Cofense has launched a new tool that allows organizations to discover what Software-as-a-Service (SaaS) applications are being used by their organization. The free-to-use tool – CloudSeeker™ – will generate a list of all SaaS applications that have been configured using a company’s domain, including SaaS applications that have been authorized by the company and those that have not.
Not only does the tool help organizations keep tabs on the use of shadow IT by employees, it also shows which cloud properties could potentially be impersonated by cybercriminals to make their phishing attacks look more authentic.
Network defenders simply need to access the tool and enter in their domain. Cloudseeker then compares that domain against a library of SaaS applications to discover which have been configured using the corporate domain. In addition to providing real-time insight into the SaaS applications in use, a file containing the results of the query can be downloaded and used to compare against the results of future checks, allowing network defenders to quickly see which new services have been configured sine the last query was performed.
Studies conducted by Gartner indicate that identifying and observing shadow IT can take up to 40% out of IT budgets at large enterprises. Large enterprises are very much in the dark about the SaaS services in use and the types of business emails their staff will be receiving, many of which will have been sent by SaaS providers.
When employees sign up and configure SaaS apps using corporate domains, they create an opportunity for phisher to take advantage. A phishing webpage can easily be set up that mimics a particular SaaS provider, and a simple phishing email can be sent to employees that directs them to the site where they disclose their login credentials. Doing so could easily give the attacker access to the corporate network.
“CEO fraud or Business Email Compromise (BEC) is a very real threat that typically targets members in finance. But attackers can easily repurpose the technique creating realistic phishing sites targeting HR, IT, Engineering, Support, etc… masquerading as cloud tools the organization actually uses,” said Aaron Higbee, co-founder and CTO of Cofense. “CloudSeeker shines a light on shadow IT and counters the security risk it presents by seamlessly fitting into an organization’s broader security ecosystem. By offering this free solution to businesses, we are leveling up the playing field between attackers and would-be victims.”
The cloud security solution is an industry first and not only is it free of charge to use, no credentials are needed to operate the tool.