User activity heuristics are at the core of the firm's blocking-and-tackling technology, said Adallom CEO Assaf Rappaport, in an interview. Adallom, which means "last line of defense" in Hebrew, is set up as a reverse proxy and develops a profile on users of SaaS-based application to determine normal day-to-day activity. The service supports a variety of popular SaaS applications, including Salesforce.com, Box and others. When the service spots suspicious activity, it can prevent unauthorized access to data.
"There's no endpoint installation and no browser add-ons," Rappaport told CRN. "You configure Adallom with your SaaS provider, and once we're linked, we provide data back on the insight we're getting and the potential attacks we're blocking in real time."
[Related: The 9 Most Dangerous Cloud Security Threats ]
Rappaport said his firm has already detected an attack on a SaaS provider. It detected a variant of the Zeus Trojan that targets users of a SaaS platform. Once the malware infects a system, it can detect a connection to the service and use the victim's account credentials and crawl massive amounts of the user's database. Adallom detected several instances of the infection. The company declined to name the SaaS vendor until the issue the malware is exploiting is fully addressed.
The market for cloud security services is expected to be worth $2.1 billion in 2013, according to Gartner. Adallom competes with SkyHigh Networks, which also uses a reverse-proxy approach. SkyHigh focuses on deep auditing by providing authentication and access control and enforcing user policies. It provides encryption and can also defend against man-in-the-middle attacks, in which a cybercriminal can actively eavesdrop on a victim's connection with their cloud service.
Security is becoming an important part of cloud deployments and is often thought of after an organization has adopted SaaS-based services, said Jim O'Brian, chief information security officer at Choice Solutions. The Overland Park, Kan.-based solution provider, a strong Citrix partner, works with a variety of organizations on virtualization deployments. O'Brian said companies seek encryption, two-factor authentication and other ways to gain control of data in the cloud.
"From account takeover to data leakage, the threats are a growing concern," O'Brian said.
For organizations averse to proxy-based technology, Adallom also sells its technology as server-based software. Rappaport said the company will initially sell its software direct, but plans are in the works to provide channel support for managed service providers and resellers.
Rappaport said the technology is scalable, and the data it provides can integrate with existing security tools or security information event management systems. It supports antivirus and VPN technology for antimalware and data security.
Once the technology takes a snapshot of an individual user's activity, the heuristics component can sense normal activity and abnormal activity. The software issues an immediate alert if it detects a user attempting to access documents from, for example, Tel Aviv and San Francisco at the same time, unless a shared account policy was in place, Rappaport said.
The company's management console provides a list of SaaS applications that it is monitoring as well as information about a user's login, device, location and activity. Rappaport said the data that it provides can be valuable for forensics investigators looking to trace a threat to its source. The service provides businesses with alerts for high-risk incidents, as well as event tracking and reporting. It also collects anonymous data on its customers to develop known attack patterns as part of a global intelligence network, the firm said.
Adallom is priced on a per-user basis starting at $5 per user with volume pricing available for private node deployments.
PUBLISHED NOV. 14, 2013
related stories
Video
trending stories
sponsored resources

Cysurance
Cyber Insurance 360

EPOS
EPOS

Products of the Year Showcase

HubStor
Cloud Backup 360

Fujifilm
Fujifilm

Dell Technologies
Dell Technologies Storage Learning Center

Mimecast
Mimecast

Comcast
Comcast Business Learning Center

Dell Technologies
Dell Technologies Server Learning Center

WatchGuard
WatchGuard

Bitdefender
Cybersecurity 360

Carbonite
Cloud Storage 360

Application Integration 360

Hitachi Vantara
Hitachi Vantara

Sophos
Sophos Cybersecurity Learning Center

Dell Technologies
Dell Technologies Cloud Learning Center

Trend Micro
Managed Security 360

Tenable
Cyber Risk 360

Webroot
Webroot Learning Center

NPD
Industry Trends 360

BlackBerry
BlackBerry Learning Center

Symantec
Symantec Business Security Learning Center

Sherweb
Sherweb

Acer
Remote Workforce 360

APC by Schneider Electric
Digital Services for Edge Learning Center

VMware

Channel Chief Showcase

StorageCraft
Disaster Recovery Learning Center

Vertiv
Edge Computing Learning Center

Wasabi
Wasabi

Dell Technologies
Dell Technologies Hybrid Cloud Learning Center

Cradlepoint
5g for Business 360

eSentire
Managed Detection and Response 360

Comm100
Collaboration & Communications 360

Smart 3rd Party
3rd Party Maintenance 360
