Israeli cloud cybersecurity startup Mesh Security left stealth today and announced a $4.5 million seed round with the industry’s first Zero Trust Posture Management (ZTPM) solution. Mesh Security makes it simple for companies to implement a comprehensive Zero Trust Architecture (ZTA) security in the cloud. Additionally, Mesh reveals a broad security risk in identity platform Okta and over 100 other vendors, allowing attackers to bypass MFA or impersonate, exposing companies’ sensitive data and potential business disruption.
The hyperconnectivity created by the massive expansion of work-from-anywhere, cloud infrastructures, and SaaS applications has dramatically increased the attack surface and business risk. To address these threats, many organizations, including the US government, have begun implementing Zero Trust architectures to modernize their cybersecurity programs and attempt to diminish the impact of cyberattacks. Research by Microsoft revealed that 96% of security leaders stated that Zero Trust is critical to their organization’s success.
Also Read: NNAISENSE Launches EvoTorch, the World’s Most Advanced Evolutionary Algorithm Library
However, though Zero Trust principles are simple — verifying explicitly every single digital interaction, limiting access to the least possible privilege, and assuming that the system might already be breached — organizations face gaps in applying and monitoring them robustly and consistently across a multi-vendor stack, different cloud environments, and applications. Last June, Gartner predicted that most companies that try to implement Zero Trust “will fail to realize the benefits.”
“You can’t just buy Zero Trust,” said Omri Hering, co-founder, and CTO of Mesh Security. “It’s a strategy, a new approach to cybersecurity. But there’s so much marketing noise around it that creates confusion among CISOs and IT leaders. Ironically, many so-called ‘Zero Trust plug-and-play’ point solutions create more complexity, silos, and blindspots that negate true Zero Trust.”
Mesh is the industry’s first complete Zero Trust Posture Management (ZTPM) SaaS platform, a single source of truth that empowers companies to implement a unified Zero Trust Architecture on top of their existing stack. Without using agents, Mesh effortlessly and seamlessly maps a company’s entire cloud XaaS estate in minutes, providing full contextual visibility and analysis of the current Zero Trust posture.
The platform immediately prioritizes sensitive assets and critical risks and allows organizations to build automated processes to bridge any gaps that enable continuous security and compliance. Additionally, Mesh monitors anomalous activities in real-time and can automatically take action when assets might be under attack.
As part of its mission to help organizations to realize Zero Trust in the cloud, Mesh announced its discovery of “Cookeys” – a broad MFA bypass and impersonation risks in more than 100 different vendors, including Okta. These security risks result from improper session cookie validation that can give an attacker full access to mission-critical resources from anywhere in the world, leaving a gaping hole in an organization’s Zero Trust posture. Okta responded that “it’s not an Okta service-specific vulnerability”. Among the list are several leading Zero Trust vendors that surprisingly do not follow the first fundamental principle of Zero Trust: every system should explicitly verify every digital interaction. Mesh’s ZTPM solution detects and prevents identity threats, such as the Cookeys risk, across the company’s cloud estate. (Read the report here)