Zest Security, a NYC-based provider of an AI-powered cloud risk resolution platform that aims to eliminate enterprise cloud security risks at scale, has just raised a seed round of $5m. In conjunction with the announcement, CEO Snir Ben Shimol replied to our questions about the new startup, the product, the funding, and future plans.
FinSMEs: Hi Snir, can you tell us a bit more about yourself? What’s your background?
I’m Snir Ben Shimol, CEO and co-founder of ZEST security, which I founded just eight months ago to solve a big problem within a new market. Both me and my co-founder, Uri Aronovoci, are former Israeli intelligence and collectively have over 25 years of leadership and hands-on experience in cloud, product and application security. Over the past 15 years, I’ve held various leadership roles in enterprise technology, product management and security services. Before ZEST, I was one of the founding members and the CSO at Cider Security. At Cider, we built the first AppSec OS and took the company from seed to acquisition in just two years – the company was acquired by Palo Alto for over $300M. Prior to that, I built the global cyber security practice at Varonis, generating a yearly revenue of over $200M from the product and services line.
FinSMEs: Let’s speak about ZEST Security. What is the market problem you want to solve? What is the real opportunity?
Today’s security stack is very rich in identifying cloud risks, vulnerabilities and misconfigurations, but when it comes to remediation, it’s extremely manual, time consuming and in some cases, impossible. Resolving cloud risks requires security teams to closely collaborate with DevOps, as they are the only team that can actually apply the changes. Once a potential risk is identified, it can take weeks of back-and-forth triage between teams to validate the risk, uncover the root cause and determine the best path to resolution (remediation, mitigation, code change, etc.).
To put this into perspective, on average, it takes organizations 30-60 days to remediate a single cloud security misconfiguration and 80% of resolved risks resurface shortly after remediation. Lack of effective remediation is not only costing organizations millions of dollars per year in operational spending, it has also directly contributed to a drastic increase in successful exploitation of known cloud risks (vulnerability exploitation remains the top initial access vector and cloud misconfigurations are the main enabler for advanced tactics, including lateral movement and more, according to Mandiant, Google and others).
We founded ZEST to bridge the gap that exists between identifying cloud security risks and resolving them, whether that’s mitigation using existing tools, or preventative remediation using Infrastructure as Code (IaC).
FinSMEs: What are the features differentiating the product from competitors?
The majority of vendors in the larger market are focused on preventing, identifying and prioritizing cloud risks. ZEST is the only platform focused on cloud risk resolution, offering preventative remediation and mitigation paths to enable security teams to finally level the playing field with attackers.
ZEST’s main product differentiators include:
- AI-Generated Resolution Paths: The platform leverages GenAI to automatically craft resolution paths that offer both mitigation and remediation. This approach ensures that even in cases where remediation isn’t feasible – which is often the case for a variety of reasons – ZEST enables security teams to mitigate risk immediately using existing security controls and cloud-native services.
- Remediation as Prevention: ZEST enables security and DevOps to remediate cloud vulnerabilities and misconfigurations directly with Infrastructure as Code (e.g. Terraform, CloudFormation), using the same systems that introduced the problem to fix the problem, while preventing future and recurring risks.
- ZEST Arsenal: ZEST is unique in that it offers single-click integration and execution of best-of-breed open source tools, enabling security teams to validate that risks were actually remediated, following the principle of “trust but verify”.
FinSMEs: You just raised a new funding round. Please, tell us more about it.
We raised over $5M in seed funding in November 2023 and are backed by Hanaco Ventures, Silvertech Ventures and angel investors. To date, the funds we have raised have been primarily used to build ZEST’s R&D center and develop its core product offering, working alongside enterprise design partners and customers. Having recently emerged from stealth, we are increasing investment in talent acquisition, product innovation, marketing and founder-led sales to support a full GTM motion.
FinSMEs: Can you share some numbers and achievements for the business?
In just eight months, we hired senior team members in both the U.S. and Israel, released ZEST’s product offering to the market and onboarded numerous paying customers.
ZEST’s largest deployment is a global financial institution that has over 800 employees in both the US and EU. ZEST is deployed across their multi-cloud environment in AWS and GCP, supporting both their DevOps and cloud environments.
For organizations operating in the cloud, cloud security posture management and visibility tools have become table stakes. Now that organizations have the visibility they need, a new set of challenges exist, one of the major ones being risk remediation, which is an untapped market and an unsolved problem. That’s where ZEST steps in. The TAM is large — the CNAPP market alone is expected to grow to nearly $20B in the next few years. However, visibility is not security. Organizations require the ability to not only identify but to efficiently resolve cloud security risks.
FinSMEs: What are your medium-term plans?
Currently we have just under 15 employees, ZEST is rapidly growing to meet increasing demand. In the medium term, we expect to double in size to support a growing number of customers, drive product innovation and ramp up go-to-market efforts. While industry agnostic, we’ve experienced significant traction in financial services and healthcare, as companies in those sectors have a complex environment and high risk profile. We plan to continue to work closely with our customers to further innovate ZEST’s solution and develop new features that will further enhance cloud risk remediation and mitigation.
FinSMEs
24/07/2024