Cloud identity tracking firm Permiso has raised $18 million in a Series A funding round led by Altimeter Capital with participation from Point72 Ventures.
Permiso creates ‘meta’ identities (an aggregated universal identity that accounts for different allowed entry methods and permissions) for all authorized users, and then tracks that user within cloud networks.
It also provides a detection platform able to detect and predict the likely behavior of ‘bad’ identities. This combination of user recognition, known permissions, and predictable malicious behavior allows the defender to get ahead of the adversary while an attack is in progress but before serious damage can be done.
Key to this is a detection library, which is continuously updated and expanded, and has been a primary area of focus for Permiso since it emerged from stealth in January 2022 with $10 million seed funding. “At the time of our seed funding,” explained co-CEO Jason Martin, “we had some rudimentary baseline detections – maybe 40 to 50 detection signals. Now we have more than 1,000.”
The detection signals (effectively a behavioral indication that something bad may be in progress) are all compiled in-house rather than purchased from a third-party company.
Martin uses the term ‘storytelling’ to describe how Permiso operates. By tracking identities as they are used, the firm can create a story, almost a forensic history, for that user. “When we plug into an environment, we are able to retroactively ingest data, and build the story of what happened. We can say, tell me everything this user did in this cloud over the last 30 days.” That helps the firm generate a new ‘detection’ of bad behavior at its earliest recognizable appearance.
Although a new firm, Permiso has already been used in forensic situations, and has learnt new detections through this storytelling technique from forensic analyses. Those new detections then become available to all its own customers. Of course, in such a scenario (when Permiso is asked to help the forensic analysis of a victim company) the discovered detection cannot help that historical victim. Permiso relies more heavily on a forensic analysis of its own honeypots to help safeguard its own current customers. When one of these honeypots is compromised, Permiso can plug in and learn the earliest point at which bad behavior could be detected. This then becomes an entry in its library of detection signals.
“We don’t think in product acronyms when figuring out what detections to build – we observe threat actors in the cloud and follow them wherever they go to build detections in our product that find threat actors quickly and help our customers sleep better at night,” said Ian Ahl, SVP of Permiso’s cloud security research group P0 Labs (and former head of the Mandiant advanced practices and adversary methods team).
Because of this, Permiso can recognize the earliest sign of potential danger – even with apparently legitimate identities that accessed the system with stolen credentials – at the very moment the identity deviates from the expected permissible behavior. It can generate a genuine alert to the SOC as it happens and before ensuing harm is done.
The seed round from two years ago effectively funded the huge expansion of Permiso’s detection library. “We built for three and a half years without trying to sell a single cent to anybody,” said Martin. “We just wanted to build amazing technology in anticipation of these attacks gaining traction; and we’ve seen that in the last year. So, now we’re more broadly focused on making our technology available to people and more known to people.”
The new money will be used, he explained, “On hiring a go-to-market team to focus on enterprise sales, and then expanding our P-Zero Labs team. This is the brains behind our intel and data analysis, and our data science models. And we’ll be expanding engineering to support the depth and breadth of the platform so we can cover more technologies with our approach.”
Related: Strata Raises $26 Million for Multi-Cloud Identity Management Platform
Related: AuthMind Scores $8.5M Seed Funding for ITDR Tech
Related: Sysdig Introduces CNAPP With Realtime CDR
Related: Investors Place Early $4 Million Bet on Stack Identity
