Cofense Free Cloudseeker Device Finds Shadow IT Security Dangers

June 10, 2018

 

Cofense has presented a new device that lets companies find what Software-as-a-Service (SaaS) apps are being utilized by their companies. The free-to-use tool – CloudSeeker™ – will produce a list of all SaaS apps that have been designed using a business’s domain, containing SaaS apps that have been approved by the businesses and those that have not.

Not just does the device assist companies to keep checks on the use of shadow IT by workers, it also indicates which cloud properties might possibly be personated by cybercriminals to make their phishing attacks look more authenticated.

Network protectors just require to retrieve the device and enter their domain. Cloudseeker after that evaluates that domain against a collection of SaaS apps to find which have been designed using the company domain. In addition to delivering real-time insight into the SaaS apps in use, a file having the outcomes of the inquiry can be copied and used to compare versus the outcomes of future checks, letting network protectors to swiftly see which new facilities have been designed since the last probe was carried out.

Surveys carried out by Gartner show that finding and noticing shadow IT can take up to 40% of IT budgets at big companies. Big companies are very much in the dark concerning the SaaS facilities in use and the kinds of company electronic mails their workforce will be getting, several of which will have been sent by SaaS suppliers.

When workers sign up and design SaaS apps using company domains, they generate an opening for a phisher to take benefit.  A phishing webpage can simply be set up that imitates a specific SaaS supplier, and a simple phishing electronic mail can be transmitted to workers that direct them to the site where they unveil their login identifications. Doing so might easily provide the attacker access to the company network.

“CEO scam or Business Email Compromise (BEC) is a very real danger that usually aims members in finance.  However, attackers can easily repurpose the method creating genuine phishing sites aiming HR, Engineering, IT, Support, etc. masquerading as cloud devices the business actually uses,” said Aaron Higbee, co-founder, and CTO of Cofense. “CloudSeeker shines a light on shadow IT and counters the safety risk it presents by flawlessly fitting into a company’s wider safety environment. By offering this free solution to companies, we are leveling up the playing field between attackers and would-be sufferers.”

The cloud safety solution is an industry first and not just it’s free of cost to use, no identifications are required to operate the tool.