AppOmni Announces SaaS-Aware Identity Threat Detection and Response (ITDR)

From Black Hat in Las Vegas, NV (August 5, 2024) AppOmni, the leader in SaaS security, today announced a series of technology advances to deliver industry leading identity and threat detection capabilities to protect critical enterprise Software-as-a-Service (SaaS) environments. With new features that leverage powerful identity-centric analysis, mass-scale event monitoring and normalization, an industry standard for SaaS event monitoring capabilities, and a comprehensive dashboard to show trending risk and the overall security health of SaaS applications, AppOmni continues to set the bar for SaaS program operationalization. The newest capabilities complement traditional ITDR and identity and access management (IAM) solutions from Identity Providers (IdPs) such as Okta, and collectively help security professionals build stronger, scalable SaaS security that boosts defenses while further reducing alert fatigue.

Joe Sullivan, strategic advisor to AppOmni and former CSO at Facebook, Uber, and CloudFlare said: “SaaS applications are increasingly being targeted by cybercriminals. Detecting threats within these apps requires a specialized approach. The new AppOmni capabilities will help organizations build scalable SaaS security with accurate threat detection, continuous, deep SaaS security posture checks and identity-centric analysis. Some of the capabilities AppOmni is unveiling today have recently been seen as standalone products from startups with big valuations. By embedding these features in one SaaS Security Platform, AppOmni is making it easy to build a world class SaaS security program.”

“The events of the past year including recent attacks involving Snowflake have validated the fact that SaaS applications used by almost every organization are under attack by advanced actors,” said Harold Byun, chief product officer at AppOmni. “Based on AppOmni Labs Research and breach analysis, it has become even more critical for enterprises to build a security strategy around these undefended internet facing endpoints that facilitate an entry point to internal on-premise infrastructure. The new AppOmni SaaS-aware ITDR capabilities will help organizations identify and protect against modern SaaS threats.” 

In the wake of significant breaches from SaaS applications such as Rapeflake (Snowflake), Microsoft Blizzard, Okta HAR, GitHub and others, it is becoming more evident that the SaaS estate is being actively targeted and attackers are gaining access to critical data assets. When one considers that most organizations use hundreds of SaaS applications, and these apps operate as unmonitored, undefended internet facing endpoints, security teams are left with a massive high risk blind spot. Furthermore, analysis of SaaS breaches shows that attackers are using SaaS as an entry point for privilege escalation and to gain access to legacy on-premise and internal systems leading to broader scale compromise.

Analysis from AppOmni Labs, the research division at AppOmni shows that organizations that address attack surface and posture gaps in SaaS reduce alerts to their Security Operations Center (SOC) by roughly 40%. Furthermore, post authentication events (after an attacker has potentially compromised an application) are reduced by over 70%. In a world where there are too many security tools, too much noise and fatigued security teams, the correlated lens on security posture, identities, and threat detection that SaaS-Aware ITDR provides delivers a truer security signal for faster response times.

Successfully building threat detections for SaaS applications requires a multifaceted approach. AppOmni combines advanced detection capabilities with comprehensive insights across your SaaS estate, integrating posture and identity information. This approach eliminates entire classes of SaaS issues, enhances threat detection accuracy and reduces the number of alerts, aiding busy SOC teams. 

Identity-Centric Analysis

As security professionals well know, SaaS logs typically display an endless stream of events from vendors. These usually feed the standalone alerts that take up disproportionate attention from SOC teams, without any meaningful context. An adequate response requires piecing together disparate events or painstaking sequencing them to gather real insight about potential threats. With AppOmni’s patent-pending capabilities for context-sensitive log sequencing combined with our newly introduced identity analysis, AppOmni automatically sequences SaaS logs to derive critical insight about potential threats. These capabilities are combined with our user and entity behavior analytics (UEBA) capabilities to help security teams and application owners prioritize the most serious threats, enabling organizations to conduct clear investigations. This feature set represents the most accurate SaaS threat detection approach currently available. 

Enhanced Open Source SaaS Event Maturity Matrix

AppOmni last year released the Event Maturity Matrix (EMM), a comprehensive framework that provides clarity on SaaS audit logging—a valuable, one of a kind resource for the industry to gain visibility into SaaS events, identify gaps in SaaS events supported by application vendors, and guide security monitoring and operational objectives. The Event Maturity Matrix is now used by global organizations as part of vendor due diligence processes both during the initial assessment and during annual security reviews.

Today, AppOmni announces new updates to the Event Maturity Matrix, including the addition of cloud-based data storage platform Snowflake and healthcare Customer Relationship Management (CRM) solution Veeva Vault to the SaaS event inventory. Other new enhancements enable organizations to identify gaps in logs, verify information available for incident response and determine SaaS app authentication mechanisms such as multi-factor authentication (MFA) verification. These deliver clarity into events from each SaaS application and boost awareness of events from each SaaS vendor to further customize detection rules. The EMM also now includes complete contribution dialogue, enabling vendors and end-user organizations alike to interact with the open source tool, building a community around SaaS security.

SaaS Security Health Dashboard

AppOmni also unveiled a new SaaS Security Health Dashboard, which lets administrators view and share a simple executive dashboard to report on the health of their SaaS security program. It serves up specific success metrics and insights into improvements in the security posture of the SaaS estate over time so that teams can validate security measures and demonstrate program effectiveness. This is an invaluable tool for organizations fundamentally dependent upon a wide variety of SaaS applications with thousands of users. 

Come See Us at Black Hat USA

Swing by booth #1660 to learn how you can achieve secure productivity with your SaaS applications. Catch the only theater talk this year on SaaS security — Modern Kill Chains: Real World SaaS Attacks and Mitigation Strategies — presented by AppOmni’s Cory Michal, VP of security, Ben Pruce, senior engineering manager, and Brandon Levene, principal product manager, Threat Detection, on Wednesday, August 7 at 1:30pm PT (South Seas CD, Level 3 in Mandalay Bay Convention Center).

About AppOmni

AppOmni is the leader in SaaS Security and simplifies protection for business-critical SaaS applications. With AppOmni, security teams and SaaS application owners quickly secure their mission-critical and sensitive data from attackers and insider threats. The AppOmni SaaS Security Platform continuously scans SaaS APIs, configurations, and ingested audit logs to deliver complete data access visibility, secure identities and SaaS-to-SaaS connections, detect threats, prioritize insights, and simplify compliance reporting. 25% of the Fortune 100 and global enterprises across industries trust AppOmni to secure their SaaS applications. For more information, visit AppOmni.com or @AppOmni in LinkedIn.

Media Contact:
CONTOS DUNNE COMMUNICATIONS
AppOmni@cdc.agency (e)
+1 (408) 776-1400 (o) +1 (408) 893-8750 (m)