Reveal Security Unveils Preemptive Approach to Securing Applications and Cloud Services
Reveal Security this week unfurled a platform designed to enable cybersecurity teams to preemptively manage access to multiple applications and cloud infrastructure resources both before and after end users have logged in.
Company CEO Kevin Hanes said the Reveal Platform takes advantage of machine and deep learning algorithms to identify normal login behavior without having to deploy additional software on endpoints. Once it detects abnormal behavior it enables cybersecurity teams to not only track usage of an application but, if needed, via single click be able to preemptively end a session to require an end user to log back into that application.
The overall goal is to provide cybersecurity teams with insights into how a portfolio of applications and services are being invoked to both prevent breaches and quickly respond to any breach enabled by the loss of end user credentials or when multifactor authentication (MFA) has been bypassed, added Hanes.
In contrast, most security tools only monitor identity at the point of login. Even if they go beyond that basic capability they usually rely on signature and rule-based methods that are based on indicators of compromise that are less precise, noted Hanes. As a result, cybersecurity teams using those tools still find it challenging to differentiate between legitimate and malicious activity, he added.
It’s not clear the degree to which cybercriminals are using stolen credentials to log into applications versus taking the time and effort to craft the malware required to break into an IT environment. Many cybersecurity teams are now assuming that their application environments are already compromised, so the mission now is to identify which users of an application are behaving in ways that suggest they are either not authorized to access that application or might be accessing data against their will by criminals that have found a means to take them hostage, said Hanes.
More challenging still, cybercriminals are also now targeting artificial intelligence (AI) agents that have been assigned credentials that enable them to not just access data in applications, but also autonomously execute tasks. While it may be difficult to ascertain if an AI agent has been compromised or is expanding the scope of its reach on its own accord, cybersecurity teams will need to be able to track that activity, noted Hanes.
Ever since the COVID-19 pandemic, the overall size of the attack surface that cybersecurity teams need to defend has exponentially increased. The number of SaaS applications alone that organizations today subscribe to has created a panoply of targets that are all too easily exploited. Add in various cloud computing services and application running in on-premises IT environments, and the opportunity for cybercriminals to create mayhem has never been greater.
The challenge and the opportunity now is to find a better approach to securing those applications before and after a breach has occurred. After all, the only thing more important than preventing a breach in the first place is the amount of time it takes to contain the blast radius that is only going to become wider with each passing minute.
