Ermetic

Ermetic provides an identity-first cloud infrastructure security platform designed to offer comprehensive, multi-cloud protection. Its primary mission is to help organizations prevent breaches by continuously analyzing permissions, configurations, and behavior across the full stack of identities, network, data, and compute resources. Ermetic aims to enable businesses to reduce their cloud attack surface and enforce least privilege at scale, even in highly complex cloud environments. The company focuses on automating the detection and remediation of risks, allowing organizations to govern infrastructure and resource access effectively.

A key goal for Ermetic is to simplify cloud security management and help organizations mitigate access risk, secure cloud data, and ensure compliance. Ermetic strives to provide full visibility and context for understanding cloud security risks, unifying capabilities such as Cloud Infrastructure Entitlement Management (CIEM) and Cloud Security Posture Management (CSPM). The company was acquired by Tenable in 2023, a move intended to enhance proactive security capabilities for customers by combining their respective strengths in cloud security and exposure management. Ermetic has been recognized for its work environment and growth, indicating a positive market reputation.

Offerings, Capabilities, and Integrations

Ermetic provides a comprehensive cloud security platform designed to manage security and compliance across complex Amazon Web Services (AWS), Microsoft Azure, and Google Cloud Platform (GCP) environments. Its identity-first architecture offers deep visibility into effective access and potential risks, unifying key aspects of cloud security. This approach allows Ermetic to deliver full-stack, actionable risk insight across identities, configurations, and resources. Ermetic’s platform is engineered to proactively reduce the cloud attack surface, detect threats, and minimize the potential impact of a breach. Key capabilities include full asset discovery, in-depth risk analysis and prioritization, real-time anomaly detection, compliance auditing, and policy enforcement. Ermetic also offers guided remediation and integrates with various development and IT operations tools such as Jenkins, BitBucket, CircleCI, GitHub, GitLab, Datadog, Slack, Splunk, ServiceNow, and Jira, facilitating streamlined workflows and collaboration between security, DevOps, and IAM teams. This holistic and integrated approach to cloud security, focusing on identity as the core, gives Ermetic a competitive edge by providing a unified view and control over multi-cloud environments, enabling organizations to implement zero trust and least privilege access principles effectively.

Products and Services

Ermetic’s core offering is its Cloud Native Application Protection Platform (CNAPP), a SaaS solution that consolidates several critical cloud security functionalities. This platform serves as Ermetic’s flagship product. The CNAPP integrates the following key components:

• Cloud Infrastructure Entitlement Management (CIEM): This is a foundational component of the Ermetic platform. It focuses on managing and securing cloud identities and entitlements, analyzing permissions, configurations, and activity to enforce least privilege and reduce the risk of excessive access. Ermetic was a pioneer in the CIEM market.
• Cloud Security Posture Management (CSPM): Ermetic’s CSPM capabilities enable organizations to assess and manage the security posture of their cloud resources. It identifies misconfigurations, compliance violations, and deviations from security best practices across the cloud infrastructure.
• Cloud Workload Protection Platform (CWPP): Added to its CNAPP, this capability allows customers to detect, prevent, and remediate security risks in virtual machines, containers, and serverless functions. It scans workloads for vulnerabilities, exposed secrets, sensitive data, malware, and misconfigurations.
• Kubernetes Security Posture Management (KSPM): Ermetic extended its CNAPP to include KSPM, providing detailed inventory of resources within Kubernetes clusters, continuous posture assessment, risk prioritization, and guided remediation for Kubernetes environments.
• Infrastructure as Code (IaC) Scanning: Ermetic enables the scanning of IaC templates (like Terraform) before deployment to detect misconfigurations and risky entitlements, integrating with CI/CD pipelines.
• Anomaly Detection: The platform includes real-time anomaly detection to identify suspicious activities, unusual data access, privilege escalation, and other identity-related threats.
• Compliance Auditing and Reporting: Ermetic supports continuous compliance audits against various industry standards and regulations such as GDPR, HIPAA, ISO, NIST, PCI, SOC2, and CIS Benchmarks.

In September 2023, Ermetic was acquired by Tenable and its offerings are being integrated into the Tenable One Exposure Management Platform and Tenable Cloud Security solution. Ermetic also offers an open-source project called CNAPPgoat, which allows organizations to test their cloud security skills and tools in interactive sandbox environments.

Target Customers

Ermetic’s target customers are organizations of all sizes, including Fortune 50 and Fortune 100 companies, that utilize public cloud platforms such as AWS, Azure, and GCP. The platform is particularly beneficial for companies with complex multi-cloud environments and those looking to implement zero trust and least privilege security models. Organizations facing challenges with managing a multitude of identities and permissions in the cloud, ensuring compliance with industry standards, and reducing their cloud attack surface are prime candidates for Ermetic’s solutions. Target users within these organizations typically include security teams, DevOps teams, DevSecOps, CloudOps, Identity and Access Management (IAM) teams, and Chief Information Security Officers (CISOs). These customers benefit from Ermetic’s platform by gaining enhanced visibility into their cloud security posture, automating risk detection and remediation, simplifying compliance, and improving collaboration across different teams responsible for cloud security and operations. Ermetic helps these organizations to proactively manage cloud risks, prevent breaches, and ensure their cloud deployments are secure and compliant.

Cloud Integrations and Marketplaces

Ermetic offers a cloud security platform with integrations for major cloud providers, including Amazon Web Services (AWS), Microsoft Azure, and Google Cloud Platform (GCP). Ermetic’s platform is designed to provide visibility and control over cloud infrastructures by analyzing permissions, configurations, and resource relationships. Ermetic is also available on the marketplaces of these primary cloud providers.

• AWS Integration: Ermetic integrates with AWS to provide security and compliance solutions. This includes analyzing permissions, configurations, and behavior across identities, data, networks, and compute resources within AWS environments. Ermetic helps automate least privilege enforcement and can be integrated with AWS Control Tower to extend its capabilities to new accounts.
• Microsoft Azure Integration: Ermetic’s platform integrates with Microsoft Azure, including Azure Active Directory (AD) Privileged Identity Management (PIM). This integration allows for monitoring and remediation of excessive permissions in Azure AD PIM, helping to enforce least privilege. Ermetic analyzes configurations, policies, and activity logs to identify and mitigate risks.
• Google Cloud Integration: Ermetic’s Cloud Native Application Protection Platform (CNAPP) is designed to identify and address security vulnerabilities in Google Cloud. It uses an identity-centric approach for Cloud Infrastructure Entitlement Management (CIEM), Cloud Security Posture Management (CSPM), cloud workload protection, and Kubernetes Security Posture Management (KSPM) within the Google Cloud environment.
• AWS Marketplace: The Ermetic platform is available on the AWS Marketplace. This allows AWS customers to procure and deploy Ermetic’s security solutions, often with automated billing and payment processes.
• Azure Marketplace: While direct search results for an “Ermetic” listing on the Azure Marketplace were not found in the top results, Ermetic’s solutions are noted to support Microsoft Azure. A Microsoft 365 App Certification page mentions “Tenable Cloud Security by Ermetic Inc.” and lists its core functionality as an identity-first cloud-native application protection (CNAPP) and infrastructure security platform, using AWS, Azure, and GCP as hosting cloud providers.
• Google Cloud Marketplace: The Ermetic Cloud Native Application Protection Platform (CNAPP) is available on the Google Cloud Marketplace. This enables Google Cloud customers to access and deploy Ermetic’s CNAPP capabilities to secure their cloud resources.

Beyond these primary cloud providers, Ermetic also integrates with other tools and platforms. For instance, Ermetic integrates with Okta and other external identity providers. It also integrates with ticketing systems, CI/CD pipelines, and Infrastructure as Code (IaC) tools. Ermetic allows customers to scan their Terraform plans before deployment to detect misconfigurations and risky entitlements. Additionally, Tenable Cloud Security, which is powered by Ermetic, integrates with Slack for alerts and Just-in-Time (JIT) access requests to AWS, Azure, and GCP environments.

Key People

• Co-Founder & CEO: Shai Morag
• Co-Founder & CTO: Michael Dolinsky
• Co-Founder & CPO: Sivan Krigsman
• Co-Founder: Arick Goomanovsky
• Chief People Officer: Liat Dvir
• Executive Vice President of Sales: Rick Beattie
• VP Sales, EMEA: Eduard Meelhuysen

Key Facts

• Headquarters Location: Tel Aviv, Israel.
• Number of Employees: 100-250.
• Annual Revenue: $25-100M.
• Parent Company: Tenable.
• Subsidiary Companies: None.
• Publicly Listed: No (Acquired by Tenable, which is publicly listed).

Analyst Recognition

Ermetic has been recognized by Gartner, Forrester, and IDC in various technology categories:

• Gartner: Ermetic was named as a Representative Vendor in the 2023 Gartner Market Guide for Cloud-Native Application Protection Platforms (CNAPP). Ermetic was also recognized as a Cloud Infrastructure Entitlements Management (CIEM) vendor in Gartner’s 2020 report “Managing Privileged Access in Cloud Infrastructure”. The Ermetic platform unifies CIEM, Cloud Security Posture Management (CSPM), Cloud Workload Protection (CWP), Infrastructure as Code (IaC) security, and Kubernetes Security Posture Management (KSPM).
• Forrester: Forrester’s Q1 2024 Cloud Workload Security (CWS) report mentions that Tenable’s acquisition of Ermetic in October 2023 offers customers more identity-centric visibility into cloud platform configuration and data access. Forrester noted that Ermetic’s CIEM capabilities are very powerful. Tenable’s acquisition of Ermetic is also mentioned in a Forrester article discussing consolidation in the vulnerability management market, highlighting Ermetic’s role in cloud security.
• IDC: An IDC survey commissioned by Ermetic in 2021 highlighted the prevalence of cloud data breaches and the importance of identity and access management, an area Ermetic focuses on. Tenable, which acquired Ermetic, was named a Leader in the IDC MarketScape for Worldwide Risk-Based Vulnerability Management Platforms 2023, with the report noting that the addition of Ermetic brings capabilities for managing excessive privileges in cloud environments into Tenable’s offerings. Tenable’s acquisition of Ermetic is also mentioned in an IDC Market Shares report where Tenable was ranked #1 in the Device Vulnerability Management market, noting the acquisition strengthens Tenable’s CNAPP offerings.

No specific recognitions for Ermetic by Everest Group were found in the provided search results. It is important to note that some search results refer to “Ermetix”, an Italian mobile security vendor, or “Everest Group” in the context of other companies or different market segments like Rewards and Recognition solutions or Industry 4.0 services, which are distinct from Ermetic’s cloud security focus.