December 3, 2021

Last Updated on January 18, 2024

Today’s top SaaS vendors are giving customers more flexibility and cutting-edge options to further optimize how they manage security across their application instance. Businesses with mature security programs can do more than ever before to keep their cloud-based data and systems secure.

On a recent episode of The Virtual CISO Podcast, Mark Richman, Principal Product Manager at iManage, shared with host John Verry an AI-based security feature that his solution offers. Called Threat Manager, it provides sophisticated threat detection and automated intervention to prevent data exfiltration, along with analytics and data governance insights to maximize security for sensitive data.

Would a value-added option like iManage’s Threat Manager reduce your cyber risk enough to offset the cost? That depends largely on your current security posture and ability to make use of the insights.

A higher level of security

John views Threat Manager as “a set of suspenders for the belt your customers should have put on in the first place.” It’s not meant to compensate for lax security. Rather, it generates additional insight and alerts that are most valuable to security-savvy companies with controls already in place to identify and authenticate authorized users, ensure “least privilege” access to data, exercise secure hiring practices, and so on.

“Oftentimes the insecurity might be at the front door,” Mark recounts. “It could be that someone has an insecure password, or some social engineering happens or something like that, and an attacker gets access to an account and starts downloading content en masse. So, we’re increasingly adopting things like machine learning and artificial intelligence and looking at the patterns of how our users are using the application.”

Based on pattern analysis, if iManage detects activity that deviates from typical user/customer behavior, like a user from one department suddenly downloading hundreds of megabytes of documents from a different department, it can automatically alert an administrator to check out this potentially anomalous behavior—or even stop the questionable action automatically.

Assumption of security

John observes that an AI-based capability like Threat Manager can help combat “an assumption of security.” The dangerous assumption is that because the SaaS application itself and the vendor’s cloud environment are highly secure, the customer has nothing to worry about.

“That only works when people are actually doing what they’re supposed to do,” asserts John. “If they don’t operationalize [critical] elements of using the system, it’s not going to be effective. And you guys have some mechanisms to let clients know when people are not doing what they’re supposed to be doing.”

“Certainly, from a security perspective, we want to ensure that the content is secured and being stored in a repository with all the controls we want it to have in place,” Mark responds. “We also want to ensure that our customers are getting the value and benefit out of the significant investment they’ve made in the software. So, ultimately, we want it to be a win-win for everyone.”

What’s Next?

Want to find out more about SaaS security advances? To hear the episode all the way through, click here: LINK

For more on SaaS security due diligence, we recommend this podcast:

Free OWASP ASVS Testing Guide

If you are just learning about OWASP’s testing standard or are considering the best way to prove the security of an application, this guide is meant for you!