AppOmni announced a series of technology advances to
deliver industry leading identity and threat detection capabilities to protect
critical enterprise Software-as-a-Service (SaaS) environments. With new
features that leverage powerful identity-centric analysis, mass-scale event
monitoring and normalization, an industry standard for SaaS event monitoring
capabilities, and a comprehensive dashboard to show trending risk and the
overall security health of SaaS applications, AppOmni continues to set the bar
for SaaS program operationalization. The newest capabilities complement
traditional ITDR and identity and access management (IAM) solutions from
Identity Providers (IdPs) such as Okta, and collectively help security
professionals build stronger, scalable SaaS security that boosts defenses while
further reducing alert fatigue.
Joe Sullivan, strategic advisor to AppOmni and former CSO at
Facebook, Uber, and CloudFlare said: "SaaS applications are increasingly being
targeted by cybercriminals. Detecting threats within these apps requires a
specialized approach. The new AppOmni capabilities will help organizations
build scalable SaaS security with accurate threat detection, continuous, deep
SaaS security posture checks and identity-centric analysis. Some of the
capabilities AppOmni is unveiling today have recently been seen as standalone
products from startups with big valuations. By embedding these features in one
SaaS Security Platform, AppOmni is making it easy to build a world class SaaS
security program."
"The events of the past year including recent attacks
involving Snowflake have validated the fact that SaaS applications used by
almost every organization are under attack by advanced actors," said Harold
Byun, chief product officer at AppOmni. "Based on AppOmni
Labs Research and breach analysis, it has become even more critical for
enterprises to build a security strategy around these undefended internet
facing endpoints that facilitate an entry point to internal on-premise
infrastructure. The new AppOmni SaaS-aware ITDR capabilities will help
organizations identify and protect against modern SaaS threats."
In the wake of significant breaches from SaaS applications
such as Rapeflake (Snowflake), Microsoft Blizzard, Okta HAR,
GitHub and others, it is becoming more evident that the SaaS estate is being
actively targeted and attackers are gaining access to critical data assets.
When one considers that most organizations use hundreds of SaaS applications,
and these apps operate as unmonitored, undefended internet facing endpoints,
security teams are left with a massive high risk blind spot. Furthermore,
analysis of SaaS breaches shows that attackers are using SaaS as an entry point
for privilege escalation and to gain access to legacy on-premise and internal
systems leading to broader scale compromise.
Analysis from AppOmni Labs, the research division at AppOmni shows that
organizations that address attack surface and posture gaps in SaaS reduce
alerts to their Security Operations Center (SOC) by roughly 40%. Furthermore,
post authentication events (after an attacker has potentially compromised an
application) are reduced by over 70%. In a world where there are too many
security tools, too much noise and fatigued security teams, the correlated lens
on security posture, identities, and threat detection that SaaS-Aware ITDR provides delivers a truer
security signal for faster response times.
Successfully building threat detections for SaaS applications
requires a multifaceted approach. AppOmni combines advanced detection
capabilities with comprehensive insights across your SaaS estate, integrating
posture and identity information. This approach eliminates entire classes of
SaaS issues, enhances threat detection accuracy and reduces the number of
alerts, aiding busy SOC teams.
Identity-Centric Analysis
As security professionals well know, SaaS logs typically
display an endless stream of events from vendors. These usually feed the
standalone alerts that take up disproportionate attention from SOC teams,
without any meaningful context. An adequate response requires piecing together
disparate events or painstaking sequencing them to gather real insight about
potential threats. With AppOmni's patent-pending capabilities for
context-sensitive log sequencing combined with our newly introduced identity
analysis, AppOmni automatically sequences SaaS logs to derive critical insight
about potential threats. These capabilities are combined with our user and
entity behavior analytics (UEBA) capabilities to help security teams and
application owners prioritize the most serious threats, enabling organizations
to conduct clear investigations. This feature set represents the most accurate
SaaS threat detection approach currently available.
Enhanced Open Source SaaS Event Maturity Matrix
AppOmni last year released the Event
Maturity Matrix (EMM), a comprehensive framework that provides
clarity on SaaS audit logging-a valuable, one of a kind resource for the
industry to gain visibility into SaaS events, identify gaps in SaaS events
supported by application vendors, and guide security monitoring and operational
objectives. The Event Maturity Matrix is now used by global organizations as
part of vendor due diligence processes both during the initial assessment and
during annual security reviews.
Today, AppOmni announces new updates to the Event Maturity
Matrix, including the addition of cloud-based data storage platform Snowflake and healthcare Customer Relationship
Management (CRM) solution Veeva Vault to the
SaaS event inventory. Other new enhancements enable organizations to
identify gaps in logs, verify information available for incident response and
determine SaaS app authentication mechanisms such as multi-factor
authentication (MFA) verification. These deliver clarity into events from each
SaaS application and boost awareness of events from each SaaS vendor to further
customize detection rules. The EMM also now includes complete contribution
dialogue, enabling vendors and end-user organizations alike to interact with
the open source tool, building a community around SaaS security.
SaaS Security Health Dashboard
AppOmni also unveiled a new SaaS Security Health Dashboard,
which lets administrators view and share a simple executive dashboard to report
on the health of their SaaS security program. It serves up specific success
metrics and insights into improvements in the security posture of the SaaS
estate over time so that teams can validate security measures and demonstrate
program effectiveness. This is an invaluable tool for organizations
fundamentally dependent upon a wide variety of SaaS applications with thousands
of users.