The Story of Gem Security: Building the Future of Cloud Security Operations
Sometimes the best business ideas come from witnessing what breaks rather than what works. In a recent episode of Category Visionaries, Gem Security founder Arie Zilberstein shared how years of responding to cybersecurity incidents revealed a critical gap in cloud security that would become the foundation for his company.
After spending a decade in Israel’s Unit 8200 and leading incident response at Signia, Arie had seen firsthand how companies struggled with cloud security breaches. “Whenever we came to respond to something bad happens in the cloud bridge, we saw that the situation was just harder. Organization didn’t have enough visibility to, they didn’t have means to detect, and they couldn’t respond in time to that incident,” Arie explains.
This observation became the catalyst for Gem Security. But unlike many founders who spend months perfecting their product before approaching customers, Arie took an unconventional approach. “Initially when we opened the company, one thing that we had in mind is that we sell the product from the first moment that we have the company, even before we have the product,” he shares.
The first 90 days were intense but exciting. “It was amazing. For many reasons, because it was a lot of build. It was building the team, it was building the product, it was drawing on a whiteboard, the architecture and some of the first use cases we’re going to tackle,” Arie recalls. The team focused on three key priorities: building the right team, refining their problem statement and solution, and beginning customer interactions.
Not everyone was convinced of their approach. “When we started the company, we had a lot of advisors, friends, security practitioner that we consulted with, and some were pretty excited about what you’re doing. Some were skeptical that this is a space,” Arie reveals. But the team’s deep experience in the space gave them confidence in their vision.
Their belief paid off as they secured their first design partners – companies excited enough about solving the cloud security challenge to work with a startup still building its product. These early partnerships proved crucial, as Arie explains: “We spent a few months building the product together with them up to the point that we got back to them and said, did we deliver on the promise, on the proposition, on everything they said?”
The company’s approach to category creation was equally deliberate. Rather than trying to fit into existing categories like SIEM or cloud security, Gem Security carved out a new space: Cloud Detection Response (CDR). “We’re not quite a SIM solution. And on the other side, we’re not quite a cloud security solution. We’re actually both,” Arie notes.
This positioning helps them address a specific gap in the market – helping security operations teams better prepare for, detect, and respond to cloud incidents. It’s a approach that resonates with both security operations teams and executive leadership, though Arie emphasizes that user adoption is crucial: “Never a deal would happen without having the bind from the security operators.”
Looking toward the future, Gem Security has ambitious plans. “Looking five or ten years from now, we look at the security operation and what this architecture of security mission will look like, and we see gem as one of the critical piece that would revolutionize security operation in the cloud era,” Arie shares.
For 2024, the focus is on scaling their early success. “The next challenge for us is getting that success at scale,” Arie explains, highlighting their plans to grow the go-to-market team and expand their market presence.
In an industry often criticized for creating solutions in search of problems, Gem Security stands out for building something born from real-world challenges. Their story shows how deep domain expertise, combined with a willingness to engage customers early, can help create not just a new product, but an entirely new category in enterprise software.