Defending data against hackers who try to fudge credentials is one thing – but what if those hackers manage to get hold of the user names and passwords of employees? Even worse; what if an employee decides to purloin data for their own personal gain? In that case, there’s little a company or organization can do – as the National Security Administration in the U.S. learned the hard way, when a mid-level technician, Edward Snowden, walked away with thousands of secure documents, with their revelation causing the Obama administration no end of headaches.
Clearly, companies need a way to keep an eye on even seemingly legitimate data transactions – and Israeli start-up Adallom has a solution that ensures security for all user interactions with online applications. The company has raised $15 million in Series B funding to expand its SaaS (software as a service) security system.
The funding round, led by Index Ventures, with participation by Sequoia Capital Israel, follows an initial VC funding round in December 2012. Adallom introduced its product offerings last November, and already has partnerships with Salesforce.com, Microsoft (for its online Office 365 offerings), Google, HR management service SuccessFactors, and data storage site Box.com.
The key to SaaS data security, according to Ami Luttwak, co-founder and CTO at Adallom, is to implement a system that not only ensures that the data itself is safe, but that it is being used properly, even by company employees. “Sales people save their contacts, programmers save their code fragments and documents, finance has their spreadsheets with custom macros, and so on,” he said. “Copying data is only the ‘first hop’ of the insider problem, and we can think of credentials sharing as a ‘second hop’ of an ‘insider threat.’ I think we know how dangerous it is when employees share their passwords with other colleagues,” he said – and for those with doubts, it would be sufficient to look at the damage Snowden has done to the NSA.
Most security solutions, according to Adallom, are built for “perimeter security,” ensuring that data is secured on company servers. But with SaaS, much of a company’s information is stored elsewhere – and while Google and Salesforce.com will (hopefully) ensure that their servers are secure and that hackers can’t access client data, there is nothing they can do in the event of “phony authentications,” where a user appears to have the right credentials to get into an account, even if they are not supposed to be there.
Adallom helps prevent misuse of SaaS by keeping an eye on how employees are using it. If a user logs into their e-mail from New York, for example, the system makes note of it – and if it sees that the same user is trying to access client records from an IP address in London just an hour later, it can alert administrators that something is out of place; clearly, two different people are using the same account to access data.
If a user generally reads or downloads 3-5 technical documents a day, Adallom’s system will send out an alert if it sees the user downloading hundreds of documents; perhaps the employee is planning to quit that very day and is taking along some data “souvenirs” before leaving. If the system notices that there is a great deal of browser activity and access requests, that could be evidence of malware installed on a user’s device, sucking up data as it is being downloaded by the employee, allowing administrators to quickly put a clamp on that user’s access privileges.
As the system builds a user profile, Adallom is able to hone its understanding of how a user interacts with a company’s SaaS accounts. “By learning how each user interacts with each SaaS application, we realized we could develop a behavioral model that would alert us and our customers when that user acted in a manner unlike themselves, when user activities fall outside their standard behavioral deviation,” according to the company. This model allows us to know with high certainty when user accounts have been compromised, and stop malicious behavior immediately. It also allows us to understand heuristic information that could then be aggregated to protect all of customers.”
Adallom debuted late last year to very positive reviews from industry experts. According to Pete Lindstrom, VP of Research at Spire Security, a cyber-security consulting firm, “SaaS models are common in today’s enterprises, but security professionals are only now figuring out how to modify and integrate their traditional control frameworks into these architectures. Solutions like Adallom’s provide a way to bridge this gap from past to present and future for most enterprises. Organizations today need to figure out how to ‘cover their SaaS’ so to speak, by addressing the real issue of liability in the now-pervasive SaaS application space. Adallom provides a simple way to leverage the benefits of a SaaS model while retaining the controls necessary to protect themselves and their organizations.”
Adallom – the name is a Hebrew one, and means “up to here,” denoting the limits of IT security and how the company’s technology goes beyond that perimeter – was established in 2011 by Luttwak, Assaf Rappaport, and Roy Reznik, who all previously served in the Israeli Intelligence Corps (“unit 8200”).
“The freedom provided by SaaS applications has introduced a new threat vector through the myriad of modern attacks targeted at human interactions with SaaS applications,” said company CEO Rappaport. “Adallom addresses this gap, preventing attacks by helping organizations extend visibility, compliance and security to SaaS and cloud services. With unrivaled intelligence, Adallom provides the means to mitigate SaaS threats and enhance enterprise security while preserving the ease-of-use and convenience of cloud services. The goal is security without boundaries.”