Attack Surface Management
,
Security Operations
Startup’s Resilience Platform Focuses on Continuous Monitoring and Remediation
A startup led by a former Israeli Military Intelligence cybersecurity operations director raised $61 million for what the Tel Aviv firm says is a method for bolstering digital resilience that’s a cut above tabletop exercises.
See Also: AI Turning Tool Sprawl Into an Attack Surface
The Spark Capital and Kleiner Perkins-led Series A round will allow Gambit Security to develop systems that move corporate networks into continuously validating their security posture, said co-founder and CEO Alon Gromakov. The money will help Gambit build more infrastructure and backup integrations and more proactive orchestration and remediation, he said.
“Up until now, when you think about resilience, organizations think about it in a very traditional way, backups, recovery tests, tabletop exercises,” Gromakov told Information Security Media Group. “A lot of our work is educating about a different way of thinking. There’s a different way of approaching this. You can approach this in a continuous way, in a continuous monitoring way, continuous validation.”
Gambit, founded in September 2024, has been led since inception by Gromakov, who spent more than seven years with Israel’s Unit 8200 – including nearly three as director of cybersecurity operations – as well as nearly two years leading data detection and response at Sentra. The company’s seed funding came from Israeli incubator Cyberstarts.
How Companies Can Effectively Assess Their Own Resilience
The firm emphasizes real-time visibility into resilience gaps that could translate into material downtime during a disruption, according to Gromakov. Organizations should be constantly mapping applications to infrastructure resources, assessing redundancy configurations, identifying gaps in backup coverage, and validating high availability settings.
“Where do they have major gaps that will later turn into material downtime?” Gromakov said. “Where are they missing backups or redundancy or high availability not configured properly? They don’t have multi-region redundancy in many, many aspects that relates to the organization’s ability to keep its operations running. So that was the focus so far.”
Gromakov envisions AI-driven agents capable of dynamically adjusting backup frequencies, retention periods, immutability configurations, and replication strategies based on business context, with policies evolving as application criticality or SLAs change. Humans, he said, cannot continuously monitor every contextual shift in enterprise environments, especially in cloud-first organizations with rapid development cycles.
“The last bit there is getting trust with customers to perform autonomous actions for them,” Gromakov said. “It really starts by introducing autonomous capabilities that are not intrusive at first, and from there moving forward to more timeless capabilities.”
Why Gambit Is Moving Into On-Premise Infrastructure
Gambit initially concentrated on cloud environments due to their API accessibility and dynamic nature. But many mission-critical applications remain on-premises for large enterprises even as organizations migrate workloads to the cloud. Gromakov said resilience can’t be effectively managed if it’s siloed between cloud and on-prem infrastructure.
“The large global, global enterprises, the Fortune enterprises, they are all running hybrid environments, and they all need a solution that can get them visibility to both sides of the business, not just the cloud,” Gromakov said. “Because for a lot of the big enterprises, a lot of their main core business-critical apps are still on prem, and they still need something to help them for that environment as well.”
The current resilience market is fragmented and vertically siloed, Gromakov said, with backup vendors focusing solely on data protection and cloud providers offering limited resilience tooling within their own ecosystems. Gromakov said Gambit looks across infrastructure, applications, backups and configurations to determine whether the organization is truly recoverable.
“Our background in Unit 8200 really helps us when we think about cyber research and looking at these environments from the lens of what will the threat actor look for,” Gromakov said. “Threat actors will look for the weak spots, the single points of failure, the things that you missed. We’re looking across the stack in a horizontal cut versus a vertical one, whereas every solution is vertical.”
Resilience forms a significant portion of an organization’s risk profile, with an inability to recover from cyberattacks, system failures, or operational incidents representing an existential threat, Gromakov said. Real-time resilience validation becomes a business enabler, since when leadership knows it can recover from disruption, he said it can adopt AI, accelerate development cycles, and innovate more confidently.
“The CISO is the manager of risk, and a large portion of that risk lies in the organization’s ability or inability to survive disruption and recover from an incident,” he said. “Not just a cyberattack, any incident, any disruption. Not being able to understand that risk, map it, validate it, get visibility for it, creates a big gap for the CISO, but having the power to do so positions the CISO as a business enabler.”