Identity threat detection and response startup Permiso Security Inc. today announced that it has raised $18.5 million in new funding to expand integrations and introduce new product capabilities to enhance cloud security for its customers.

Founded in 2020, Permiso offers an identity-based cloud detection and response solution for cloud infrastructures. The company’s service protects identities in a modern digital enterprise by creating a “single pane of glass” for identities across identity providers, cloud service providers, software-as-a-service apps and infrastructure as code solutions to find the riskiest actors in a given environment.

Permiso argues that tracking threat actor activity across authentication boundaries poses serious challenges for security teams. By tracking all entities that are configured to access an environment, whether through federation, role assumption, access tokens or direct login, Permiso says, its runtime graph and activity analysis engine creates high-fidelity alerts with immediate attribution and context.

To deliver on its promise, Permiso creates a composite “meta” identity to unify disparate human and nonhuman identities within an enterprise and then synthesize their runtime activity across the cloud’s attack surface. The result is that Permiso constructs user sessions from disparate runtime events, providing security teams with the answer to the question, “What happened in my environment and should I be concerned?”

“Over the course of many of their campaigns, threat actor groups have demonstrated how they are able to target the identity provider and move seamlessly from the IDP to cloud hosting providers and into SaaS and CI/CD environments,” said co-founder and Chief Executive Jason Martin. “By correlating runtime activity across boundaries with static, posture-based information, Permiso can not only help organizations find evil across their cloud environments more quickly than ever but also use our run-time graph data to make better decisions around control improvements needed to secure their human and nonhuman identities.”

Since emerging in 2022, Permiso has seen strong growth and counts among its customers Autodesk Inc., Nutanix Inc., Coupa Software Inc., ACV Auctions Inc. and Modern Health Inc.. The company assisted multiple casino groups in defending their systems following attacks on MGM Resorts International Inc. and Ceasars Entertainment Inc. last year.

Altimeter Capital Management LP led the Series A round, with Point72 Ventures LLC also participating. Including the new funding, Permiso has raised $28.5 million to date.

Pemiso was last in the news on March 7 when it launched CloudGrappler, an open-source tool designed to help security teams quickly detect threat actors in their Microsoft Corp. Azure and Amazon Web Services Inc. environments. The tool is freely available on GitHub and allows users to define the data sources they want to scope in their scan.

Image: Permiso