Ermetic Unifies Automated Detection and Remediation of Risky Cloud Entitlements and Resource Configurations

Identity-first Cloud Infrastructure Security Platform Combines Full Lifecycle Approach for CIEM and CSPM in One Integrated Solution

PALO ALTO and TEL AVIV, Aug. 25, 2021 — Ermetic, the cloud infrastructure security company, today announced a new version of the Ermetic Platform that combines cloud infrastructure entitlement management (CIEM) and cloud security posture management (CSPM) in one unified, identity-first product. Customers can now use Ermetic to automate and centralize the detection and remediation of security risks associated with over privileged identities as well as misconfigurations that can expose cloud assets to data breaches.

A recent IDC survey found that 98% of organizations experienced a cloud data breach in the past 18 months, compared to 79% last year. Attackers typically compromise both cloud misconfigurations (i.e. databases exposed to the internet) and excessive access permissions to carry out ransomware campaigns and exfiltrate data. 

Combining CIEM and CSPM provides 365 degree context to automate the detection and remediation of cloud security risks. For example, understanding whether a sensitive data store is vulnerable to attack requires a holistic assessment of its access permissions, resource configuration and network configuration. 

 “Since the Ermetic Platform has deep visibility into all cloud resources to determine identity and permissions risk, we already provide many native CSPM capabilities,” said Shai Morag, CEO of Ermetic. “Our identity-first approach addresses the most difficult cloud security challenges, so extending our platform with CSPM for compliance, reporting and governance was a natural and easy next step.”

End-to-End, Identity-First Cloud Security

The integration of CIEM and CSPM addresses two key elements of cloud security: the detection and visualizing of attack vectors in cloud configuration and access permissions, and full stack visibility into identity entitlements and resource settings to understand and manage cloud risk. The Ermetic Platform combines the following complete set of capabilities in one unified product:

CIEM – Full Lifecycle Identity Governance

  • Governance of all human and service identities according to industry best practices and custom policies throughout the identity lifecycle
  • Full-stack analysis and visualization of permissions and effective access
  • Prioritization of risks according to full posture analysis
  • Automatic remediation through a variety of workflows and integrations
  • Overprovisioning alerts to enable Shift Left for DevOps and SRE teams
  • Anomaly detection based on behavioral analysis

CSPM – Cloud Resource Configuration Management

  • Asset inventory management
  • Resource configuration analysis
  • Network visualization and exposure
  • Compliance audit and reporting
  • Activity audit and investigation


The Ermetic Platform with integrated CIEM and CSPM capabilities is available immediately from Ermetic and its business partners worldwide. There is no additional cost for the new CSPM features.  

About Ermetic

Ermetic helps prevent breaches by reducing the attack surface of cloud infrastructure and enforcing least privilege at scale in the most complex environments. The Ermetic SaaS platform is an identity-first security solution that provides holistic, multicloud protection using advanced analytics to continuously analyze and remediate risks associated with permissions, configurations and behavior across the full cloud infrastructure stack. The company is led by proven technology entrepreneurs whose previous companies have been acquired by Microsoft, Palo Alto Networks and others. Ermetic has received funding from Accel, Glilot Capital Partners, Norwest Venture Partners and Target Global. Visit us at and follow us on LinkedIn, Twitter and Facebook


The post Ermetic Unifies Automated Detection and Remediation of Risky Cloud Entitlements and Resource Configurations appeared first on Ermetic.

*** This is a Security Bloggers Network syndicated blog from Ermetic authored by Ermetic Team. Read the original post at: