Sweet.Security’s mission is to provide a resilient and intuitive cloud security solution that empowers security teams to effectively stop cloud attacks. The company aims to make cloud security “delightful” by offering a precise and relevant platform. Its primary goal is to unify detection, response, and risk management across applications, workloads, and infrastructure through a runtime-powered Cloud-Native Application Protection Platform (CNAPP). By leveraging AI and deep runtime context, Sweet.Security strives to filter out noise, detect sophisticated threats in real-time, and enable security teams to respond to incidents with speed and clarity.
Sweet.Security has established a strong market reputation as an innovator in the cloud security space. The company is recognized for its unique “boots on the cloud” approach, which provides actionable insights into critical cloud risks as they happen. It is considered a solid platform with strong support, and customers have reported exceptional experiences, noting the solution’s ability to provide instant value and enhance cloud security from day one. The company has garnered positive attention and has been recognized by industry analysts for its approach to runtime security.
Offerings, Capabilities, and Integrations
Sweet.Security provides a runtime-powered Cloud-Native Application Protection Platform (CNAPP) that unifies detection, response, and risk management across applications, workloads, and infrastructure. The company’s approach is to “shift cloud security right,” focusing on runtime to detect and stop cloud attacks as they happen. Sweet.Security’s platform leverages a lightweight eBPF-based sensor to provide deep runtime visibility and context without significant resource consumption. This technology enables the platform to analyze behavioral anomalies and provide actionable insights on incidents, vulnerabilities, and non-human identities. A key competitive edge is its ability to cut through the noise of alerts from passive API scans by focusing on real-time threats. The platform integrates with a wide array of SIEMs, SOARs, and notification and ticketing systems to streamline security workflows and response times. These integrations include tools like SumoLogic, Jira, Sentinel, and Slack. Recently, Sweet.Security has incorporated generative AI capabilities to classify workloads by business impact and generate incident response playbooks.
Products and Services
Sweet.Security’s core offering is its unified Cloud Native Detection and Response platform, which functions as a runtime-powered CNAPP. This platform integrates the capabilities of Application Detection and Response (ADR), Cloud Detection and Response (CDR), and Cloud Workload Protection Platform (CWPP). The company’s flagship product is its comprehensive runtime security suite. Specific products and services include:
- Unified Detection & Response: This service provides a unified view of attacks by correlating insights across cloud infrastructure, workloads, and applications to reduce mean time to resolution.
- Unified Cloud Visibility: It offers real-time insights into an environment’s connections, assets, and key production elements.
- Vulnerability Management: This product identifies exploitable vulnerabilities and detects real-time exploitation attempts, prioritizing them based on execution status and exposure.
- Cloud Identity Threat Detection & Response (ITDR): Sweet.Security monitors credentials, access patterns, and privilege misuse to detect, investigate, and respond to identity-based threats for both human and non-human identities.
- Runtime CSPM (Cloud Security Posture Management): This service monitors and remediates cloud misconfigurations in real-time, using contextual risk assessments to prioritize remediation.
- API Security: It provides a structured view of API activity to manage APIs, track usage patterns, and detect anomalies.
- AI-Powered Capabilities: A newer addition, this includes GenAI-powered workload classification for vulnerability prioritization and dynamically generated response playbooks to expedite incident response.
Target Customers
Sweet.Security’s target customers are organizations with cloud environments that require robust, real-time security. The company’s solutions are designed for security teams, including Security Operations Center (SOC), Incident Response (IR), DevSecOps, and Application Security (AppSec) teams. These customers benefit from Sweet.Security’s platform by gaining the ability to detect and neutralize real-time threats as they happen, significantly reducing the mean time to resolution for incidents. For example, customers have reported a 90% decrease in Mean Time to Resolution (MTTR). The platform helps security teams manage the complexity and vast attack surface of the cloud by providing precise, actionable insights and filtering out the noise of excessive alerts. Companies that have adopted Sweet.Security’s platform, such as PennyMac, have found it transforms how they manage vulnerabilities and secure their cloud workloads. The platform is available on the AWS Marketplace, indicating a focus on customers utilizing AWS infrastructure.
Cloud Integrations and Marketplaces
Sweet.Security offers a range of integrations with cloud providers and various security tools to streamline workflows and enhance threat detection and response. The company’s platform is also available on the AWS Marketplace.
- AWS: Sweet.Security provides comprehensive security for AWS environments, including support for Amazon EC2, Kubernetes (K8s), and ECS Fargate. Its platform integrates with AWS services like CloudTrail, CloudWatch, and GuardDuty to correlate data and provide deeper insights. Sweet.Security is available on the AWS Marketplace, allowing customers to purchase and deploy its solutions directly.
- Microsoft Azure: Sweet.Security integrates with Microsoft Azure to secure Azure environments. This includes protection for Azure Virtual Machines. The platform can connect with Microsoft Sentinel to manage security events within the Azure ecosystem.
- Google Cloud: Sweet.Security integrates with Google Cloud to secure Google Cloud environments, including support for Google Compute Engine. It can also connect with Google Chronicle for threat detection. As of now, Sweet.Security is not listed on the Google Cloud Marketplace.
Beyond the major cloud providers, Sweet.Security integrates with a variety of third-party tools to create a more unified security posture. These integrations span several categories:
- SIEM Integrations: Sweet.Security integrates with SIEM platforms like Sumo Logic, Microsoft Sentinel, and Google Chronicle to facilitate continuous monitoring and threat detection.
- Ticketing Systems: The platform connects with ticketing systems to automate the creation and tracking of security-related tasks.
- Notification Systems: Sweet.Security can send real-time alerts and notifications to channels like Slack, Microsoft Teams, email, and through Webhook and Syslog integrations.
- Security Workflows: It integrates with security automation platforms like Torq to automate incident response workflows.
- Privileged Access Management: Sweet.Security integrates with CyberArk for managing secrets and credentials securely.
- Code Security: The platform integrates with tools like Jit to manage and prioritize exploitable vulnerabilities.
Key People
- Co-Founder & CEO: Dror Kashti
- Co-Founder & CPO: Eyal Fisher
- Co-Founder & VP R&D: Orel Ben Ishay
- CTO: Tomer Filiba
- VP of Marketing: Noa Glumcher
- VP of Sales: Bryan Whorton
Key Facts
- Headquarters: Tel Aviv, Israel.
- Number of Employees: 51-200.
- Annual Revenue: Estimated $11.4M.
- Parent Company: None.
- Subsidiary Companies: None.
- Publicly Listed: No, the company is privately held.
Analyst Recognition
Sweet.Security has been recognized by the analyst group Gartner. Based on publicly available information, Sweet.Security is not currently featured in major reports by Forrester, IDC, or Everest Group.
- Gartner: Sweet.Security is cited as a Sample Provider for Runtime and Workload Security in a November 2023 Gartner report titled “Emerging Tech – Mitigate Advanced Persistent Threats in SaaS and Cloud”. The company is also included in the Cloud-Native Application Protection Platforms (CNAPP) category on Gartner’s Peer Insights platform.
- Forrester: There is no available information indicating that Forrester includes Sweet.Security in its technology category reports.
- IDC: There is no available information indicating that IDC includes Sweet.Security in its technology category reports.
- Everest Group: There is no available information indicating that Everest Group includes Sweet.Security in its technology category reports.
