Time and again, the top concern for many organizations about moving to the cloud is security. Last week, security startup Skyfence emerged from stealth with technology—its Cloud Application Gateway—that leverages user behavior as a key tool for cloud security.
“What’s really unique about Skyfence are our threat prevention capabilities around cyber-intrusion,” said Ofer Hendler, CEO and co-founder of Skyfence, which to date has raised $3.2 million in funding and is currently working on a new funding round, Hendler told eWEEK.
The Skyfence Cloud Application Gateway includes automatic policies that learn what normal user behavior is for application access, according to Hendler. That behavior includes the typical locations from which a user accesses a cloud application, including IP address ranges and data access patterns. It’s an approach that Skyfence refers to as dynamic user fingerprinting.
Each transaction between the user and the cloud application is a learning experience for the Skyfence Cloud Application Gateway that is used to build a user fingerprint. That fingerprint includes a history of each user’s activity. If there is any inconsistency with a cloud application access attempt that doesn’t match the existing fingerprint, the Skyfence system will issue an alert that there might be a security intrusion risk. The system could also potentially alert an enterprise if an insider attack is trying to exfiltrate data.
Going beyond just the user fingerprint to determine normal behavior, the Skyfence system also understands how a user’s peers typically access and utilize a given cloud application, Hendler said. As such, any deviation from what is considered to be typical or normal behavior can be flagged as a potential data loss or security intrusion risk.
User-based access is typically the domain of enterprise-based role-based access control (RBAC) systems and enterprise directory technologies like Microsoft’s Active Directory. Hendler explained that Skyfence complements and works with Active Directory.
“Every transaction that we see, we extract the user name and correlate with what is in the organization’s ActiveDirectory system, and we are then able to provide the context,” Hendler said.
The Skyfence Cloud Application Gateway can be deployed as an on-premises appliance to proxy and monitor cloud traffic, and the solution can also be used as a cloud service itself in a software-as-a-service (SaaS) model.
“Customers get an infrastructure that can secure all access to their cloud applications, that is automatic and scalable,” Hendler said. “This can work for any cloud SaaS application, so there is no need to create policy for each separate application.”
Skyfence isn’t the only vendor in the market aiming to secure cloud applications. Multiple vendors, including Symantec, have cloud access security solutions that have been in the market for several years. Hendler doesn’t see Symantec and its cloud security technologies as necessarily being directly competitive with Skyfence. Rather in his view, Symantec’s cloud security solutions are about single sign on and access, which is complementary to the behavioral security that Skyfence is aiming to provide.
Moving forward Skyfence is looking to expand its product offering over the course of 2014, with another new product release set to debut at the end of the second quarter. Hendler said the new product will be focused on cloud risk and compliance needs.
Hendler’s background includes previously working as vice president of research and development at Websense and vice president of R&D at data leakage prevention company PortAuthority. His co-founder Michael Kantarovich was previously director of R&D at database activity monitoring vendor Imperva.
Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.