Cofense CloudSeeker Tool Tackles Shadow IT Security Risks

Cofense, a Leesburg, Virginia and London-based anti-phishing cybersecurity defender, has a new tool that enables organizations to pinpoint software-as-a-service (SaaS) apps in use and identify configured cloud services.

To no one’s surprise, a big chunk of those SaaS apps are categorized as Shadow IT, or unsanctioned by corporate IT, making them more susceptible to a cyber attack, according to Cofense. The company's CloudSeeker service, available free of charge, aims to discover cloud properties an attacker could impersonate in a phishing campaign.

Researcher Gartner figures that by 2020, more than 30 percent of successful attacks experienced by enterprises will be on their Shadow IT resources. You can see why: It’s relatively easy for hackers to guess what shadow IT apps may be in play, Cofense said. And, what typically follows is a bogus login page on what appears to be a SaaS website to lure an employee to hand over their sign-on credentials or click on a malicious link, the security developer said.

With the CloudSeeker tool, a network defender can determine if their corporate domain has been used to configure SaaS applications.The cloud security utility works without collecting any personally identifiable information and doesn’t require credentials to operate, Cofense said.

Here’s how it functions:

  • The corporate domain is entered into CloudSeeker and that domain is tested across a catalog of common SaaS applications.
  • The results of that query delivers the visibility into the cloud services configured for a corporate domain, highlighting applications that are in use but may not have been provisioned with IT’s knowledge.
  • Output is placed into a file that can be compared against future scans to identify changes.

“CloudSeeker shines a light on shadow IT and counters the security risk it presents by seamlessly fitting into an organization’s broader security ecosystem,” said Aaron Higbee, Cofense co-founder and CTO. “CEO fraud or business email compromise is a very real threat that typically targets members in finance. But attackers can easily repurpose the technique creating realistic phishing sites targeting HR, IT, engineering support, masquerading as cloud tools the organization actually uses.”

The CloudSeeker tool fits with Cofense’s Human Phishing Defense Solution, including Cofense PhishMe, Cofense Reporter, Cofense Triage and Cofense Intelligence.

In mid-April, Cofense, which describes itself as a provider of human-driven phishing defense solutions, relaunched its global reseller program and committed to an all-channel sales model. The company said it is focusing on partnerships with leading distributors, resellers, and value-added resellers that sell a variety of cybersecurity solutions. Cofense claims it works with about 300 such partners worldwide. Last February, when BlackRock and Pamplona Capital Management jointly acquired PhishMe for some $400 million, the cybersecurity firm rebranded itself as Cofense.

D. Howard Kass

D. Howard Kass is a contributing editor to MSSP Alert. He brings a career in journalism and market research to the role. He has served as CRN News Editor, Dataquest Channel Analyst, and West Coast Senior Contributing Editor at Channelnomics. As the CEO of The Viewpoint Group, he led groundbreaking market research.