize and celebrate the best of every organization, […]

Cloud Security and Privacy: 7 Action Items you Should Consider

In a recent Tech Beacon article, John P. Mello Jr. offers seven high-priority projects that he says should serve as the base of a robust cloud security program. As more and more enterprises race to the cloud, he offers this checklist for security teams as they put together plans to protect their cloud environments. Our […]

Ermetic Named a Finalist for The Europas “Hottest CyberTech Startup”

We are thrilled to share that Ermetic has made the longlist for Hottest CyberTech Startup at this year’s The Europas. The Europas was formed in 2009 by Mike Butcher, editor-at-large at Techcrunch, to recognize and celebrate innovation emerging from Europe’s thriving tech startup scene. Now in its twelfth year of identifying Europe’s most ambitious and […]

Ermetic Named a “Startup to Watch” by DBTA

Database Trends and Applications (DBTA) notes that “innovative enterprise tech startups are emerging to tackle both new and longstanding challenges and problems in ways never thought possible.” They have observed various outstanding organizations  introduce new approaches to digital transformation, expanding AI and analytics initiatives, streamlining DevOps, improving data observability and more. DBTA named 16 startups […]

The Role of Identity and Entitlements in the Cloud Security Stack

In a recent article for TMCNet, Ermetic co-founder and CEO Shai Morag takes a closer look at how the recent massive adoption of public cloud services has created an ever-growing attack surface. He posits that while this scenario poses significant challenges, he knows that the root of security remains identities and entitlements. Shai explains that […]

Cybersecurity: What are the Hottest Sectors in Israel?

It’s quite an honor to be recognized by Calcalist’s C-Tech as a “Rising Star” in the Israeli Cloud Security landscape, a strong and growing industry, as organizations transition processes to the cloud. They noted that the 2020 Covid-19 pandemic essentially catapulted the cybersecurity market to an all-time high and took a look at some of […]

Prioritizing the Cloud’s Top Security Risks

In his recent article for the Forbes Technology Council, Ermetic CEO and co-founder Shai Morag addresses the shared responsibility of cloud security between cloud service providers and user organizations. While cloud providers handle infrastructure security, companies are typically left to their own devices to protect the rest of their security stack. The Forbes article outlines […]

Ermetic: In the Post-Pandemic World, Geography will be less Critical for Sales

Sharon Chavoinik, Ermetic Director of People, recently sat down with Calcalist’s CTech to discuss how, in an era of a global pandemic, remote working can impact the growth of a young company in early stages. According to Sharon, since Ermetic was at such an early stage when the pandemic began, “we had yet to open […]

Why Cloud Security Risks Have Shifted to Identities and Entitlements

In his recent article for Dark Reading, Ermetic Co-Founder and CEO Shai Morag shares his insights on why cloud security risks have shifted to identities and entitlements. He explains that traditional security tools focus on securing the network perimeter and end up leaving user and service accounts wide open to hackers. Manually tracking cloud-access entitlements […]

Ermetic Takes Silver at the 2021 Cybersecurity Excellence Awards

The Ermetic Cloud Security Platform won second place in the CIEM category of the 2021 Cybersecurity Excellence Awards.

Supply Chain Attacks Renew Focus on Limiting Privileged Access to Cloud Data

A recent article on Cybersecurity Dive shares insights from Ermetic co-founder and CBO, Arick Goomanovsky, that as companies scale up using public cloud infrastructure, they should take care to limit privileged access. They explain that there is a growing number of firms moving away from storing critical information on-site and instead, moving their data to […]

PAM vs. CIEM: Cloud Shift Offers an Opportunity to Rethink Access Management

In his recent article for Toolbox, Arick Goomanovsky takes a closer look at how and why it's so challenging to manage privileged accounts and entitlements in cloud infrastructure.

How One Multicloud-Based Business Manages Security Controls

In his recent CSO article, Bob Violino, takes a look at how AppsFlyer manages their Security Controls. Every day, the company processes 80 terabytes of data across multiple cloud hosting services. How do they keep everything secure? AppsFlyer enlisted Ermetic’s entitlement management system. “Before we selected Ermetic we conducted a very comprehensive evaluation of cloud […]

Managing Identities and Entitlements to Secure the Public Cloud

In his recent Security Boulevard article, Frank Ohlhorst posits “Accelerated digital transformation in response to the pandemic has blurred the line between the public cloud and the internal network, creating a much more complex environment that organizations still struggle to secure.” He points out that managing identities and entitlements is particularly difficult for organizations. Many […]

Researchers say Cloud Deployments of SolarWinds Orion Could put API Keys at Risk

The drama in the aftermath of the SolarWinds Orion hack persists, and some shareholders have announced a class-action lawsuit claiming that they were misled by executives about the company’s security. They warned that this catastrophic breach might potentially endanger the cloud applications of Orion users. The warning to cloud users came from our recent blog […]

101 Best Cyber Security Startups To Follow In 2021

Startup Pill recently published their list of top picks for the best Cyber Security startups — and we’re near the top. On their 2020 list, we were included in the Cloud Computing category. They chose startups that take “a variety of approaches to innovating inside of the Cyber Security industry and around the world,” and […]

Vote for Ermetic in the 2021 Cybersecurity Excellence Awards

We are excited to announce that Ermetic has been nominated in the Cloud Infrastructure Entitlements Management (CIEM) category of the 2021 Cybersecurity Excellence Awards. The awards were established to recognize “companies, products and professionals that demonstrate excellence, innovation and leadership in information security.” Produced by Cybersecurity Insiders in partnership with the Information Security Community on […]

SolarWinds Hack Poses Risk to Cloud Services’ API keys and IAM Identities

In a recent blog post, Noam Dahan, a Senior Security Researcher at Ermetic, discussed the aftermath of the SolarWinds breach and how until now, the discussion has been focused on on-premise risks. But the cloud is not immune; the SolarWinds Orion supply chain hack also endangers Amazon Web Services and Microsoft Azure API keys and […]

Why Securing The Cloud Is A Math Problem

In his recent article for the Forbes Technology Council, Shai Morag explains that despite what you may think, there actually is a security perimeter in the cloud. It’s not the type we’re accustomed to protecting, though. He explains that identity is the perimeter because “all an attacker needs to compromise cloud security controls are the […]

Ermetic Named a Finalist in 2020-21 Cloud Awards

We’re excited to share that we have been named a finalist in the international Cloud Computing Awards program, The Cloud Awards. Since 2011, The Cloud Awards has promoted and celebrated excellence and innovation in cloud computing, and we are honored to be included as a finalist. The 2020-21 Cloud Awards include a wide range of […]

How Ermetic Tackles Public Cloud Risks by Securing Identities, Entitlements

eWeek recently reviewed our Cloud Infrastructure Entitlements Management solution for their readers. Their takeaway? eWeek commented that enterprises are seeing an increase in compromises as they swiftly move their applications to the public cloud. They said, “Ermetic tackles those cybersecurity issues by securing the who, what, when, and where of cloud activity. In other words, […]

The Polls are Open for 2020 DevOps Dozen

The polls are open! Ermetic is excited have been nominated in the Cloud Native Security Solution/Service category of the 2020 DevOps Dozen². The Tools and Services Awards category features 12 awards to recognize the companies who “develop and deliver outstanding solutions to empower developers, DevOps and IT operations teams.” The categories include: Best End-to-End DevOps […]

Startup Pill Names Ermetic on Their List of Best Cloud Computing Startups to Follow in 2020

We’re in good company here! Startup Pill recently published a list of their top picks for the best Cloud Computing startups — and we’re near the top. They chose startups that take “a variety of approaches to innovating inside of the cloud computing industry and around the world,” and we’re honored to be included. The […]

Digital Transformation Security Threats will Dominate in 2021

2020 has proven to be an exceptionally challenging year for businesses of all kinds, and the security industry is included. COVID-19 brought with it a whole slew of issues for organizations ranging from health concerns to remote working and everything in between. Shai Morag, Ermetic Co-Founder and CEO, sat down with VMBlog to discuss what […]

Don’t Underestimate The Business Risk Of Cloud Entitlements

As organizations move to the cloud and scale up, the chance of mismanaged privileges, identities and access increases exponentially. Many organizations end up with complex multicloud deployments where the sprawl quickly spreads out of control. They grow from tens to hundreds to thousands of identities and millions of entitlements within a very short period of […]

Ermetic Named a Finalist in Computing’s Security Excellence Awards

We are excited to share that we’ve been named a finalist in the Cloud Security category of Computing’s Security Excellence Awards! According to Computing, these Awards “celebrate the achievements of the IT industry’s leading security companies, solutions, products and personalities – those are keeping every other part of the industry operating.” The Security Excellence Awards […]

Ermetic Named One of 10 Hottest Cloud Computing Startups of 2020 by CRN

We are honored to be named one of the 10 Hottest Cloud Computing Startups of 2020 by CRN. With the world turned upside down with the coronavirus pandemic, one industry saw a boom in growth… cloud computing. Companies working in the cloud computing space saw a huge opportunity to accelerate adoption of their services as […]

Ermetic Named Winner of Sierra Ventures Challenge

Ermetic today announced it has won the Sierra Ventures Challenge organized by Startup50 and will present its product to enterprise buyers from Sierra Ventures CXO advisory board.

Ermetic’s Platform Provides Full Stack Visibility and Control over Multi-Cloud Infrastructure Entitlements

“One of the biggest risks in public cloud security is access abuse, specifically excessive permissions and compromised identities having access to data and resources. The challenge is that enforcing least privilege is much more difficult in the public cloud than on-premises,” said Garrett Bekker, Principal Security Analyst at 451 Research, a part of S&P Global […]

What’s New In Gartner’s Hype Cycle For Cloud Security, 2020

In Forbes, Louis Columbus recently wrote up a nice overview of Gartner’s Hype Cycle for Cloud Security for 2020. Gartner proclaims that “public cloud computing platforms have proven battle-ready by supporting unplanned, unexpected workloads from enterprises during the pandemic,” he wrote. Our main takeaway? Cloud Infrastructure Entitlements Management (CIEM) is on the Hype Cycle for […]

Reducing Identity and Access Security Risks in Cloud Infrastructures: A guide

In his latest post for Cloud Tech, Ermetic CEO Shai Morag explores the idea that while organizations may understand the value of leveraging cloud environments, many don’t understand exactly how these infrastructures shift the responsibility of managing security risk back on them. He explains how important it is for organizations to gain control over all […]

CSPM Vs. CIEM: Demystifying Two Popular Cloud Security Acronyms

In his first article for the Forbes Technology Council, Shai Morag takes a closer look at CSPM and CIEM.

Ermetic Shortlisted for Computing Cloud Excellence Awards 2020

Ermetic has been shortlisted for Computing’s Cloud Excellence Awards! The number of entries grows every year as we see growth in the adoption of and reliance on cloud computing. Making it the shortlist is, according to Computing, a sign of incredible performance and success and we are honored to be included. With categories covering every […]

CIO Bulletin Names Ermetic One of the 10 Best Cyber Security Companies 2020

CIO Bulletin has named Ermetic one of the 10 Best Cyber Security Companies of the year! We are honored to be included in the list next to some other strong leaders in the field. Click here for the full list of winnners. And to see what they have to say about Ermetic, check out their […]

Cloud Threats and Priorities as We Head Into the Second Half of 2020

Dark Reading recently reviewed our IDC survey on identity and data access risks to understand where the industry is headed for the rest of the year and what it all means when it comes to mitigating cloud risks.

We Asked 12 Founders who Raised Nearly $200 Million During COVID-19 for their tips on Wooing Investors During a Crisis

Shai Morag, our CEO and co-founder, was recently interviewed along with other founders and investors for a Business Insider article about remote fundraising during the pandemic. “You need to be more prepared than usual,” Morag told them. “All meetings are in Zoom, they tend to be transactional and more focused, it’s a hard dynamic with […]

DIY Access Security for Amazon Web Services

On The New Stack, Ermetic co-founder and CTO Michael Dolinsky explains how complicated, time-consuming and error-prone it is to try and manage identities and access in AWS using native or do-it-yourself tools.

451 Research Report: Cloud Access and Entitlement Management Startup Ermetic Raises $17m

451 Research released a report detailing our recent $17 million fundraising round. The round was led by Accel, along with seed investors Glilot Capital Partners, Norwest Venture Partners and Target Global.

Ermetic Shortlisted in American Cyber Awards

We are excited to announce that Ermetic has been shortlisted in the "Innovative Product of the Year - Cloud Based" category of the American Cyber Awards, which highlight the most innovative and successful people, teams and products in the cybersecurity industry.

Cali-based VC Firm Accel Empowers Israeli Cloud-Security Startup’s Run for Market Lead

Accel, a fund that previously invested in Facebook, Slack, Spotify, and Dropbox, has turned attention to the Ermetic cloud security solution, realizing the potential and need for the product. The $17.25 million Series A financing round was led by Accel, and supported by previous investors Glilot Capital Partners, Norwest Venture Partners and Target Global. “There’s […]

Managing Cloud Access Permissions Is a Top CISO Concern

How the least privilege principle can reduce data threats and how an automated approach can help manage and monitor cloud access policies and permissions for applications and services.

Complexity Exacerbates Cloud Cybersecurity Threats

New TechTarget article explains how as cloud becomes intrinsic to IT, shifting roles have led to some risks being overlooked... but companies are getting smarter about alleviating threats.

Lack of Visibility and Poor Access Management are Major Contributors to Cloud Data Breaches

HIPAA Journal takes a closer look at our recent IDC Cloud Security Survey and the impact on the healthcare industry where more and more organizations are completing their digital transformations. While they are able to take advantage of the flexibility, scalability, and cost savings provided by public cloud environments, healthcare organizations see that securing public […]

Infosecurity Magazine highlights Ermetic’s IDC Survey

Infosecurity Magazine highlights the findings of the newly released IDC survey sponsored by Ermetic, reporting on what over 300 CISO’s see as their top cloud security concerns, and the risks they face. The article mentions, “Ermetic also argued that users and applications often accrue excessive access permissions in public cloud deployments. These are often granted […]

How to Implement Least Privilege in the Cloud

The Cloud Security Alliance (CSA) recently took a poll of more than 200 industry experts and found that cloud resource misconfiguration is a leading cause of data breaches. Why? Mainly because identity and privilege management at cloud-scale is extremely challenging. It becomes increasingly more complicated and more challenging over time, as organizations grow and their […]

7 Steps to Avoid the Top Cloud Access Risks

Securing identities and data in the cloud is challenging, but a least-privilege access approach helps. The Capital One incident, in which data on 106 million credit card customers and applicants was exposed, is a great example in which misconfiguration and inadequate change control enabled the attackers to exploit a vulnerability in an open source web application […]

Skip to content