A cloud security enforcement startup led by the ex-COO of Cyberillium raised $29 million to prevent cloud security risks during deployment rather than detecting them afterward.

See Also: Beat the Breach: Outsmart Attackers and Secure the Cloud

The Brightmind Partners-led Series A funding round will help Tel Aviv, Israel-based Aryon Security enforce security policies at the point where resources are being created or modified, said co-founder and chief technology officer Ariel Litmanovich. If a user tries to deploy a publicly exposed storage bucket, an unencrypted database or another insecure resource, Aryon's controls stop the deployment.

"The only way to make sure that your cloud environment is protected is by preventing those issues from ever reaching the cloud environment, and this is exactly what we do at Aryon," Litmanovich told ISMG. "We help organizations not detect but prevent cloud security risks at deployment, and by doing so, we dramatically reduce the risk and save a lot of time and effort and resources."

Aryon Security, founded in 2024, employs 54 people and has been led since its inception by Ron Arbel, who last spent nearly three years overseeing operations at Israeli security testing firm Cyberillium. Prior to that, Arbel spent nearly seven years in the Israeli Defense Forces, culminating in an 18-month stint as a hardware-oriented R&D team lead.

Why CNAPP, CSPM Aren't Suitable Against Today's Threats

Firms have spent years relying on CNAPP and CSPM tools to scan environments, spot misconfigurations and generate alerts, and Litmanovich said this approach requires security teams to investigate and remediate issues after they have already entered production environments. As cloud infrastructure becomes more complex and attackers move faster, this model is increasingly unsustainable, he said.

"The industry tried in the last few years the approach of detecting issues, remediating issues," Litmanovich said. "Now it becomes just harder and louder with more issues, and with the artificial intelligence era, it's even too late until you detect and remediate issues. So, now we feel that the market is ready for this preventative approach."

Cloud providers historically lacked enforcement mechanisms and controls, but over time, he said AWS, Microsoft Azure and Google Cloud have introduced more mature native capabilities that can be used to enforce security requirements safely and consistently. Organizations are increasingly recognizing that preventing risks before deployment is more effective than trying to manage an endless stream of alerts.

"Now it's possible to help medium and large enterprises from highly regulated industries," Litmanovich said. "We have customers from all those industries that actually make prevention and enforcement something that is actionable and works without any risk to break anything."

Aryon is focused on eliminating the conditions that often make attacks possible by preventing insecure resources, excessive permissions, weak configurations and other common mistakes, Litmanovich said. Insecure configurations are one of the leading contributors to successful cyberattacks, and he contends that preventing those mistakes offers a highly effective way to improve overall security posture.

"We are talking about operational prevention, not runtime prevention," Litmanovich said. "We don't prevent attackers. We prevent the creation or modification of insecure resources or identities. We want to help organizations make sure that those mistakes that are one of the leading causes of cybersecurity attacks are prevented by design."

Applying Aryon's Philosophy Beyond the Cloud

Although organizations may deploy resources through infrastructure-as-code tools, management consoles, command-line interfaces or automation frameworks, these methods ultimately interact with the same cloud APIs, Litmanovich said. This consistency allows Aryon to build enforcement controls that operate across multiple deployment methods and cloud services, Litmanovich said.

"Although the complexity of cloud environments is really huge and you have different ways to upload resources to the cloud, all those ways behind the scenes use the same APIs," Litmanovich said. "Aryon enables organization to enforce rules on those same APIs using behind the scenes cloud-native mechanisms."

The philosophy used in cloud environments can eventually be applied to SaaS applications, identity systems and even on-premises environments to better translate security policies into enforceable controls across their entire technology stack. Applying prevention to SaaS platforms such as Microsoft 365 can prevent files from being shared externally or require encryption settings to remain enabled.

"Aryon started with the cloud security use case, and this is the first use case of things that I want to prevent and not detect, but actually if we look at the market, there are more areas in which the preventative approach makes sense," he said. "We want to take this approach and expand it even beyond the cloud, and actually be the place in which CISOs and organizations can take their security."

Security enforcement introduces organizational challenges since legitimate business needs sometimes require exceptions to standard policies, so Aryon built workflows that help organizations understand violations, obtain approvals when necessary and implement controls without disrupting operations. The company offers feedback to users so they understand why a deployment was blocked and how to fix it.

"If someone does a mistake and tries to create an insecure resource or a publicly exposed storage or database, we prevent it at the deployment," Litmanovich said. "We provide very clear feedback on how to create the resource securely from the beginning, and then the issue is prevented, and the resource is recreated immediately without any problem."