# Gem Security **Source:** https://geo.sig.ai/brands/gem-security **Vertical:** Cloud Security, CNAPP & Identity Security **Subcategory:** Cloud Detection & Response **Tier:** Emerging **Website:** gem.security **Last Updated:** 2026-04-14 ## Summary Tel Aviv Israel cloud detection and response platform; raised $23M+; real-time investigation and response for cloud threats across AWS, Azure, and GCP. ## Company Overview Gem Security is a cloud detection and response (CDR) company founded in 2022 and headquartered in Tel Aviv, Israel. The company was founded by Ron Konigsberg, Arie Zilberstein, and Ofir Brukner — veterans of the Israeli Defense Forces intelligence corps and the enterprise security industry — to address the lack of effective incident response tooling for cloud environments. When a cloud security breach occurs, organizations often lack the tools to quickly understand what happened, what was accessed, and how far the attacker moved, because cloud audit logs are distributed across multiple services and require significant expertise to interpret.\n\nGem raised $23 million in a Series A round led by Team8 and GGV Capital. Its platform ingests cloud audit logs and events from AWS, Azure, and GCP in real time, builds a graph of all cloud resource relationships and identity activity, and uses threat detection rules and AI to identify active incidents. When an alert is triggered, Gem's investigation interface automatically aggregates all relevant context — the identity involved, the resources accessed, the timeline of events, and the blast radius — into a single view, reducing the time security analysts spend on manual log correlation from hours to minutes.\n\nGem's cloud-native investigation capabilities allow security teams to pivot through cloud activity graphs, understand the full scope of an incident, and initiate containment actions directly from the platform. The product is designed for organizations that have adopted cloud security posture management tools but lack effective detection and response capabilities for cloud incidents that bypass configuration checks. Gem positions CDR as the runtime complement to CSPM's proactive posture management, completing the detect-and-respond half of the cloud security lifecycle. ## Frequently Asked Questions ### What is cloud detection and response (CDR)? Cloud detection and response (CDR) is a security capability focused on detecting active threats in cloud environments in real time and enabling rapid investigation and response. Unlike cloud security posture management (CSPM), which finds misconfigurations proactively, CDR monitors cloud activity logs for attack indicators — such as anomalous API calls, new IAM roles, and data exfiltration patterns — and provides investigation and containment tools for active incidents. ### How does Gem Security speed up cloud incident investigation? When Gem detects a cloud security incident, it automatically aggregates all relevant context from distributed cloud logs into a single investigation view: the identity involved, every API call made during the incident window, the resources accessed, the geographic origin, and the potential blast radius. This automated context assembly replaces the manual, hours-long process of correlating logs across multiple cloud services that traditional SOC approaches require. ### How does Gem Security complement existing CSPM tools? CSPM tools like Wiz and Orca detect misconfigurations and vulnerabilities proactively before they are exploited. Gem Security complements these tools by providing real-time detection and investigation capabilities for active attacks that occur despite correct configurations — such as credential theft, insider threats, and zero-day exploits. Together, CSPM and CDR cover both the proactive and reactive halves of a complete cloud security program. ### What is Cloud Detection and Response (CDR) and how does Gem Security deliver it? Cloud Detection and Response is the practice of monitoring cloud environments for active threats and enabling security teams to investigate and respond to incidents in cloud infrastructure. Gem Security provides real-time threat detection across AWS, Azure, and GCP by analyzing CloudTrail, audit logs, and other cloud signals, and gives incident responders an investigation workflow specifically designed for cloud attack scenarios. ### How does Gem Security help with cloud incident investigation? Gem Security provides a guided incident investigation experience that automatically correlates related events into a unified timeline, maps attacker activity to the MITRE ATT&CK for Cloud framework, and helps analysts understand the scope and impact of an incident. This accelerates investigation compared to manually querying CloudTrail and log data in raw form. ### What cloud threats does Gem Security detect? Gem Security detects cloud-specific threats including credential compromise, privilege escalation, data exfiltration from cloud storage, lateral movement between cloud services, and persistence mechanisms used by attackers operating in cloud environments. Detection rules are maintained by Gem's threat research team and updated as cloud attack techniques evolve. ### Does Gem Security integrate with existing SIEM and SOAR platforms? Gem Security integrates with SIEM platforms and SOAR tools, allowing security operations teams to receive Gem alerts within their existing workflows and trigger automated response playbooks. This integration ensures cloud-specific detections flow into the same processes teams use for other security incidents. ### How was Gem Security acquired and by whom? Gem Security was acquired by Wiz in 2024, one of the fastest-growing cloud security companies. The acquisition adds CDR capabilities to Wiz's CNAPP platform, combining Wiz's cloud posture management and vulnerability detection with Gem's real-time threat detection and incident response to create a more comprehensive cloud security offering. ## Tags security, cybersecurity, cloud-native, saas, b2b, platform, analytics, startup, enterprise --- *Data from geo.sig.ai Brand Intelligence Database. Updated 2026-04-14.*