We’re excited to announce our Series A investment in ClearVector. ClearVector is building an identity-first cloud detection and response platform that gives security teams real-time visibility and control in cloud-native environments. In a world where infrastructure is ephemeral and everything is API-driven, ClearVector’s approach represents a much-needed shift in how we defend cloud environments.
The cloud changed the rules of security. In cloud environments, resources pop in and out of existence in seconds, infrastructure is defined by code, and attackers can exploit this speed and scale to their advantage. Traditional security tools just weren’t designed for this. SIEMs (Security Information and Event Management systems) aggregate logs and might detect issues eventually, but often with minutes to hours of delay and a flood of noise to sift through. EDR (Endpoint Detection and Response) agents protect servers or laptops, but in a cloud full of serverless functions, containers, and managed services, there often is no traditional endpoint to put an agent on. CSPM (Cloud Security Posture Management) tools can flag misconfigurations, but they act more like periodic auditors, so they can’t tell you in real time that a bad actor is actively exploiting a credential or spinning up malicious resources. In short, legacy SIEM, EDR, and CSPM tools struggle to keep up with the ephemeral, dynamic nature of cloud-native environments. And when an attacker can create and tear down infrastructure at will, speed of detection and response becomes critical.
This is why the identity layer has become so crucial. In modern cloud breaches, we’re often not chasing malware on a server; instead, we’re chasing identity misuse. A compromised user account or API key can do just as much damage as any virus – sometimes more, because it looks like an insider doing “normal” things. When the primary threat is an attacker using your tools with stolen or abused identities, the old question of, “What does suspicious behavior look like in general?” becomes less effective. Instead, we should be asking, “What does normal behavior look like for each identity, and how do we spot when something deviates?” The shift in mindset from perimeter-centric to identity-centric is at the heart of ClearVector’s philosophy.
To deliver on this premise, ClearVector hooks into cloud providers like AWS and GCP, Kubernetes clusters and containers, and even SaaS services that touch production (for example, developer actions in GitHub). These direct integrations, combined with an understanding of the identities at play and the use of AI, give ClearVector the ability to alert security teams in real time (as opposed to days later during an audit) and in plain English (rather than burying them in firehose of false positives and massive amounts of log data).
Equally important, ClearVector doesn’t just raise the alarm, it lets you hit the brakes on an attack in progress. If a user’s credentials are compromised and being used maliciously, the security team can quarantine that user’s access with a single click. ClearVector’s lightweight agents and cloud-native integrations can even stop malicious processes in an EC2 instance or cordon off a Kubernetes pod that’s behaving badly. This real-time response capability gives resource-strapped security teams a fighting chance to outpace the adversary, not just clean up after the fact.
All of this leads to a platform that feels built for modern security operations. ClearVector deploys in a cloud-native way (no heavy appliances or months-long implementation projects) and starts providing value quickly. The alerts aren’t cryptic log lines; they’re contextual narratives that even a junior analyst can understand, reducing the expertise needed to respond. And the integration into communication tools like Slack/Teams means the security team gets notified in the workflows they already use, which is critical when time is of the essence. This attention to workflow and usability shows that the ClearVector team really understands the day-to-day life of a cloud security engineer.
Like so many great founders, the team behind ClearVector is building the product they wish they had when they were on the front lines of incident response. John led a 400+ person engineering team at Mandiant, building products in endpoint security and incident response. He’s seen firsthand where traditional tools break down, and that insight is baked into ClearVector’s design. The combination of a clear vision, a capable product, and a proven team executing it is rare, and it’s exactly what we look for in a company at this stage.
We couldn’t be more thrilled to partner with John and the ClearVector team on this journey. We look forward to working together to help ClearVector scale and bring this technology to every organization that needs it. Modern security ops demands speed, clarity, and context: that’s exactly what ClearVector delivers. Here’s to an exciting road ahead, and to making the cloud a safer place for all.
