Mesh implements Zero Trust principles across a company’s XaaS estate in minutes
Israeli cloud cybersecurity startup Mesh Security left stealth today and announced a $4.5 million seed round with the industry’s first Zero Trust Posture Management (ZTPM) solution. Mesh Security makes it simple for companies to implement a comprehensive Zero Trust Architecture (ZTA) security in the cloud. Additionally, Mesh reveals a broad security risk in identity platform Okta and over 100 other vendors, allowing attackers to bypass MFA or impersonate, exposing companies’ sensitive data and potential business disruption.
The hyperconnectivity created by the massive expansion of work-from-anywhere, cloud infrastructures, and SaaS applications has dramatically increased the attack surface and business risk. To address these threats, many organizations, including the US government, have begun implementing Zero Trust architectures to modernize their cybersecurity programs and attempt to diminish the impact of cyberattacks. Research by Microsoft revealed that 96% of security leaders stated that Zero Trust is critical to their organization’s success.
However, though Zero Trust principles are simple — verifying explicitly every single digital interaction, limiting access to the least possible privilege, and assuming that the system might already be breached — organizations face gaps in applying and monitoring them robustly and consistently across a multi-vendor stack, different cloud environments, and applications. Last June, Gartner predicted that most companies that try to implement Zero Trust “will fail to realize the benefits.”
“You can’t just buy Zero Trust,” said Omri Hering, co-founder, and CTO of Mesh Security. “It’s a strategy, a new approach to cybersecurity. But there’s so much marketing noise around it that creates confusion among CISOs and IT leaders. Ironically, many so-called ‘Zero Trust plug-and-play’ point solutions create more complexity, silos, and blindspots that negate true Zero Trust.”
Mesh is the industry’s first complete Zero Trust Posture Management (ZTPM) SaaS platform, a single source of truth that empowers companies to implement a unified Zero Trust Architecture on top of their existing stack. Without using agents, Mesh effortlessly and seamlessly maps a company’s entire cloud XaaS estate in minutes, providing full contextual visibility and analysis of the current Zero Trust posture.
The platform immediately prioritizes sensitive assets and critical risks and allows organizations to build automated processes to bridge any gaps that enable continuous security and compliance. Additionally, Mesh monitors anomalous activities in real-time and can automatically take action when assets might be under attack.
As part of its mission to help organizations to realize Zero Trust in the cloud, Mesh announced its discovery of “Cookeys” – a broad MFA bypass and impersonation risks in more than 100 different vendors, including Okta. These security risks result from improper session cookie validation that can give an attacker full access to mission-critical resources from anywhere in the world, leaving a gaping hole in an organization’s Zero Trust posture. Okta responded that “it’s not an Okta service-specific vulnerability”. Among the list are several leading Zero Trust vendors that surprisingly do not follow the first fundamental principle of Zero Trust: every system should explicitly verify every digital interaction. Mesh’s ZTPM solution detects and prevents identity threats, such as the Cookeys risk, across the company’s cloud estate. (Read the report here)
Mesh Security was founded by Netanel Azoulay and Omri Hering, who shared 15 years of experience designing resilient distributed cloud networks during their military service. They researched cybersecurity from a defensive and offensive standpoint, giving them a unique understanding of both sides of the cybersecurity landscape. Mesh was founded in early 2022 with a fast-growing team based in Tel Aviv. Working with its first customers, the company is expanding rapidly in the US and Europe.
“We spoke with so many companies that are trying but failing to implement Zero Trust comprehensively,” said Netanel Azoulay, co-founder and CEO of Mesh Security. “Data, multi-cloud, applications, processes, environments, workloads, identities, networks, and more… Zero Trust in the cloud-first era is daunting. We purpose-built Mesh to provide a secure foundation for the Zero Trust journey, cutting through the noise and organizational silos to provide the continuous visibility, control, and protection needed to never trust and always verify, everywhere in a company’s cloud estate.”
The seed round was led by Booster Ventures with the participation of additional investors.