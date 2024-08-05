AppOmni announced a series of technology advances to deliver identity and threat detection (ITDR) capabilities to protect SaaS environments.

The newest capabilities complement traditional ITDR and identity and access management (IAM) solutions from Identity Providers (IdPs) such as Okta, and collectively help security professionals build SaaS security that boosts defenses while further reducing alert fatigue.

Joe Sullivan, strategic advisor to AppOmni and former CSO at Facebook, Uber, and CloudFlare, said: “Cybercriminals are increasingly targeting SaaS applications. Detecting threats within these apps requires a specialized approach. The new AppOmni capabilities will help organizations build scalable SaaS security with accurate threat detection, continuous, deep SaaS security posture checks and identity-centric analysis. Some of the capabilities AppOmni is unveiling today have recently been seen as standalone products from startups with big valuations. By embedding these features in one SaaS Security Platform, AppOmni is making it easy to build a SaaS security program.”

In the wake of significant breaches from SaaS applications such as Rapeflake (Snowflake), Microsoft Blizzard, Okta HAR, GitHub and others, it is becoming more evident that the SaaS estate is being actively targeted and attackers are gaining access to critical data assets.

When one considers that most organizations use hundreds of SaaS applications, and these apps operate as unmonitored, undefended internet-facing endpoints, security teams are left with a massive high-risk blind spot. Furthermore, analysis of SaaS breaches shows that attackers are using SaaS as an entry point for privilege escalation and to gain access to legacy on-premise and internal systems, leading to broader-scale compromise.

Analysis from AppOmni Labs, the research division at AppOmni shows that organizations that address attack surface and posture gaps in SaaS reduce alerts to their Security Operations Center (SOC) by roughly 40%. Furthermore, post-authentication events (after an attacker has potentially compromised an application) are reduced by over 70%. In a world where there are too many security tools, too much noise and fatigued security teams, the correlated lens on security posture, identities, and threat detection that SaaS-Aware ITDR provides delivers a truer security signal for faster response times.

Successfully building threat detections for SaaS applications requires a multifaceted approach. AppOmni combines detection capabilities with comprehensive insights across your SaaS estate, integrating posture and identity information. This approach eliminates entire classes of SaaS issues, enhances threat detection accuracy and reduces the number of alerts, aiding busy SOC teams.

As security professionals well know, SaaS logs typically display an endless stream of events from vendors. These usually feed the standalone alerts that take up disproportionate attention from SOC teams, without any meaningful context. An adequate response requires piecing together disparate events or painstaking sequencing them to gather real insight about potential threats.

With AppOmni’s patent-pending capabilities for context-sensitive log sequencing combined with our newly introduced identity analysis, AppOmni automatically sequences SaaS logs to derive critical insight about potential threats. These capabilities are combined with user and entity behavior analytics (UEBA) capabilities to help security teams and application owners prioritize the most serious threats, enabling organizations to conduct investigations. This feature set represents an accurate SaaS threat detection approach.