Canonic Security exits stealth with SaaS app sandboxing platform

For businesses, the use of software-as-a-service (SaaS) applications continues to grow: The average organization now uses approximately 110 SaaS applications, up by seven times since 2017, according to a report from BetterCloud. At the same time, the use of SaaS apps in the business continues to be challenging to secure due to issues such as lack of visibility, the report found.

Once seen as the solution for SaaS app security, Cloud Access Security Broker (CASB) technology turned out to be difficult to implement and scale—and ultimately “never delivered on its promise,” according to Boris Gorin, who formerly led SaaS security product development at Proofpoint.

That’s where Gorin’s current company, Canonic Security, comes in. The startup today announced it has exited stealth and made its SaaS security product, the Canonic App Governance platform, generally available. The platform provides a sandbox environment where SaaS apps and code behavior can be simulated before an organization grants access to their business applications.

Dynamic scanning

This provides numerous security benefits — such as the ability to assess all apps and integrations connected to a SaaS app — and is the first time that such capabilities are available to enterprises, according to Canonic.

“We run the first and only dynamic scanning of SaaS native integrations, sandboxing apps in our environment to extract dozens of behavioral attributes otherwise unavailable,” Gorin said in an email to VentureBeat.

Along with the product launch and exit from stealth, Canonic Security also said it raised $6 million in seed funding last year, which had not been previously disclosed. Investors include First Round Capital, Elron Ventures, SV Angel, and Operator Partners.

Threat intelligence

In addition to its dynamic scanning capabilities, Canonic has developed its own proprietary SaaS threat intelligence, which proactively collects contextualized information on SaaS-specific threat actors and campaigns. The platform then combines this data with that data science and domain-specific heuristics to get “unmatched detection fidelity,” Gorin said.

“We use SaaS-native connectors allowing us to build out on telemetry and response capabilities previously inaccessible by proxy- or API-based solutions,” he said.

Security benefits of the platform include providing the ability to see all apps and integrations connected to a SaaS app and assess their “blast radius” and posture; identify each app vulnerability and understand how it impacts an environment; uncover abused, compromised and malicious third-party apps and integrations in an environment and quickly restrict their access; and continuously monitor pre-approved apps and detect suspicious and out-of-policy behavior, according to Gorin.

Additionally, Canonic streamlines the app access recertification processes and automatically revokes access when necessary – reducing third-party API access risks, he said.

Customer traction

Canonic currently has 20 customers. Names were not disclosed, but the customers include an international defense technology company, multiple health technology providers in the U.S. and Europe, a large retailer in Latin America, a large digital bank in Latin America, and several publicly traded software companies.

Canonic has a freemium version planned for later this month, Gorin said. Other goals for the year include adding partnerships and building out a global sales operation, he said.

In terms of future product updates, Canonic plans to add account protection capabilities, leveraging the company’s proprietary threat intelligence to identify impacted user accounts and assess risk.

Tel Aviv, Israel-based Canonic currently has more than 30 employees, and expects to grow to a team of 50 over the next six months.

Gorin previously served as senior director for information protection products at Proofpoint, following the company’s acquisition of his CASB startup, FireLayers, in 2016. He founded Canonic with chief technology officer Niv Steingarten, previously the cofounder and vice president of engineering at OverOps and a senior software engineer at Autodesk.