Elastica stretches to capture a wide range of SaaS security features with its CloudSOC



Similar documents
The Cloud App Visibility Blindspot

The Netskope Active Platform

WildFire. Preparing for Modern Network Attacks

On the Radar: CipherCloud

Accellion raises the bar in secure cloud-based file sharing

Zoho weaves more of its own apps together, pulls in threads to third-party software

With $8.7m series A funding in the bag, Cirro looks to shore up its federation business

Content Delivery Service (CDS)

Cloud Access Security Broker. Ted Hendriks HP Atalla Pre-Sales Consultant, APJ Region HP Enterprise Security Products

Assessment & Monitoring

Solutions to Trust. NEXThink V5 What is New?

REVOLUTIONIZING ADVANCED THREAT PROTECTION

Moreketing. With great ease you can end up wasting a lot of time and money with online marketing. Causing

SWOT Assessment: FireMon Security Manager Suite v7.0

Symantec Global Intelligence Network 2.0 Architecture: Staying Ahead of the Evolving Threat Landscape

Nubo Software's UX over IP brings network efficiency to virtual mobile infrastructure

Top 10 Reasons Enterprises are Moving Security to the Cloud

Enabling Business Beyond the Corporate Network. Secure solutions for mobility, cloud and social media

Web Threat Detection 5.0, the second major release under RSA for the former Silver Tail

How to Define SIEM Strategy, Management and Success in the Enterprise

Managed Security Services

Netskope Cloud Report. Report Highlights. cloud report. Three of the top 10 cloud apps are Storage, and enterprises use an average of 26 such apps

Visibility and Control for Sanctioned & Unsanctioned Cloud Apps

INCREASINGLY, ORGANIZATIONS ARE ASKING WHAT CAN T GO TO THE CLOUD, RATHER THAN WHAT CAN. Albin Penič Technical Team Leader Eastern Europe

SIEM Implementation Approach Discussion. April 2012

State of Security Monitoring of Public Cloud

Cloud App Security. Tiberio Molino Sales Engineer

THE EXECUTIVE GUIDE TO DATA LOSS PREVENTION. Technology Overview, Business Justification, and Resource Requirements

Information Risk Management. Alvin Ow Director, Technology Consulting Asia Pacific & Japan RSA, The Security Division of EMC

Synergic Partners: Spanish big-data pioneer

CASE STUDY. AUSTRIAN AIRLINES Modernizes Network Security for First Class Performance

An in-depth look into how today s cloud solution providers create and sustain successful partnerships while empowering customers to move to the cloud.

Detect & Investigate Threats. OVERVIEW

Content-ID. Content-ID URLS THREATS DATA

APERTURE. Safely enable your SaaS applications.

SANS Top 20 Critical Controls for Effective Cyber Defense

PREVENTIA. Skyhigh Best Practices and Use cases. Table of Contents

Rethinking IT and IT Security Strategies in an Era of Advanced Attacks, Cloud and Consumerization

Scott Lucas: I m Scott Lucas. I m the Director of Product Marketing for the Branch Solutions Business Unit.

Palo Alto Networks. October 6

Analyzing HTTP/HTTPS Traffic Logs

Microsoft Dynamics CRM. Salesforce.com. 8 Reasons Microsoft is the Better Investment. versus

Vulnerability Management

Integrated Approach to Network Security. Lee Klarich Senior Vice President, Product Management March 2013

BDNA continues growth surge as channel activities expand

A Websense White Paper Implementing Best Practices for Web 2.0 Security with the Websense Web Security Gateway

Moving Beyond Proxies

Arista shakes up data access management with DANZ

Filling the Threat Management Gateway Void with F5

with Managing RSA the Lifecycle of Key Manager RSA Streamlining Security Operations Data Loss Prevention Solutions RSA Solution Brief

How To Protect Cloud Services From Attack From A Threat From A Cloud (Cloud)

Cisco Cloud Web Security

IT Security & Compliance. On Time. On Budget. On Demand.

Oracle Real Time Decisions

White Paper. What the ideal cloud-based web security service should provide. the tools and services to look for

Enterprise Buyer Guide

Managed service provider Bell Techlogix shines its BEAM to differentiate

Flying under the radar, Moogsoft looks to shake up the ITSM space

Safeguarding the cloud with IBM Dynamic Cloud Security

Secure Cloud-Ready Data Centers Juniper Networks

Accenture Cloud Platform at v3 - the Airbnb or Uber of cloud?

RapidMiner looks to step up advanced analysis business, adds to processing options

Content-ID. Content-ID enables customers to apply policies to inspect and control content traversing the network.

EXTENDING NETWORK SECURITY: TAKING A THREAT CENTRIC APPROACH TO SECURITY

WHITE PAPER AUGUST 2014

Sarbanes-Oxley Compliance for Cloud Applications

Executive s Guide to Cloud Access Security Brokers

Palo Alto Networks and Splunk: Combining Next-generation Solutions to Defeat Advanced Threats

Enterprise Security Platform for Government

What s Next for the Next Generation Firewall Vendor Palo Alto Networks Overview. October 2010 Matias Cuba - Regional Sales Manager Northern Europe

THE STATE OF Social Media Analytics. How Leading Marketers Are Using Social Media Analytics

FROM PRODUCT TO PLATFORM

Blending Embedded Hardware OTP, SSO, and Out of Band Auth for Secure Cloud Access

The Sophos Security Heartbeat:

Enterprise-Grade Security from the Cloud

How To Buy Nitro Security

Next Generation IPS and Reputation Services

Brinkster offers deep margins versus AWS pricing with its white-label cloud program

IBM Cloud Security Draft for Discussion September 12, IBM Corporation

Transcription:

Elastica stretches to capture a wide range of SaaS security features with its CloudSOC Analyst: Adrian Sanabria 31 Mar, 2015 Elastica is one of the more recent entries into the busy and popular cloud app control (CAC) market. The CAC market seems to be finished spitting out startups, with about 10-12 currently active, depending on how you define and categorize the space. Like its peers, Elastica is growing at an astonishing rate. The market appears to be entering a new phase now that most in this market have had products generally available for a year or longer, larger security companies are starting to show interest in the technology. Valuations may be too high for buyers to open the acquisition purses, but legitimate interest in these products is resulting in a frenzy of technical partnerships, OEM deals and reseller activity. The 451 Take While other CAC vendors chose to build the plane on the runway, Elastica surprised us in 2014 by coming out of stealth with 65 employees and a complete offering. The product included everything we expected to see from a CAC vendor, from discovery to enforcement and investigation. The CloudSOC platform is comprehensive, clearly marketed and compares well feature-wise with its closest competitors. Although the market is only just celebrating its second birthday from the first product release, Elastica trails in market recognition and has catching up to do. In a market having broad application across all verticals (as opposed to segments that largely attract regulated industries), making friends with incumbents, integrators and resellers is likely Elastica's best bet for growth. This market could be the first cloud security market segment to achieve ubiquitous appeal, and the first user-focused one to do so since the next-generation firewall. Copyright 2015 - The 451 Group 1

Context Headquartered in San Jose, Elastica has more than doubled since its official public launch in early 2014. Out of stealth with 65 employees, the company now has 135 on staff. The majority are located in Silicon Valley, with a significant number based in Sydney and Pakistan as well. CEO Rehan Jalil is also an investor himself and helped finance the company early on. The company raised a significant series B to the tune of $30m from Pelion Venture Partners, Mayfield Fund and Third Point Ventures. Mayfield also funded the company's $6.3m series A. As we've seen with many security startups, the series A focus is the technology and series B ramps up sales and marketing. Here is no different, with the company announcing experienced hires for sales positions coming from the likes of Palo Alto Networks and Qualys. Previously, the company was vocal about key data science hires and the importance of machine learning and analytics to the product. Although the company is just now ramping up sales, it has a significant number of paying customers a number comparative to competitors with a head start over Elastica. Revenue appears to be a key challenge in this market. With most vendors employing a per-user subscription model, ramping up revenue means vendors in this market need to sign up large numbers of customers. For that reason, large resellers have been the preferred channel in this market, with most seeing close to a 50/50 split between direct and channel sales. Elastica is 100% channel-focused and claims partnerships with over 35 resellers combined across the US, Europe and Australia. Accuvant/FishNet Security is a key sales partner with many more deals in the works. We expect to see marketing and sales to continue ramping up in this space in an effort to reach more and more potential customers. Unlike other nascent security markets that tend to be interesting primarily to military or regulatory organizations, we see CAC becoming a pervasive technology attractive across all verticals. Although CAC functionality is broader, in some ways it could be described as a natural progression from next-generation firewalls. Products Elastica's product architecture is built on a platform branded as CloudSOC with a modular approach to building out the various applications that run on it. We normally break CAC functionality into discovery, analysis and control categories. Elastica covers all three, but splits it up across four 'applications.' The intent is to cover a complete security cycle within CloudSOC, from detection to remediation. The Audit app is the discovery piece, which uses firewall and proxy logs to generate a risk Copyright 2015 - The 451 Group 2

assessment for the enterprise. As with its peers, Elastica has assigned risk scores to all the major SaaS products based on 'business readiness.' The general idea is to educate the customer about riskier apps and give them the necessary information to block/allow apps and functionality based on their particular risk appetite. While most next-generation firewalls also provide SaaS risk rankings, Elastica's rankings (like those of other CAC vendors, as well) are much more granular and transparent. This approach allows customers to choose/weight the attributes (out of over 60 different metrics) that concern them the most and receive custom risk rankings. The tool can also automate the generation of executive-friendly risk assessment reports showing trends over time. In these reports, Elastica takes an opportunity to show off its considerable data science chops and presents key information in a colorful, infographic-like format. This app can currently produce two reports a cloud risk assessment and a shadow app risk assessment. The Detect app features event correlation and analysis. Data from different sources can be correlated and submitted to an engine branded as 'StreamIQ' for analysis. In a process similar to how many email security products separate good from bad, StreamIQ generates a threat score that can be used to make manual or automated decisions. This score is determined by building and grooming a baseline of normal user behavior, using machine-learning principles to improve accuracy over time. We often see the same approach employed in security analytics products and its use here addresses the same sorts of challenges, just with different data. The Protect app is the bit of the CAC formula we'd normally call 'control.' This piece allows the customer to build rules and thresholds that use environmental factors and the threat score calculated by the Detect app to make risk decisions. An example might be a rule that blocks access to Salesforce if systematic data requests don't follow the natural application flow, suggesting that malware could be systematically scraping the company's data. Another example, using Box, could block the sharing of a file containing HR data to an individual outside the company. By injecting JavaScript, this app can educate and inform users on the reasons why functionality or requests were blocked. 'Investigate' is the final application on the CloudSOC platform, and focuses on enabling the customer to perform investigations on historical data from SaaS app use. The application is geared toward incident response and audit use. A customizable dashboard that Elastica calls an 'SOC for the Cloud' serves as a central point that ties all the applications together. 'Securlets' are Elastica's name for the software a plug-in of sorts (although Elastica also calls these 'applications') that allows inspection and control over each supported SaaS application. Box, Salesforce, Dropbox, Google Drive, Office 365 and Yammer are all examples of currently available Copyright 2015 - The 451 Group 3

Securlets. Technology Elastica, like its peers, is ingesting data from a number of sources APIs (when available and rich enough), firewall and proxy logs and an in-line proxy. Elastica is in a minority that has chosen not to go with a reverse proxy for the in-line architecture. We've discussed the pros and cons of reverse proxies previously, but the primary downsides concern app breakage. Rewriting URLs can break SaaS applications, especially mobile versions. Also, changes to the SaaS application can temporarily break apps until reverse proxy-based CAC vendors have time to update support for the app. On the flipside, vendors using reverse proxies argue that most vendors have early access programs for partners, allowing them to plan in advance for application changes. Reverse proxies are also able to capture access attempts from any systems not just those that are corporate-owned. API data can catch these events also, but we're told that there are very few sources of rich API data from SaaS vendors today. Elastica prefers a 'forward' proxy approach which, when implemented is transparent to users (i.e., doesn't have to change URLs to dropbox.cacvendor.com). Also, if the application changes, the customer can still capture and audit traffic and the user's experience isn't interrupted. Proxy settings can be pushed to endpoints and mobile devices through a number of means, including Active Directory's group policy and MDMs. Elastica has also branded some of the technology it has built in-house StreamIQ, ThreatScore and ContentIQ. This may be to highlight the company's investments in data science and development talent, or the company could have an interest in licensing the technology separately in the future. The first of these is StreamIQ, which extracts and records events from live HTTP traffic, using machine learning and behavioral profiles to weigh events based on a number of factors, including context. StreamIQ is ultimately responsible for providing events to ThreatScore (the second), which uses another set of machine learning engines to build a score with StreamIQ and API-sourced data. The customer can then take advantage of this score through policies in the Protect app to block actions that exceed a threshold. Individual employees are also assigned threat scores based on actions versus a 'normal' baseline and other employees. RedOwl Analytics, a member of the nascent insider threat market, does something similar with internal corporate data rather than SaaS applications. The third is ContentIQ, which Elastica's proprietary data-loss prevention (DLP) technology. The company is quick to point out that it is not just employing regular expressions (regex) and labeling it DLP, which we must admit is the norm when DLP isn't the primary focus for a security or Copyright 2015 - The 451 Group 4

technology company. False positives are often unmanageably high when employing vanilla regex for DLP purposes. Elastica is also employing some data science skill here, using semantic analysis to discover types of files source code, for example that could never be detected with any accuracy when using regex. DLP is commonly found among competitors in this market, although encryption is nearly as common. Almost legendary for being difficult to implement, SaaS encryption is one feature Elastica has yet to address. Competition There is heavy competition in the CAC market, and when we say this, we don't mean that there are lots of vendors and growth. The rumor mill is filled with stories of scalability issues, latency issues, missing features and key customers leaving for competitors. One thing that's clear is that 2014 was a year of rapid growth and maturing for this market. That seems to have been the year for bugs to be worked out and technical issues addressed. This year may be the year for alliances to be formed and for the general IT population to get familiar, even comfortable with SaaS security. In this market, Elastica directly competes with Skyhigh Networks, Netskope, Adallom, Skyfence (an Imperva company), FireLayers, Bitglass, CloudLock, CipherCloud, Cinaya, Managed Methods and Perspecsys. All of these vendors are what we'd consider 'pure play' CAC competitors. Even so, most of them have unique features and focuses. Some are heavily focused on just one or a handful of SaaS applications. Some, like CipherCloud and Perspecsys, were formerly pure-play encryption gateways and have added CAC functionality in the last year or so. A few other vendors have significant overlap, although we don't consider them pure play. These include Zscaler, Intermedia (AppID), OpenDNS (discovery only), Microsoft (discovery only) Managed Methods (CAC for APIs, you could say) and even next-generation firewall vendors. Some of these are often used alongside CAC vendors, while others compete more directly. SWOT Analysis Strengths Weaknesses We've often remarked that strength lies in a flexible platform, and Elastica appears to have that in CloudSOC. Its platform has a lot of technology in common with security analytics another very hot market at the moment. Although Elastica is one of the younger startups in this space, it has caught up quickly, with roughly the same number of paying customers as most of its competition. Elastica's age puts it behind others in terms of sales and name recognition and it has some catching up to do in a relatively busy market. Encryption is a popular feature in this market that lies outside of Elastica's scope for now. Opportunities Threats Copyright 2015 - The 451 Group 5

The company's modular platform should make it easy to ingest and correlate other types of data to improve visibility and accuracy. The addition of threat intelligence, partnerships and additional log types could allow Elastica to organically grow into other security markets. Partnerships, alliances and M&A activity could have significant impact on this market. We keep hearing that valuations are high, but still expect to see at least one or two acquisitions this year. A few strategic technology partnerships have already emerged and we expect to see many more in 2015. Copyright 2015 - The 451 Group 6

Reproduced by permission of The 451 Group; 2015. This report was originally published within 451 Research's Market Insight Service. For additional information on 451 Research or to apply for trial access, go to: www.451research.com Copyright 2015 - The 451 Group 7

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information