Zscaler To Acquire Canonic Security To Thwart SaaS Attacks

In response to the implementation of zero trust security controls, ‘you see the threat landscape changing where it’s more focused now on supply chain security and APIs,’ Optiv’s CISO tells CRN.


Zscaler announced an agreement Tuesday to acquire a startup focused on protecting against attacks that target software-as-a-service, as concerns grow about the security of data in SaaS applications.

The startup, Canonic Security, had exited stealth a year ago with technology that allows organizations to assess the security of applications and integrations that are connected to a certain SaaS app, before granting access to their own business applications.

[Related: Zscaler Acquires ShiftRight To Boost Its Cloud Security Offerings]

Sponsored post

Terms of the acquisition deal were not disclosed. Canonic Security had announced raising just $6 million in funding.

The startup’s technology aims to “prevent organizations’ growing risks of SaaS supply chain attacks,” Zscaler said in a news release.

Many organizations have adopted hundreds of SaaS apps at this point, and “their users are connecting thousands of third-party applications and browser extensions to their critical SaaS platforms like Atlassian Suite, Microsoft 365, Salesforce, Google Workspace, and Slack without IT’s permission,” the company said. “Canonic’s solution allows cybersecurity and IT teams to quickly gain visibility to this ungoverned surface area and streamline SaaS application governance and enforcement.”

Zscaler said it will integrate Canonic’s capabilities into its recently announced data protection offering, including by enhancing its cloud access security broker (CASB) solution as well as its SaaS security posture management (SSPM) tool.

A well-known provider of zero trust security technologies such as zero trust network access (ZTNA), Zscaler is now expanding its offerings as attackers move to exploit other vulnerable systems with many businesses now doing more to protect their systems for access to applications.

“You see that threats are already changing with a lot of zero trust architecture and zero trust principles being put in place,” said Max Shier, chief information security officer at Optiv. “You see the threat landscape changing where it’s more focused now on supply chain security and APIs.”

Ultimately, “I think the bigger hacks that you’re going to see this year — and I think you already see it — are leveraging vulnerabilities in APIs and supply chain,” Shier told CRN.