AppOmni unveils new threat detection features for SaaS security

AppOmni has unveiled new threat detection capabilities aimed at safeguarding critical enterprise Software-as-a-Service (SaaS) environments.

The company has announced a series of technological enhancements to boost industry-leading identity and threat detection capabilities, which are crucial as SaaS applications continue to be targets for cybercriminals.

The new features leverage identity-centric analysis combined with threshold and sequence rules through AppOmni’s patent-pending threat detection engine to offer highly accurate detection capabilities. This initiative also introduces an enhanced open-source SaaS Event Maturity Matrix and a new SaaS Security Health Dashboard. These advancements aim to provide organizations with improved tools to refine detection rules and monitor the overall security health of their SaaS applications.

Joe Sullivan, strategic advisor to AppOmni and former Chief Security Officer at Facebook, Uber, and CloudFlare, highlighted the increasing targeting of SaaS applications by cybercriminals. "SaaS applications are increasingly being targeted by cybercriminals. Detecting threats within these apps requires a specialised approach. The new AppOmni capabilities will help organisations build scalable SaaS security with accurate threat detection, continuous, deep SaaS security posture checks and identity-centric analysis,” stated Sullivan.

Harold Byun, Chief Product Officer at AppOmni, noted that the recent attacks involving platforms such as Snowflake validate the urgency to protect SaaS applications. “The events of the past year including recent attacks involving Snowflake have validated the fact that SaaS applications used by almost every organisation are under attack by advanced actors,” said Byun. He added, “The new AppOmni SaaS-aware ITDR capabilities will help organisations identify and protect against modern SaaS threats."

The new capabilities augment traditional ITDR and identity and access management (IAM) solutions from Identity Providers (IdPs) such as Okta. They collectively aim to help security professionals build more robust SaaS security programs, which, according to AppOmni Labs Research, can reduce alerts to Security Operations Centres (SOC) by roughly 40%. Post-authentication events, after an attacker has potentially compromised an application, are reduced by over 70%.

SaaS applications, often operating as unmonitored, internet-facing endpoints, pose a significant risk if left undefended. Analysis indicates that attackers are using SaaS as an entry point for privilege escalation and to gain access to legacy on-premise and internal systems, leading to broader-scale compromises. “Successfully building threat detections for SaaS applications requires a multifaceted approach,” emphasised Byun.

The enhanced open-source SaaS Event Maturity Matrix (EMM) now includes new additions such as the cloud-based data storage platform Snowflake and the healthcare Customer Relationship Management (CRM) solution Veeva Vault. The EMM provides organisations with heightened clarity into SaaS events, identifies gaps in logs, verifies incident response information, and determines authentication mechanisms like multi-factor authentication (MFA) verification.

The new SaaS Security Health Dashboard offers administrators a comprehensive, metrics-based view of the SaaS estate’s overall health. This dashboard enables teams to assess security measures, identify and mitigate risks, and create visual reports for management. It serves as an essential tool for organisations heavily relying on numerous SaaS applications with thousands of users.

AppOmni’s latest advancements seek to address the high-risk blind spots in SaaS security by providing more precise detection, comprehensive incident clarity, and an overarching view of security health. These features are designed to minimise alert fatigue and enable security teams to prioritise more effectively, ultimately enhancing the protection of critical data within enterprise SaaS environments.