The anti-phishing solution supplier Cofense has introduced a new tool that lets companies test what Software-as-a-Service (SaaS) applications have been registered by workers using company domains.
The tool finds configured cloud facilities, letting safety teams test which SaaS applications are in use and take action over the illegal use of cloud applications by workers.
The solution will question a company domain against a list of generally used SaaS applications and will give back a list of all SaaS applications that are in use, underlining applications that have been provisioned without prior consent from the IT division. A file can be copied specifying all SaaS applications in use which can be compared with forthcoming scans to recognize new SaaS applications that have been provisioned since the last time the question was run.
Shadow IT presents dangers, however, IT divisions are often unconscious of workers’ activities. Several businesses are in the dark concerning the software used by their workers and the cloud facilities registered using business domains. This new facility will assist to improve safety by identifying the latter.
An additional danger from the unauthorized use of SaaS applications is the possibility for SaaS suppliers to be mimicked by scammers.
“CEO scam or Business Electronic mail Compromise (BEC) is a very real danger that usually targets members in finance. However, attackers can easily repurpose the method generating convincing phishing sites aiming HR, IT, Engineering, Support, etc. impersonating as cloud tools the business actually uses, ” said Cofense co-founder and CTO, Aaron Higbee. “CloudSeeker sparkles a light on shadow IT and counteracts the safety risk it presents by effortlessly fitting into a company’s broader safety ecosystem. By proposing this free solution to companies, we are leveling up the playing field between attackers and would-be sufferers. In any case, putting up a good defense needs a strong offense, important to this is knowing where the dangers are in the first place.”
The cloud safety tool – CloudSeeker – is available free of charge to all companies, even those who have not signed up to use the Cofense suite of anti-phishing and phishing intelligence facilities. The solution only needs a corporate domain to be entered. No PII is required.