Sweet Security raises $12M in seed funding to provide a real-time cloud-native security suite for businesses

Sweet Security, a Tel Aviv Israel-based cloud security startup, emerged from stealth today with a $12 million seed funding to provide a real-time cloud-native security suite for businesses and help security teams quickly stop cloud workload attacks.

Glilot Capital Partners took the lead in the funding round, joined by CyberArk Ventures and a group of angel investors. Notable names among the angels include Gerhard Eschelbeck, previously a CISO at Google, and Travis McPeak, who headed product security at Databricks.

Sweet Security was co-founded by security experts Dror Kashti, who served as the former CISO of the Israel Defence Forces (IDF), Eyal Fisher, previously in charge of the Cyber Department at IDF’s Unit 8200, and Orel Ben-Ishay, who headed cybersecurity at IDF’s R&D group Unit 81.

The inspiration for Sweet Security started when Sweet CEO and co-founder Dror Kashti was leading the IDF’s digital transformation effort. He found that while securing development environments is crucial, current cloud runtime security solutions fall short in preparing companies for breaches. Despite the emphasis on shifting cloud security earlier, attacks primarily occur during runtime. What companies truly need are technological tools “on the ground” to identify these attacks. Existing detection tools are either too limited in function or not well-suited for the cloud. Defenders require cloud-native runtime protections that offer a complete storyline to comprehend and thwart attacks as they happen.

Sweet co-founders (left to right): Eyal Fisher, Dror Kashti, and Orel Ben-Ishay (Credit: Sweet Security)

“I needed to sign the security paragraph of this project,” Kashti said. “As a CISO, you don’t have any insurance policy. You need to manage your risk. […] But I couldn’t find any good tools for detect and response in real-time in the cloud. I looked for half a year and I couldn’t find anything.” So, upon retiring from the IDF, Kashti reached out to Fisher, and the two joined forces to tackle this challenge.

Unlike other cloud security tools currently on the market, Sweet’s Cloud Runtime Security Suite empowers CISOs and security teams to elevate their cloud security from partial defense to a comprehensive shield. Covering every stage of an attack, its features encompass Detection & Response, Discovery, and Prevention – all in real time. The swift deployment of Sweet’s runtime sensor, within five minutes, offers immediate cloud-native cluster visibility. It continuously streams vital application data and business logic to its servers, utilizing an innovative framework to identify anomalies in workload behavior and contextualize them alongside traditional TTPs.

With Sweet’s contemporary attack detection model and patent-pending auto-learning technology, critical and thorough attack findings are swiftly delivered, allowing mitigation before, during, and after attacks. This equips CISOs with the necessary technical foundation to ensure cloud security accountability. Furthermore, it enables the refreshment of corporate SOC and IR procedures for cloud-native environments, facilitating a seamless transition into cloud adoption and digital transformation.

For security teams, Sweet presents an essential set of runtime tools, including a fully contextualized attack narrative at a glance. This is reinforced by comprehensive response capabilities, detailed runtime topology, and the ability to prioritize DevSecOps remediation efforts.

“As a large, cloud-first company, our business relies on our ability to protect our customers’ digital assets. We needed a runtime security suite that matched our scale, speed, and technology,” said Michael Shaulov, co-founder and CEO, Fireblocks. “Sweet’s technology provides real-time security detection & prevention capabilities to our cloud workloads and, importantly, with minimal business interruption. Its insights on connectivity, visibility to our cloud’s topology, and automatic classification of real-time threats is a force multiplier to our Security Operation Center and our DevSecOps teams.”

“Sweet’s vision for cloud runtime security is spot on, with a deep understanding of how cloud attacks unfold, and critically, enables defenders to be much more effective at containing them,” said Srinath Kuruvadi, Managing Director, Head of Cloud Security, JPMorgan Chase & Co. “Attacks against cloud workloads are only going to increase in frequency and sophistication. The industry needs comprehensive security solutions to face them and Sweet is driving this shift with its extraordinary vision and expertise.”

“Investing in Sweet Security was a no-brainer,” said Kobi Samboursly, Founding Partner, Glilot Capital Partners. “First, it’s addressing an increasingly problematic cloud security gap – cloud runtime defense. Second, Dror, Eyal and Orel bring superpowers to the table: the depth and breadth of their cloud security expertise and their ability to build and mentor talented, high-performing teams. Sweet is off to a great start and we look forward to supporting its success.”

“‘Cybersecurity’ and ‘delightful’ are not words that normally go hand in hand, but we want our customers to use them in the same sentence when talking about our solution,” said Dror Kashti, co-founder and CEO, of Sweet Security. “We feel our timing is right to make that happen. If SOC and IR teams don’t have to constantly tune their security products or sift through mountains of alerts, they’ll execute at a higher level, and they’ll be happier. Cloud detection and response may be complex, but it doesn’t have to be painful.”