AppOmni launches protocol server to boost security teams

AppOmni has introduced what it describes as the world's first SaaS security Model Context Protocol (MCP) server designed to reduce the time security teams spend investigating incidents and enable more rapid remediation actions.

The new MCP server, implemented using the open source Model Context Protocol, provides a standard interface allowing AI models to interact with external systems. This is aimed at addressing the challenge faced by organisations that often use around 50 or more different security tools, requiring manual interaction even with AI assistance when investigating cybersecurity incidents.

The AppOmni MCP server offers integration with security-focused AI agents and various security platforms, including Security Information and Event Monitoring (SIEM), Network Detection and Response (NDR), Extended Detection and Response (XDR), and Identity and Access Management (IAM) solutions. Security teams can obtain intelligence from multiple security tools simultaneously without leaving their current working interface.

According to AppOmni, the MCP server enables AI-powered analysis through its AI companion, AskOmni, which operates as a model context protocol server. This allows users to access insights into SaaS identities, security postures, data exposures, and user behaviours for threat investigations and analysis across the SaaS landscape by leveraging agentic AI architectures.

Melissa Ruzzi, Director of AI at AppOmni, commented on the operational benefits for organisations facing complex cyber threat environments using numerous specialised security tools.

"The cyber threat landscape is complex, and for good security coverage, large organizations use upwards of 50+ different specialised security tools. Integration of security tools is not just beneficial, it's imperative for achieving holistic visibility and coordinated security decisions. The proper way to get the full benefit of integration is to go beyond ineffective data sharing to get investigative insights by integrating business logic," Ruzzi said. 

"This approach overcomes the challenge of analysts and investigative tools requiring SaaS domain expertise to interpret raw SaaS configuration and activity data." she added. 

The integration of the AskOmni MCP server is designed to provide visibility into Saas security risks, instant access to data on Saas misconfigurations, and the identification of risky behaviours enabled by AI. It offers streamlined access for external security tools to the AskOmni AI agent network, connecting with comprehensive SaaS identity investigations conducted by AppOmni.

This integration is intended to enhance the functionality of tools such as SIEM, Security Orchestration, Automation, and Response (SOAR), IAM/IGA, XDR, and Endpoint Detection and Response (EDR) solutions by supplementing their AI capabilities with SaaS security expertise.

"Organizations are now using hundreds or more SaaS applications, but the associated risks are still not well understood, leaving apps under protected. AskOmni, AppOmni's SaaS companion, leverages analytics, AI, and SaaS security expertise to analyze vast amounts of security data, uncover hidden risks, and give actionable recommendations to make informed decisions about strengthening security posture," Rik Turner, Senior Principal Analyst at Omdia, noted the challenges organisations face as they use increasing numbers of SaaS applications. 

"Now as an MCP Server, the AskOmni functionality can be leveraged by other security tools. I see the AskOmni MCP Server delivering value to cloud security and SecOps teams in nearly every facet of their responsibilities." Turner added. 

The company states that integrating AskOmni as an MCP server with other security tools grants organisations a holistic view, simplifying operations and enabling more targeted and timely remediation. The holistic perspective provided includes SaaS security posture management and supports coordinated security decision-making.