The cloud is the new frontline for cyberattacks. To win the battle, we need real time visibility into what is happening on the cloud from early detection through to remediation. Raj Chopra, Senior Vice President and Chief Product Officer, Cisco Security
It’s been quite a year.
Since launching in early 2023, we’ve dramatically scaled ARR by helping secure cloud operations for dozens of global enterprises across diverse verticals, including financial services, healthcare, manufacturing, hospitality, and others.
We’re also honored to have been recognized by Gartner® as a Cool Vendor™ for the Modern Security Operations Center, as well as a Sample Vendor for Cloud Investigation and Response Automation (CIRA).
But we still have a long and exciting journey ahead of us. That is why I'm thrilled to announce that Cisco Investments has made a strategic investment in Gem, joining our other investor partners including GGV Capital, IBM Ventures, Silicon Valley CISO Investments (SVCI), and Team8.
Cloud Pain Points
One of the major challenges in current cloud environments is the lack of real-time visibility with security context. Without the ability to see what is happening in these environments, it becomes difficult to answer basic questions about user activities, their intentions, and the methods they are using. This lack of visibility can create opportunities for malicious activity to go unnoticed and can lead to late threat detection, only being discovered after significant damage has already been done. Gem recognizes this need for faster and more efficient incident analysis and response in real-time, offering a solution that helps prevent further damage. Alon Weinberg, Director, Cisco Investments
These themes were clear in Cisco’s 2023 CISO Survival Guide: Emerging Trends from the Startup Landscape. In the report, 74% of CISOs identified investigation capabilities and lack of visibility in the cloud as top technology challenges. Other top pain points include high spend on cloud security monitoring with no visible ROI, cutting through the noise from multiple cloud logs, and lack of cloud security skills and expertise.
Addressing the Real-Time Needs of SecOps Teams for Resiliency
This investment by Cisco validates our mission to address the real-time needs of SecOps teams and incident responders challenged by the massive scale, complexity, and dynamic nature of multi-cloud infrastructures.
While traditional cloud security solutions focus on the “shift-left” needs of DevOps teams for managing vulnerabilities, misconfigurations, and compliance, Gem has developed a purpose-built, “right of boom” solution that helps SecOps teams rapidly detect, investigate, and contain cloud threats in real-time. This approach is key to enhancing security and resiliency for the cloud infrastructures upon which modern businesses depend.
The need for continuous activity monitoring in the cloud has become particularly critical now that identity-based threats have become the #1 initial access vector for cloud attacks. No matter how diligent you are in managing your security posture and hygiene, it won’t stop an attacker from using valid (but stolen) credentials to compromise your cloud environment.
Accelerating Detection and Incident Response for the Cloud Era
Gem’s agentless cloud detection and response (CDR) platform was designed from the ground-up for SecOps teams, while integrating with existing SOC tools including SIEM, SOAR, XDR, and ticketing.
Built on a high-performance data lake architecture for scalability and cost-effectiveness, the platform programmatically ingests and correlates cloud telemetry across all major cloud providers (AWS, Azure, GCP), identity providers (Okta, Azure AD, Google Workspace, etc.), and other SaaS platforms.
Gem uses a novel combination of both out-of-the-box detection logic and behavioral analytics to detect threats and reduce alert noise. Alerts are automatically enriched with context from other data sources including IAM, EDR, and CSPM/CWPP.
When a suspicious activity occurs, Gem automatically creates a visual investigation timeline and blast radius map showing everything that happened before, during, and after the alert – delivering the full story of a multi-stage attack in minutes versus hours or days of manual queries by an analyst. This significantly reduces Mean Time to Respond (MTTR).
SOC teams can then immediately contain attacks using automated pre-built actions such as deleting users, isolating compromised instances, and taking forensic snapshots.
Spanning the Detection and Response Lifecycle
Gem holistically addresses the entire cloud detection and incident response lifecycle, from detection to investigation and containment. This includes an emerging category that Gartner calls Cloud Investigation and Response Automation (CIRA).
Gem’s CIRA-specific capabilities include forensically collecting, analyzing, and correlating log events to confirm threats and identify root cause. Additionally, Gem delivers out-of-the-box knowledge of what to collect for optimum visibility and ROI – and how to collect it – across the entire cloud attack surface (control, identity, compute, data, networking, serverless, Kubernetes) and across all accounts, subscriptions, and projects in the organization.
Expanding our Reach with Cisco
With the backing of Cisco and our other investor partners, Gem is poised to continue innovating and expanding our reach in the market, further solidifying our position as the best-in-class provider of Cloud Detection and Response solutions. This strategic partnership with Cisco not only validates our approach and technology, but also opens up new avenues for collaboration and innovation. With Cisco’s support, Gem is more equipped than ever to bring the multi-layered, assume-breach approach into the cloud.
GARTNER, COOL VENDORS and HYPE CYCLE are registered trademarks of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved. Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.