Security startup Adallom is launching a cloud auditing service this week that it said will monitor users of SaaS applications and block attempts to steal or manipulate data if it determines the activity is suspicious.
User activity heuristics are at the core of the firm's blocking-and-tackling technology, said Adallom CEO Assaf Rappaport, in an interview. Adallom, which means "last line of defense" in Hebrew, is set up as a reverse proxy and develops a profile on users of SaaS-based application to determine normal day-to-day activity. The service supports a variety of popular SaaS applications, including Salesforce.com, Box and others. When the service spots suspicious activity, it can prevent unauthorized access to data.
"There's no endpoint installation and no browser add-ons," Rappaport told CRN. "You configure Adallom with your SaaS provider, and once we're linked, we provide data back on the insight we're getting and the potential attacks we're blocking in real time."
[Related: The 9 Most Dangerous Cloud Security Threats]
Rappaport said his firm has already detected an attack on a SaaS provider. It detected a variant of the Zeus Trojan that targets users of a SaaS platform. Once the malware infects a system, it can detect a connection to the service and use the victim's account credentials and crawl massive amounts of the user's database. Adallom detected several instances of the infection. The company declined to name the SaaS vendor until the issue the malware is exploiting is fully addressed.
The market for cloud security services is expected to be worth $2.1 billion in 2013, according to Gartner. Adallom competes with SkyHigh Networks, which also uses a reverse-proxy approach. SkyHigh focuses on deep auditing by providing authentication and access control and enforcing user policies. It provides encryption and can also defend against man-in-the-middle attacks, in which a cybercriminal can actively eavesdrop on a victim's connection with their cloud service.
Security is becoming an important part of cloud deployments and is often thought of after an organization has adopted SaaS-based services, said Jim O'Brian, chief information security officer at Choice Solutions. The Overland Park, Kan.-based solution provider, a strong Citrix partner, works with a variety of organizations on virtualization deployments. O'Brian said companies seek encryption, two-factor authentication and other ways to gain control of data in the cloud.
"From account takeover to data leakage, the threats are a growing concern," O'Brian said.
For organizations averse to proxy-based technology, Adallom also sells its technology as server-based software. Rappaport said the company will initially sell its software direct, but plans are in the works to provide channel support for managed service providers and resellers.
Rappaport said the technology is scalable, and the data it provides can integrate with existing security tools or security information event management systems. It supports antivirus and VPN technology for antimalware and data security.
Once the technology takes a snapshot of an individual user's activity, the heuristics component can sense normal activity and abnormal activity. The software issues an immediate alert if it detects a user attempting to access documents from, for example, Tel Aviv and San Francisco at the same time, unless a shared account policy was in place, Rappaport said.
The company's management console provides a list of SaaS applications that it is monitoring as well as information about a user's login, device, location and activity. Rappaport said the data that it provides can be valuable for forensics investigators looking to trace a threat to its source. The service provides businesses with alerts for high-risk incidents, as well as event tracking and reporting. It also collects anonymous data on its customers to develop known attack patterns as part of a global intelligence network, the firm said.
Adallom is priced on a per-user basis starting at $5 per user with volume pricing available for private node deployments.
PUBLISHED NOV. 14, 2013