Ermetic

Cloud identity security platform specializing in CIEM and entitlement management, now part of Tenable

Cloud Identity SecurityCustom enterprise pricing (via Tenable)

How we work:This listing is aggregated from Ermetic's official documentation, public pricing pages, community discussions (Reddit, HN, forums), and real user feedback. We do not do hands-on testing. We aggregate and organize what's already out there. Last verified February 2026.

What is Ermetic?

Ermetic, now part of Tenable, is a cloud identity security platform that specializes in Cloud Infrastructure Entitlement Management (CIEM) and cloud security posture management. Ermetic's core strength is analyzing and visualizing cloud identity risks, detecting overly permissive access policies, and providing automated least-privilege recommendations across AWS, Azure, and GCP. Following its acquisition by Tenable, Ermetic's CIEM capabilities are being integrated into Tenable Cloud Security.

Best for: Organizations where cloud identity and access management risk is the primary security concern, especially those already using Tenable products

Pros

✓ Deepest CIEM capabilities with granular identity risk analysis
✓ Automated least-privilege recommendations reduce manual IAM remediation
✓ Strong cross-cloud identity correlation across AWS, Azure, and GCP
✓ Now part of Tenable, benefiting from broader vulnerability intelligence
✓ Effective at identifying toxic permission combinations

Cons

✗ Narrower platform scope focused primarily on identity and posture
✗ Being absorbed into Tenable Cloud Security may cause product direction uncertainty
✗ Lacks workload protection and container security depth
✗ No runtime detection or response capabilities
✗ Smaller standalone market presence following acquisition