This blog is more personal than usual, as I’m excited to share the story behind Clutch Security and the groundbreaking platform we’re building. For my co-founders and me, Clutch is more than just a cybersecurity technology; it’s a mission born from our personal experiences and the professional challenges we’ve faced throughout our careers.
Our mission is to close the gaps in securing and managing Non-Human Identities (NHIs) for enterprises. We aim to provide a holistic approach to NHI security, empowering security teams with the tools they need to efficiently and confidently manage, control, and secure NHIs across their enterprise landscape. But how did this journey begin?
Chapter 1: The VAR Experience – The Early Days of Enterprise Security
My journey with cybersecurity began at one of Israel’s largest Value-Added Resellers (VARs), where I had the opportunity to work with a diverse array of enterprise technologies. I was responsible for deploying and implementing a wide range of solutions, spanning the IT and security stack. My work included configuring and integrating switches, routers, network firewalls, load balancers, web application firewalls (WAFs), Active Directory environments, email and web gateways, data loss prevention (DLP) systems, and Security Information and Event Management (SIEM) solutions.
Working with some of the biggest enterprises in Israel, including banks, insurance companies, and tech giants, I encountered unique challenges in integrating these technologies into complex environments. Nearly every implementation of every solution required the customer to create a service account for the vendor to integrate the technology with the environment and deliver its intended value. These service accounts were often privileged, which raised significant security concerns.
Vendors frequently required these service accounts to be local administrative users on the machines where they ran, or even Domain Admin accounts in Active Directory environments. This requirement usually elicited one of two responses from customers. Some refused to grant Domain Admin access, prompting us to negotiate with the vendor to determine the necessary permissions. This process often led to frustration, especially if support was denied without Domain Admin privileges. On the other hand, some customers were willing to use a single, dedicated Domain Admin service account for all technologies in the stack—a practice that was both risky and challenging to manage.
Over time, I began scratching my head, thinking this could one day become a huge problem. I observed firsthand the difficulties in managing and tracking these accounts—understanding their ownership, purpose, and overall security posture. These early experiences planted the seeds of an idea that would eventually lead to Clutch Security.
Chapter 2: Incident Response and Enterprise Security Consulting – The Critical Years
After several years at the VAR, I transitioned into a new role that allowed me to dive deeper into cybersecurity. I joined an Incident Response (IR) firm where I took on a dual role: enterprise security consulting and leading remediation efforts during breach incidents. My work spanned two critical areas—designing comprehensive cybersecurity posture engagements and hands-on incident response.
Enterprise Security Consulting: Building a Methodology
In my consulting role, I developed a methodology for cybersecurity posture projects that provided a comprehensive assessment of an organization’s security environment. These projects were built around six key pillars: infrastructure and systems, enterprise networks, critical applications, identity and access management, detection and response, and governance.
For infrastructure and systems, we focused on reinforcing the security of operating systems, virtualization platforms, and storage solutions. In the enterprise networks pillar, our efforts were geared toward securing perimeters, cloud interfaces, internal networks, and databases. When it came to critical applications, we ensured that environments like SaaS platforms, Microsoft Exchange, and Document Management Systems (DMS) were adequately protected.
Identity and access management was another crucial area, where we enhanced credential hygiene in Active Directory and implemented robust privileged access management practices. The detection and response pillar aimed to boost visibility across IT assets, streamline threat detection strategies, and reduce the time to detect potential security incidents. Finally, the governance pillar was about aligning security initiatives with executive priorities, communicating risks effectively to leadership, and fostering a security-conscious culture throughout the organization.
By addressing these pillars, we were able to identify and mitigate security gaps, ensuring that organizations were not only protected but also strategically aligned to maximize the return on their security investments.
These projects allowed me to be exposed to Fortune 500 companies and see the vast array of technologies they were using across the entire enterprise. I gained a deep understanding of how all the pieces came together, where the security gaps were, and devised attack scenarios to test whether our clients could detect, prevent, investigate, and remediate each scenario across the cyber kill chain.
Incident Response: The Tipping Point in Breaches
In parallel to my consulting work, I was deeply involved in incident response engagements, often leading breach remediation efforts. These experiences were both intense and enlightening. In many breaches, I saw how the time in the breach when the adversary discovered an NHI and started to use it was often the tipping point.
In one memorable case, I led the response to a breach where a service account had been compromised. This service account had elevated privileges, and once the attackers gained control, they rapidly escalated their actions, moving laterally across the network and accessing critical data. It became painfully clear that the compromise of NHIs was not just a side issue—it was often the linchpin in an attacker’s success. This recurring issue highlighted not just the direct correlation between the rapid adoption of cloud technologies and the associated risks but also how with every year, the technology landscape evolved, and threat actors gave defenders no slack.
These experiences reinforced my belief that NHIs represented a critical, yet underappreciated, vulnerability in modern enterprise security. It was a challenge that needed to be addressed head-on, and it was becoming increasingly clear that the existing tools and methodologies were not up to the task.
Chapter 3: The SIEM Vendor – Seeing the Bigger Picture
After several years in the trenches of incident response and enterprise security consulting, I transitioned to an executive position at a next-gen SIEM vendor. In this role, I oversaw all customer-facing activities, from pre-sales engineering to post-sales support. This position offered a unique perspective on the importance of data and the power of correlation.
I saw firsthand the benefits of getting the right data to the right place, allowing customers to correlate activities from multiple disparate data points. This capability led to the birth of the XDR (Extended Detection and Response) acronym, which the industry recognized as crucial for understanding the bigger picture. This approach, which I had honed during my days in incident response, enabled teams to distill context from the data, detect, and respond to attacks faster than ever before.
However, even with this advanced correlation capability, I witnessed how teams struggled when it came to mapping, managing, and securing NHIs. The breach that truly connected all the dots for me was the CircleCI breach in January 2023. In this attack, threat actors stole data from CircleCI's production systems, including customer environment variables and NHIs such as tokens and keys. This data allowed the actors to access the third-party systems of several CircleCI customers. Despite having vast volumes of data ingested into a single place and all the context a team could need, not having a proper way to map, manage, and secure NHIs proved detrimental when disaster struck. Teams were left to manually sift through data and chase individuals to understand the implications and required actions, all under immense pressure to respond to the breach.
This experience was the final piece of the puzzle. It was clear that the industry needed an integrated approach to NHI security, one that provided not just visibility, but also lifecycle management, risk prioritization, and real-time detection and response. And so, the idea for Clutch was born.
The Birth of Clutch: A Unified Vision for NHI Security
By the time I connected with my co-founders, Sagi and Tal, we all had seen the significant impact of Non-Human Identity-based attacks firsthand. Our experiences—as attackers, defenders, and builders of enterprise platforms—told us that the industry needed an integrated approach to NHI security. We knew that the existing tools were insufficient, and that a new approach was required.
But we didn’t just want to build a solution in a vacuum. We knew we needed to validate our ideas with the industry. So, we “got out of the building” and spoke with hundreds of CISOs and their teams, focusing on enterprises where the problem was most acute. Their feedback confirmed what we suspected—organizations struggle to secure their NHIs. They lack visibility into what NHIs they have, how they’re managed, the risks they pose, and how to detect and respond to NHI-based attacks.
Moving Forward: Revolutionizing NHI Security
Armed with this validation and leveraging our collective expertise, we embarked on a mission to build the industry’s first Universal NHI Security Platform. Our journey has been fueled by personal experiences and insights from hundreds of enterprise security teams. We are dedicated to empowering these teams with the tools they need to protect their organizations from the unique challenges of NHI security.
As we continue to develop and enhance Clutch Security, our commitment to revolutionizing NHI security remains unwavering. This is just the beginning. We look forward to collaborating with our customers, partners, and the broader cybersecurity community as we forge ahead on this exciting journey.
Thank you for joining us.