Ermetic Launches Analytics-based Solution that Protects AWS, Google Cloud and Microsoft Azure from Data Breaches

Platform Automates the Detection and Remediation of Identity and Access-based Risks to Enable Continuous Enforcement of Least Privilege Policies at Scale

PALO ALTO and TEL AVIV, May 6, 2020 — Ermetic, the cloud access risk security company, emerged from stealth mode today and announced an analytics-based solution that prevents cloud data breaches by automating the detection and remediation of identity and access risks in Infrastructure as a Service (IaaS) and Platform as a Service (PaaS) offerings from Amazon, Google and Microsoft. The company recently raised $10M in financing from Glilot Capital Partners, Norwest Venture Partners and Target Global.

According to research firm Gartner, 99% of cloud breaches occur due to human errors such as configuration mistakes. For example, at last count there were more than 2500 IAM (identity and access management) permissions in AWS. They apply to users, devices, applications, services and more. This complexity makes manual management of access policies in IaaS and PaaS infrastructures virtually impossible.

“Monitoring and managing cloud security risks associated with human identities is a big challenge on its own, but reducing the attack surface created by machine accounts is manually unfeasible,” said Gerhard Eschelbeck, former CISO for Google. “Ermetic has developed a very precise and scalable approach that uses data science-based automation to solve this problem and give control back to the organization.”

Untangling Cloud Access Risks

The analytics-based Ermetic platform automatically discovers all human and machine identities in the cloud, and analyzes their entitlements, roles and policies using a continuous lifecycle approach. This full stack visibility enables Ermetic to provide the following advantages:

  • Detect permission gaps, between privileges that should be maintained and those that should be revoked
  • Map and decouple complex, overprivileged relationships between identities and roles, and generate turn-key policy changes that remediate cloud access risks
  • Analyze all access activity to detect and alert on privilege escalation, suspicious access and data deletion indicative of credential theft or abuse

“Monitoring and managing cloud access risk is challenging and becomes even more complex over time as users and applications accumulate permissions that far exceed their technical and business requirements, resulting in vulnerabilities that hackers can actively exploit,” said Shai Morag, CEO of Ermetic. “Using analytics and automation, Ermetic eliminates the manual effort and costs associated with determining the precise permissions necessary for each user, service or application in complex environments like AWS, Microsoft Azure and Google Cloud.”

End-to-End Automation for Reducing Access Risk

Ermetic eliminates manual-effort roadblocks to enforcing least privilege, reduces the cloud attack surface and improves security posture across IaaS and PaaS infrastructures by providing the following capabilities:


Discovers all human and machine identities, data and compute resources, policies and permissions


Analyzes all access policies to identify all entities that can access a resource, access logs to determine which permissions are used and activity to model and identify risks while ensuring business continuity.

Policy Enforcement

Eliminates excessive access and privileges based on actual access patterns and data sensitivity to automate centralized least privilege policy enforcement.

Anomaly Detection

Monitors all access activities to detect and alert on suspicious behavior such as sensitive data access, privilege escalation and deletion, and unusual resource access.


Generates access policy recommendations for DevOps that optimize security while supporting  end user productivity through integration with leading CI/CD tools such as Slack, Jira, ServiceNow, Jenkins, Terraform, Ansible, Chef and Puppet.

Best Practice & Benchmark Auditing

Performs routine assessment of configurations across cloud environments, automatically compares findings to leading compliance benchmarks and alerts on deviation from best practices


The Ermetic platform is available immediately.

Proven Management Team

Ermetic was founded by Shai Morag (CEO), Sivan Krigsman (Chief Product Officer), Arick Goomanovsky (Chief Business Officer) and Michael Dolinsky (CTO). They have previously built successful enterprise security companies including Aorato acquired by Microsoft, Secdo acquired by Palo Alto Networks, and Sygnia acquired by Temasek. All four began their careers in cyber intelligence roles with the Israel military.

About Ermetic

Ermetic enables enterprises to protect cloud infrastructures (IaaS/PaaS) from access-related risks and misconfigurations by maintaining continuous visibility into identities, their entitlements and data usage. By combining analytics with granular, full stack insight, Ermetic makes it possible to enforce least privilege access at scale even in the most complex cloud environments. The company is led by proven technology entrepreneurs whose previous companies have been acquired by Microsoft, Palo Alto Networks and others. Ermetic has received funding from Glilot Capital Partners, Norwest Venture Partners and Target Global. Visit us at and follow us on LinkedInTwitter and Facebook.