Connect with us

Hi, what are you looking for?


Cloud Security

Cloud Threat Detection Firm Permiso Raises $18 million

Cloud security firm provides a detection platform able to detect and predict the likely behavior of ‘bad’ identities.

Cloud identity tracking firm Permiso has raised $18 million in a Series A funding round led by Altimeter Capital with participation from Point72 Ventures.

Permiso creates ‘meta’ identities (an aggregated universal identity that accounts for different allowed entry methods and permissions) for all authorized users, and then tracks that user within cloud networks. 

It also provides a detection platform able to detect and predict the likely behavior of ‘bad’ identities. This combination of user recognition, known permissions, and predictable malicious behavior allows the defender to get ahead of the adversary while an attack is in progress but before serious damage can be done. 

Key to this is a detection library, which is continuously updated and expanded, and has been a primary area of focus for Permiso since it emerged from stealth in January 2022 with $10 million seed funding. “At the time of our seed funding,” explained co-CEO Jason Martin, “we had some rudimentary baseline detections – maybe 40 to 50 detection signals. Now we have more than 1,000.”

The detection signals (effectively a behavioral indication that something bad may be in progress) are all compiled in-house rather than purchased from a third-party company. 

Martin uses the term ‘storytelling’ to describe how Permiso operates. By tracking identities as they are used, the firm can create a story, almost a forensic history, for that user. “When we plug into an environment, we are able to retroactively ingest data, and build the story of what happened. We can say, tell me everything this user did in this cloud over the last 30 days.” That helps the firm generate a new ‘detection’ of bad behavior at its earliest recognizable appearance. 

Although a new firm, Permiso has already been used in forensic situations, and has learnt new detections through this storytelling technique from forensic analyses. Those new detections then become available to all its own customers. Of course, in such a scenario (when Permiso is asked to help the forensic analysis of a victim company) the discovered detection cannot help that historical victim. Permiso relies more heavily on a forensic analysis of its own honeypots to help safeguard its own current customers. When one of these honeypots is compromised, Permiso can plug in and learn the earliest point at which bad behavior could be detected. This then becomes an entry in its library of detection signals.

“We don’t think in product acronyms when figuring out what detections to build – we observe threat actors in the cloud and follow them wherever they go to build detections in our product that find threat actors quickly and help our customers sleep better at night,” said Ian Ahl, SVP of Permiso’s cloud security research group P0 Labs (and former head of the Mandiant advanced practices and adversary methods team).

Advertisement. Scroll to continue reading.

Because of this, Permiso can recognize the earliest sign of potential danger – even with apparently legitimate identities that accessed the system with stolen credentials – at the very moment the identity deviates from the expected permissible behavior. It can generate a genuine alert to the SOC as it happens and before ensuing harm is done.

The seed round from two years ago effectively funded the huge expansion of Permiso’s detection library. “We built for three and a half years without trying to sell a single cent to anybody,” said Martin. “We just wanted to build amazing technology in anticipation of these attacks gaining traction; and we’ve seen that in the last year. So, now we’re more broadly focused on making our technology available to people and more known to people.”

The new money will be used, he explained, “On hiring a go-to-market team to focus on enterprise sales, and then expanding our P-Zero Labs team. This is the brains behind our intel and data analysis, and our data science models. And we’ll be expanding engineering to support the depth and breadth of the platform so we can cover more technologies with our approach.”

Related: Strata Raises $26 Million for Multi-Cloud Identity Management Platform

Related: AuthMind Scores $8.5M Seed Funding for ITDR Tech

Related: Sysdig Introduces CNAPP With Realtime CDR

Related: Investors Place Early $4 Million Bet on Stack Identity

Written By

Kevin Townsend is a Senior Contributor at SecurityWeek. He has been writing about high tech issues since before the birth of Microsoft. For the last 15 years he has specialized in information security; and has had many thousands of articles published in dozens of different magazines – from The Times and the Financial Times to current and long-gone computer magazines.


Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.


SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.


People on the Move

Shay Mowlem has been named CMO of runtime and application security company Contrast Security.

Attack detection firm Vectra AI has appointed Jeff Reed to the newly created role of Chief Product Officer.

Shaun Khalfan has joined payments giant PayPal as SVP, CISO.

More People On The Move

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Cybersecurity Funding

SecurityWeek investigates how political/economic conditions will affect venture capital funding for cybersecurity firms during 2023.

CISO Conversations

SecurityWeek talks to Billy Spears, CISO at Teradata (a multi-cloud analytics provider), and Lea Kissner, CISO at cloud security firm Lacework.

Cloud Security

Cloud security researcher warns that stolen Microsoft signing key was more powerful and not limited to and Exchange Online.

Cyber Insurance

Cyberinsurance and protection firm Boxx Insurance raises $14.4 million in a Series B funding round led by Zurich Insurance.

CISO Strategy

Okta is blaming the recent hack of its support system on an employee who logged into a personal Google account on a company-managed laptop.

Cybersecurity Funding

2022 Cybersecurity Year in Review: Top news headlines and trends that impacted the security ecosystem

Cybersecurity Funding

Network security provider Corsa Security last week announced that it has raised $10 million from Roadmap Capital. To date, the company has raised $50...