Boris Gorin, Canonic Security: We are redefining enterprise application security by providing continuous visibility into interconnectivity
May 2022 by Marc Jacob
Canonic Security will be present at the 2022 edition of the FIC. This company specializing in securing professional application integrations and access to third-party applications provides a SaaS-based application security platform that continuously profiles applications, identifies suspicious behavior or non-compliance with the defined policy and automatically reduces the attack surface. Boris Gorin, CEO & Co-founder Canonic Security believes that its solution redefines enterprise application security by providing continuous visibility into interconnectivity.
Global Security Mag : What is your news announcement at the show?
Boris Gorin : Canonic Security is the first company to secure business application integrations and third party application access. Canonic Security provides a SaaS Application Security platform that continuously profiles apps, identifies suspicious or out-of-policy behavior, and automatically reduces the SaaS attack surface. The platform provides access intelligence and vulnerability insight, detects SaaS-native threats and helps security teams respond quickly. Canonic Security is redefining business applications security by providing continuous visibility into app interconnectivity and automated app risk scoring for native services and third-party add-ons.
Today, Saas-native integration risks are increasing more than ever with business apps, add-ons and API extensions proliferating. A new landscape of risks is emerging with app-to-app integrations:
• Vulnerable or Misconfigured integrations
• Compromised App Credentials
• Harmful apps
• Over-privileged apps
Global Security Mag : What are the strengths of the solution(s) you are presenting at the show?
Boris Gorin : Canonic Security is addressing all these challenges by mapping business applications interconnectivity, uncovering harmful, vulnerable or over-privileged apps and integrations and reducing the risk involved with third-party API access.
With Canonic Security, customers gain:
• Full visibility over 1st, 2nd and 3rd party API integrations across their business app estate
• Assessment of each integration posture and the risk involved with its API access
• Reducing their 3rd party attack surface
• Streamlining their app vetting and recertification processes
Global Security Mag : Since the beginning of the year, have you noticed the increase of new cyber-attacks?
Boris Gorin : We are certainly seeing a proliferation of SaaS-native threats as use of enterprise SaaS applications has increased, creating a new attack surface. Attackers tend to follow the low hanging fruit, which include SaaS applications, OAuth apps, and consumption of third party APIs.
Global Security Mag : How should technologies evolve to counter these threats?
Boris Gorin : Many security organizations already have vetting and pre-approval workflows. Several customers have discovered Canonic Security by taking advantage of AppTotal which we launched as a free community platform offering. The premium offering enables customers to integrate the following capabilities into a variety of SaaS platforms:
• Access intelligence: map and analyze apps, services, add-ons and other integrations blast radius
• Vulnerability insight: uncover vulnerable, abused and misconfigured integrations
• Continuous control: continuously monitor behavior, revoke access if necessary and streamline end-user notifications
Global Security Mag : In your opinion, what is the impact of the human element when deploying and improving the defense strategy?
Boris Gorin : Cybersecurity has always been about the intersection of people, culture, and technology. When considering solutions to emerging challenges in particular, it’s important to deploy new capabilities by leveraging current processes and strengths. SaaS app approval and revocation workflows represent an excellent case in point. By streamlining and automating the approval process of both new and current SaaS apps, Canonic customers are able to improve the security posture. Still, it is the notification-driven process that addresses the human element that enables organizations to adopt next generation technologies such as Canonic.
Global Security Mag : There has been a shortage of talent for years, what actions can cybersecurity players put in place in order to attract new talent?
Boris Gorin : First and foremost, leverage the existing network of your workforce to attract talent that blends into your unique organizational culture. Keep in mind that cybersecurity is inherently a dynamic and multidisciplinary discipline. As such, drive and dedication will often trump experience. The natural consequence is new employee onboarding requires more time to overcome such a steep learning curve. Hire for values and proven results in related fields, foster an open culture of personal development, and arm yourself with patience!
Global Security Mag : What message do you want to convey to CISOs?
Boris Gorin : One of the reasons I love working with CISOs is that the successful ones tend to make great teachers - many times even personal mentors. My role as CEO is to listen to my customers and give my team the optimal environment to solve their particular problems. It doesn’t matter if a vendor has been in business for two years or two decades. Stick with the vendors who are open to improving themselves continuously, and the solutions they deliver will evolve into a hand-in-glove fit.