Israeli cloud cybersecurity startup Mesh Security has announced a $4.5 million seed round with the Zero Trust Posture Management (ZTPM) solution. Mesh Security makes it simple for companies to implement a Zero Trust Architecture (ZTA) security in the cloud.
Additionally, Mesh reveals a security risk in identity platform Okta and over 100 other vendors, allowing attackers to bypass MFA or impersonate, exposing companies’ sensitive data and potential business disruption.
The hyperconnectivity created by the expansion of work-from-anywhere, cloud infrastructures, and SaaS applications has increased the attack surface and business risk. To address these threats, many organizations, including the US government, have begun implementing Zero Trust architectures to modernize their cybersecurity programs and attempt to diminish the impact of cyberattacks.
Research by Microsoft revealed that 96% of security leaders stated that Zero Trust is critical to their organization’s success.
However, though Zero Trust principles are simple — verifying every single digital interaction, limiting access to the least possible privilege, and assuming that the system might already be breached — organizations face gaps in applying and monitoring them across a multi-vendor stack, different cloud environments, and applications.
Last June, Gartner predicted that most companies that try to implement Zero Trust “will fail to realize the benefits.”
“You can’t just buy Zero Trust,” said Omri Hering, co-founder, and CTO of Mesh Security. “It’s a strategy, a new approach to cybersecurity. But there’s so much marketing noise around it that creates confusion among CISOs and IT leaders. Ironically, many so-called ‘Zero Trust plug-and-play’ point solutions create more complexity, silos, and blindspots that negate true Zero Trust.”
Mesh is the Zero Trust Posture Management (ZTPM) SaaS platform, that empowers companies to implement a unified Zero Trust Architecture on top of their existing stack. Without using agents, Mesh maps a company’s cloud XaaS estate, providing visibility and analysis of the current Zero Trust posture.
The platform prioritizes sensitive assets and critical risks and allows organizations to build automated processes to bridge any gaps that enable continuous security and compliance.
Additionally, Mesh monitors anomalous activities in real-time and can automatically take action when assets might be under attack.
As part of its mission to help organizations to realize Zero Trust in the cloud, Mesh announced its discovery of “Cookeys” – a MFA bypass and impersonation risks in more than 100 different vendors, including Okta.
These security risks result from improper session cookie validation that can give an attacker full access to resources from anywhere in the world, leaving a gaping hole in an organization’s Zero Trust posture.
Okta responded that “it’s not an Okta service-specific vulnerability”. Among the list are several leading Zero Trust vendors that do not follow the fundamental principle of Zero Trust: every system should explicitly verify every digital interaction.
Mesh’s ZTPM solution detects and prevents identity threats, such as the Cookeys risk, across the company’s cloud estate.
Mesh Security was founded by Netanel Azoulay and Omri Hering, who shared 15 years of experience designing distributed cloud networks during their military service. They researched cybersecurity from a defensive and offensive standpoint, giving them an understanding of both sides of the cybersecurity landscape.
Mesh was founded in early 2022 with a fast-growing team based in Tel Aviv. Working with its first customers, the company is expanding in the US and Europe.
“We spoke with so many companies that are trying but failing to implement Zero Trust comprehensively,” said Netanel Azoulay, co-founder and CEO of Mesh Security.
“Data, multi-cloud, applications, processes, environments, workloads, identities, networks, and more… Zero Trust in the cloud-first era is daunting. We purpose-built Mesh to provide a secure foundation for the Zero Trust journey, cutting through the noise and organizational silos to provide the continuous visibility, control, and protection needed to never trust and always verify, everywhere in a company’s cloud estate.”, Azoulay continued.
The seed round was led by Booster Ventures with the participation of additional investors.