AppOmni Announces SaaS-Aware Identity Threat Detection and Response (ITDR)

August 2024 by Marc Jacob

AppOmni announced a series of technology advances to deliver industry leading identity and threat detection capabilities to protect critical enterprise Software-as-a-Service (SaaS) environments. With new features that leverage powerful identity-centric analysis, mass-scale event monitoring and normalization, an industry standard for SaaS event monitoring capabilities, and a comprehensive dashboard to show trending risk and the overall security health of SaaS applications, AppOmni continues to set the bar for SaaS program operationalization. The newest capabilities complement traditional ITDR and identity and access management (IAM) solutions from Identity Providers (IdPs) such as Okta, and collectively help security professionals build stronger, scalable SaaS security that boosts defenses while further reducing alert fatigue.

In the wake of significant breaches from SaaS applications such as Rapeflake (Snowflake), Microsoft Blizzard, Okta HAR, GitHub and others, it is becoming more evident that the SaaS estate is being actively targeted and attackers are gaining access to critical data assets. When one considers that most organizations use hundreds of SaaS applications, and these apps operate as unmonitored, undefended internet facing endpoints, security teams are left with a massive high risk blind spot. Furthermore, analysis of SaaS breaches shows that attackers are using SaaS as an entry point for privilege escalation and to gain access to legacy on-premise and internal systems leading to broader scale compromise.

Analysis from AppOmni Labs, the research division at AppOmni shows that organizations that address attack surface and posture gaps in SaaS reduce alerts to their Security Operations Center (SOC) by roughly 40%. Furthermore, post authentication events (after an attacker has potentially compromised an application) are reduced by over 70%. In a world where there are too many security tools, too much noise and fatigued security teams, the correlated lens on security posture, identities, and threat detection that SaaS-Aware ITDR provides delivers a truer security signal for faster response times.

Successfully building threat detections for SaaS applications requires a multifaceted approach. AppOmni combines advanced detection capabilities with comprehensive insights across your SaaS estate, integrating posture and identity information. This approach eliminates entire classes of SaaS issues, enhances threat detection accuracy and reduces the number of alerts, aiding busy SOC teams.

Identity-Centric Analysis

As security professionals well know, SaaS logs typically display an endless stream of events from vendors. These usually feed the standalone alerts that take up disproportionate attention from SOC teams, without any meaningful context. An adequate response requires piecing together disparate events or painstaking sequencing them to gather real insight about potential threats. With AppOmni’s patent-pending capabilities for context-sensitive log sequencing combined with our newly introduced identity analysis, AppOmni automatically sequences SaaS logs to derive critical insight about potential threats. These capabilities are combined with our user and entity behavior analytics (UEBA) capabilities to help security teams and application owners prioritize the most serious threats, enabling organizations to conduct clear investigations. This feature set represents the most accurate SaaS threat detection approach currently available.

Enhanced Open Source SaaS Event Maturity Matrix

AppOmni last year released the Event Maturity Matrix (EMM), a comprehensive framework that provides clarity on SaaS audit logging—a valuable, one of a kind resource for the industry to gain visibility into SaaS events, identify gaps in SaaS events supported by application vendors, and guide security monitoring and operational objectives. The Event Maturity Matrix is now used by global organizations as part of vendor due diligence processes both during the initial assessment and during annual security reviews.

Today, AppOmni announces new updates to the Event Maturity Matrix, including the addition of cloud-based data storage platform Snowflake and healthcare Customer Relationship Management (CRM) solution Veeva Vault to the SaaS event inventory. Other new enhancements enable organizations to identify gaps in logs, verify information available for incident response and determine SaaS app authentication mechanisms such as multi-factor authentication (MFA) verification. These deliver clarity into events from each SaaS application and boost awareness of events from each SaaS vendor to further customize detection rules. The EMM also now includes complete contribution dialogue, enabling vendors and end-user organizations alike to interact with the open source tool, building a community around SaaS security.

SaaS Security Health Dashboard

AppOmni also unveiled a new SaaS Security Health Dashboard, which lets administrators view and share a simple executive dashboard to report on the health of their SaaS security program. It serves up specific success metrics and insights into improvements in the security posture of the SaaS estate over time so that teams can validate security measures and demonstrate program effectiveness. This is an invaluable tool for organizations fundamentally dependent upon a wide variety of SaaS applications with thousands of users.