When Brigadier-General and chief information security officer Dror Kashti was assigned to lead the digital transformation efforts of the Israel Defense Force (IDF), he discovered a gaping hole: Existing cloud runtime solutions cannot protect organizations against a breach, leaving them open to and unprepared for attacks against live systems.

Fast forward to his 2022 release from the military, and Kashti teamed up with two other veterans of elite Israeli military technology units to build a cloud-native runtime security suite designed to stop cloud workload attacks, quickly and with surgical precision.

The technology they developed evolved this year into Sweet Security, which is now emerging from stealth, backed by $12 million in seed funding led by Israel’s Glilot Capital Partners, with participation from key angel investors. Sweet’s Cloud Runtime Suite provides security and cloud teams with robust attack detection and response capabilities, as well as full visibility into the state of cloud workloads, which enables security teams to further harden their environments.

“You need technological boots on the ground to detect unfolding attacks, you need workload presence to protect you,” said Kashti, who spent more than 20 years in the IDF’s fabled 8200 cybersecurity unit. “It’s much the same as the physical security in your home. You put up high walls to protect your house and keep attackers from entering, but you also need a CCTV system inside the walls in case they’re breached.”

What sets Sweet apart is its unique detection framework and bottom-line approach for cloud detection and response. Sweet’s technology creates a customer-specific behavioral baseline to profile workload anomalies and contextualize them with additional tactics, techniques and procedures, cloud provider logs and APIs. It backs up attack narratives with actionable insights that security teams can view at a glance.

Leveraging an eBPF-based sensor, Sweet’s platform can attain cloud-native cluster visibility and stream key application data and business logic to its servers. Deployment takes less than 5 minutes. 

Traditional runtime solutions were not built with a focus on threat detection and response, and TD&R solutions were not built for the cloud, where some 45% of enterprise breaches happen (IBM, 22’).

“Most solutions until now ‘shifted left’ to secure development environments, on the assumption that it’s better to take preventive measures,” Kashti said, referring to the process of integrating security measures in the early stages of the development process.

“But because attacks only unfold in runtime, we decided to shift cloud security right, to look at cloud attacks in real time, as they take place. Retrofitting to the cloud is not enough, security teams need cloud-native solutions to secure cloud-native environments.”

Migrating to the cloud requires more than just lift and shift, Kashti said.

“It’s more like lift, adapt and shift,” Kashti said. “When I looked at how to do that for the IDF, I had to take into account that at some point we would be breached, so we would need a security tool. I couldn’t find an effective tool for that, either because existing detection tools provide limited functionality or because they aren’t optimized for the cloud.”

“Because our technology is cloud native and we developed a patent-pending approach to identifying anomalies, we believe we offer the best detection out there,” he added. “We can understand what’s happening in the cloud, identify the impending attack and avert it in real time.”

Kashti said there are “very interesting” strategic partnerships in the pipeline, and a number of international proof of concept demonstrations in progress with companies in the banking, insurance, security and crypto sectors. Some are cloud native, and others are in the process of digital transformation, he said.

“Sweet’s vision for cloud runtime security is spot on, with a deep understanding of how cloud attacks unfold, and critically, enables defenders to be much more effective at containing them,” said Srinath Kuruvadi, Managing Director, Head of Cloud Security, JPMorgan Chase & Co.

Sweet was founded only seven months ago, with co-founders Eyal Fisher, former head of the Cyber Department at Unit 8200, and Orel Ben-Ishay, former head of cybersecurity research and development group at Unit 81, a top-tier military intelligence technology unit.

Sweet Security founders (L-R): Eyal Fisher, Dror Kashti, Orel Ben-Ishay