How Gem Security Built a New Category in Cloud Security: A Playbook for Market Creation

Creating a new category in enterprise software isn’t just about having innovative technology – it’s about identifying and filling a gap that existing solutions overlook. In a recent episode of Category Visionaries, Gem Security founder Arie Zilberstein revealed how his experience in incident response led to the creation of a new category in cloud security.

The Gap in the Market

The idea for Gem Security emerged from a pattern Arie observed while leading incident response at Signia: “Whenever we came to respond to something bad happens in the cloud bridge, we saw that the situation was just harder. Organization didn’t have enough visibility to, they didn’t have means to detect, and they couldn’t respond in time to that incident.”

This observation highlighted a crucial gap: existing tools weren’t built for the reality of cloud security incidents. Traditional security tools lacked cloud capabilities, while cloud security solutions weren’t designed for security operations teams.

Building a New Category

Instead of trying to fit into existing categories, Gem Security created a new one: Cloud Detection Response (CDR). “We’re not quite a SIM solution. And on the other side, we’re not quite a cloud security solution. We’re actually both,” Arie explains.

This positioning wasn’t arbitrary. As Arie notes, “On the one side, we have cloud security products like CNAP and CSPM. And they’re built for the cloud. They’re protecting the cloud, serve to build cloud environments that are as secure as possible, but they are not quite built for the sock. They don’t have the mindset of detection response.”

Validating the Category

The team faced initial skepticism. “When we started the company, we had a lot of advisors, friends, security practitioner that we consulted with, and some were pretty excited about what you’re doing. Some were skeptical that this is a space,” Arie recalls.

Their response was to start selling before building. “Initially when we opened the company, one thing that we had in mind is that we sell the product from the first moment that we have the company, even before we have the product,” Arie shares. This approach helped validate their category creation strategy through direct market feedback.

Multi-Level Market Engagement

Creating a new category required engaging multiple stakeholders. While the product is built for security operations teams, Gem Security recognized the need to engage both practitioners and executives. “Most of our customers today, we started from the CISO angle and then we only evolved to the security operation team. But never a deal would happen without having the bind from the security operators,” Arie explains.

Scaling the Category

Two years in, the focus has shifted to scaling. “The next challenge for us is getting that success at scale,” Arie notes, highlighting their plans to expand their go-to-market team and replicate their early successes.

The long-term vision is ambitious: “Looking five or ten years from now, we look at the security operation and what this architecture of security mission will look like, and we see gem as one of the critical piece that would revolutionize security operation in the cloud era.”

For B2B founders looking to create new categories, Gem Security’s journey offers several key lessons:

• Identify gaps through real-world experience
• Position between existing categories rather than trying to replace them
• Validate through early sales conversations
• Engage multiple stakeholder levels
• Build for scale after proving the category

As Arie emphasizes, the key is having deep domain expertise: “Having a practitioner experience is something that is crucial. Being and serving some time as a practitioner… is so crucial to get good perspective, realistic perspective of how the world looks like.”