No Boundaries - Why AI and SaaS Are Now the Same Attack Surface

Elias Terman, Vorlon  (00:02):

Today I am joined by two experts whose experiences has span the front lines of cybersecurity, innovation and the pulse of industry research. First up, we have Amir Khayat, CEO, and co-founder of Vorlon to being a founding team member at Demisto, the widely adopted SOAR platform and through Demisto's acquisition by Palo Alto Networks, where he ran global solutions engineering for their XOR platform. Joining Amir is Justin Lam, senior research analyst at 451 Research. Across his career, Justin has worn just about every hat you can imagine from engineering product management to customer success and sales leadership. Amir, welcome to the webinar.

Justin Lam, 451 Research  (00:44):

Really appreciate it. Flattered. Sometimes I pinch myself that you're describing me, but hey, that's flattered, flattered you and privileged to be with you

Elias Terman, Vorlon  (00:53):

Guys. I zoned it down. I had two pages.

Justin Lam, 451 Research  (00:58):

I mean this is really about the most important is the folks that are with us is our customers. But I just think that really what Amir and I are striving to do and just has been part of our experience, has been really to build alliances, to build bridges. Data security, cloud security. Security in general has never been a solitary effort though sometimes it really feels like it is. So if you're a security leader and you need to understand what are the directions that SaaS is going in and how can I resonate with that, how can we be more proactive about that? Certainly can do that. This is also the sessions and this conversation is also for the technology leaders, those that have been entrusted or who now have positions of trust where they need to be able to prove the veracity or the security of the offerings that they are building, either in terms of service or in product.

Justin Lam, 451 Research (01:57):

So we want to help build out some of those alliances, be able to have something relevant for everyone within the organization. So with that, what we want to do in this session here together with Amir and I, is to really dive deeper into some of these issues, some of these trends. We really wanted to make sure, and again to echo Elias's point, Amir and I felt really strongly about not having 47 PowerPoint slides that we talk through or anything like that. What we wanted to do is make this a lot more holistic, a lot more descriptive about what are some of these underlying issues to further contextualize why we believe AI and security are becoming one in the same risk surface attack surface, if you will, a threat area. And we'll just got to get into more with that. But maybe to kick things off here, I haven't allowed Amir to give a word in edgewise here, but why don't you just to provide some initial context here. Can you share the experience, Amir, of was for lawn's founding vision, what you see, what are some of the trends, and just how did you get from where you've at to where we are now today?

Amir Khayat, Vorlon (03:22):

Yeah, absolutely. And it's great to be here. Thanks for everyone joining us. Definitely there are a lot of topics that Justin and I were brainstorming that we want to bring up. Definitely. We all know AI is the wave now hot topic, so we'll definitely dive more into that. But I guess back to your question, I think that coming from building a SOAR platform, working with a bunch of different integration, when I was in Palo together with our core team, that basically exposed us to a lot of data movements and a lot of risks that basically were just relying on communication between application. Now, working back then at a traditional firewall company back then, I'm talking about 2019, the security landscape has evolved, right? And if we're talking about having endpoint focus, firewall focus, this is no longer the main game and this is a challenge for security team. And that's kind of like what started the whole ideal lon helping companies actually to protect data that they don't own anymore and that they store on other application. Basically bridging the gap and putting more controls about those type of things. That's kind of like what started the whole idea overall loan. And obviously we'll talk about that soon with the AI motion that accelerate everything and the problem. But our vision is to help companies to be more safe, to help security teams to enable, and that's our goal.

Justin Lam, 451 Research  (05:07):

Awesome, awesome. I mean this is something that I see as Justin, the industry analysts, just the nature of SaaS and the way the software is moving, it is indeed moving fast. Just to highlight and underscore some things. This convergence that we're talking about here it is, it's just driven by, I just think the nature of SaaS itself. I mean on a basic level it's easy to adopt anyone with a browser or mobile device, they can go download, they can go start interacting with tools automatically. And so as far as large upfront opportunity costs, that doesn't necessarily exist in enterprise SaaS. And so certainly there is, it's easy for enterprises to get addicted to it. But that being said, with all this early quick rapid adoption here, what do you think are some of the challenges that still might lie ahead from a security standpoint? And Amir, I give that question back

Amir Khayat, Vorlon (06:19):

To you. It's a great question. I think that, again, going back to the evolution, we see that and we fill it when we work with customers. You don't own the application anymore, you don't install the application anymore. So that makes everything more and more fragmented. And from a security perspective, although it makes the organization more productive, you don't need now to go and install applications on the endpoint or you don't need to maintain data centers. So from that perspective, definitely we're living the future in a way if you look at it back in the nineties.

Amir Khayat, Vorlon (07:01):

And I think that with all the productivity and moving fast, that also created a security gap and challenge for companies because in the end of the day, if you don't own your data and you don't control it, that's a potential risk. And bad actors are always waiting for their opportunity. And if we shift it to the AI motion, I think that will just be on steroid because that will come from different places, places a little bit less security focused anecdote. But yesterday I had some meetings, I'm based in the San Francisco Bay area and I had a meeting in San Francisco and as an entrepreneur, and I believe myself as an early adopter, once Elon, and this is not a Tesla. Once Elon roll out the autonomous car, I obviously register for that, start to play with it, and I'm testing it over the cross of almost a year now. And honestly works pretty much perfect except for yesterday when I was on my way to a meeting. Now the old story is because I was on the 1 0 1 and then in one stage the car when I was about to go on third basically decided that it's too busy so they will change a lane. And I was like, yeah, let's trust ai, right?

Justin Lam, 451 Research  (08:23):

Sure.

Amir Khayat, Vorlon (08:24):

And in that moment, basically I was on my way to Oakland to the Bay Bridge and I was like, oh, what do I do now when I have 10 minutes? So moving to security, think about that, right? When you put your destiny with others, I think this is the major gap and this is where security team will need to work hard and are working hard to bridge this gap while everything is in motion.

Justin Lam, 451 Research  (08:50):

Yeah, I think that there's something to be said here. I mean there's also I think just the SaaS world and some things that we see, we see other companies try to independent SaaS companies that are always adding security features to their product. And rightly so, you've seen some tribes here. I think the growth of single sign-on for so many things, identity access and provisioning, some of that has made it really, really easy for adopting and enrolling large numbers of organizations, made the ease of use a lot easier. So that with SSO and things like that, I've eliminated a lot of separate passwords and accounts to manage for people, but there are still some risks here and there are risks within what I would argue as possibly the data itself and the operation of that data and the interdependence between different pieces of technology. Like if you consider a marketing technology stack here, you might have CRM, you might have a campaign manager, you might all these different pieces to be able to track loyalty, to be able to track your customers. But at the end of the day, each individual solution might have its own particular security suite or security feature set. But as far as something that's going to map to all of the data as it flows between different tools, I think that's still a major challenge. What are you seeing among your customers among the trends there for you, Amir?

Amir Khayat, Vorlon (10:31):

Yeah, definitely agree with the additional controls that helps to, from an ease of usage and how do I can actually oversee things, but I feel think that we're in a stage that we're still not there. What do I mean by that? The complexity that we talked about is the different SaaS application that does not have a single point of view in most cases. And think about, you mentioned A CRM. A CRM can serve you for many reasons, mainly to understand the opportunities that you have. And most CRM has different plugins to different marketing tools that will accelerate your outreach to the market. And these basically connections are the gap today, our blind spot, and this is what we hear a lot like talking to customers, the first thing that we hear all the time is we don't know what we don't know, and that's what keep us up at night basically.

Amir Khayat, Vorlon (11:41):

So the first line of defense is always know your enemies, understand in general how your overall soldiers at the field are basically spread. And I think that if we kind of take this analogy to the SaaS, you need to know what you use and that's phase one. Now I think you mentioned an interesting point. Yes indeed it makes it everything easy for companies to work with, but I think that one of the key element that we've seen in the security area is about the shared responsibility or fate, but in practice, if we look at the overall industry, most SaaS vendors today either charge extra to do security or put different controls in place that requires manual approval and that basically put the organization in a reactive mode and without the ability to actually do things proactively and identify things. For sure,

Justin Lam, 451 Research  (12:55):

For sure. I think what compounds all this, and I just sort of see this from my perspective as well, is that when we think about the adoption of SaaS in general and we think about where SaaS technologies is headed towards, I think that for major enterprises out there that have adopted lots of SaaS, a large HRM system or a large CRM system, one of the things that we're seeing here is that enterprises, while they are eager about generative AI and they're all using copilots and chat GT and they're using maybe some specialty apps like Otter AI to summarize a meeting for example, or gong to analyze how is this sales call going and whatnot. There's also a lot of existing SaaS that has been around a long time that acts as a system of record and your HRM system, your CRM system, your ERP sorts of systems, supply chain, these are things that those vendors that have quite an entrenched enterprise foothold, they're motivated to stay sticky in accounts, they're motivated to help their customers maximize the existing investment that they have so that they can win ongoing investment.

Justin Lam, 451 Research  (14:22):

So I say that all to say that as security leaders, it's important to know that enterprises aren't going to be giving up their SaaS anytime soon. The SaaS investments that they've made for the last generation and the SaaS vendors themselves have very big motivations to be able to add in their own agent sorts of offerings into their offerings to basically the toil. If I'm in customer service and I want to reduce the toil of how long it takes to service a particular customer, can I make it more agentic in terms of how that customer navigates the customer experience, for example? Sure, there are these sorts of motivations. And so I think for security leaders, one of the things that we have to keep in mind is that we want to be able to know that the SaaS is all about trying to reduce the toil and anything we can do in terms of what our offerings are as a collective to be able to say, Hey, here's how we can secure or help guarantee or assure better security operation, especially as data flows between different applications or as it's used by any given application.

Justin Lam, 451 Research  (15:46):

How do you build and entrust that so that you can reduce the toil? I think that's the language that needs to be spoken. I think sometimes you see security leaders, they're talking way too much or almost exclusively about some of the risks out there without understanding what are some of the rewards. And I think that is critical to understand because most everyone in the SaaS ecosystem, including buyers, the vendors themselves, they're still very much focused on the rewards of what that reduced toil will be for knowledge workers with generative ai. So I just say that all to say that that's what I see in terms of the convergence here. But Amir, maybe I throw it back over to you here from your perge, what are you seeing out there in terms of that SaaS and that AI convergence?

Amir Khayat, Vorlon (16:45):

Yeah, I think that you're spot on. Definitely the industry needs to look at it as a more holistic problem. I can tell you that since starting Lon, we're pushing a lot to standardize, make a standard basically around how do you actually do security when you leverage application that you don't own? And there are some security leader in the industry that were very vocal about that as well. I think that the complexity here is high and the real things that the business needs to understand all the time and security leader specifically is to identify the potential risks that will put their business in a bad spot. And I think that by having an approach, a unified approach, the same as you had when it owned the tools just before a few years back, I think that's the beginning of their approach on how to adjust to the new era of your data goes somewhere and is being manipulated or is being used by others.

Amir Khayat, Vorlon (18:10):

It's super important, again, going back to risk, to prioritize what will impact you as a company. If it's your ip, it's your customer base, which regulation dictate that employees information. So I think that the structure is there, we just need to reflect that on the new environment. And that goes also with the AI trend. AI is amazing and AI learn more and more and more. The more data you share now how you as a company still make sure that your data, your sensitive data, your unique ip, your employees, your customer information sensitive information is not going out there and that can put a company in a risk every day.

Justin Lam, 451 Research  (19:00):

Yeah, for sure. Can you spend a little bit more time, Amir, and talk about what are some of the specific risk areas that you see for both SaaS, for both gene ai now that we're kind of coalescing that they are indeed the same sort of challenge here? What do these risk areas have in common and from a risk management perspective, can some of those common allies actually be sort of simplified? If I don't have to think of SaaS security and AI security as necessarily two separate things, then how can I think about risk management in general, the risks out there and think about that convergence and think about a way to more efficiently or more or just frankly just better qualify and quantify the aggregate risk?

Amir Khayat, Vorlon (19:55):

Yeah, I think from a risk vector perspective, we see a lot of different risks that can impact the company starting from an excess control over shared data and privilege drift, giving the data movement, which always give you the context about those type of things. If I mention our privilege drift if right now security team IT teams are overwhelmed with the complexity as we said, I think that adding the context is a must today, right? And if we're looking at from a risk perspective and data perspective, again, your data movement understand if your data goes somewhere that it should go or if there is an actual attack that does data exfiltration. A great example is there isn't shiny hunters that is just evolving more and more and more. I think that this puts organization in a immediate risk and also from a compliance perspective, you have to have the right controls in place in order to make sure that your data doesn't go to other location.

Amir Khayat, Vorlon (21:08):

Starting with what we started on this webinar, know what you don't know, shadow it, right? Blind spots around SaaS and AI usage, how do you actually know, right? How many add-ons, sanction, unsanctioned application, right? Today, every employee can pretty much spin out an AI tool, share information with that. So this is definitely a challenge. And lastly, I will say that the industry is still very much focused on users when the problem increased to the web of integrations that moving your data without control. So this is another step that the industry is doing currently. There are different tools in the industry, but that's an attack vector that evolve in the last eight, 10 years, right?

Justin Lam, 451 Research  (22:01):

Sure, sure. I think that this is really something that is underlying it. What I hear you say is behind all these webs, I mean there is this challenge with data security and I think that through the lens of what data I actually have, what data am I generating, what am I collecting, what am I processing, that to me is sort of a byproduct of this convergence at the end of the day, whether I have something that is sort of an agentic workflow, whether I have MCP that is sort of almost decoupling what applications are between users and their data or if I think about the SAS and where that is headed, I mean all of these are built on the enterprise data entrusted. And so I think it's wise to be able to think, okay, from that risk standpoint can I say what's the constant here?

Justin Lam, 451 Research  (23:00):

The constant here is the data that I actually have. And then from there it makes it probably more manageable to approach what are the webs of interconnection that are best going to contextualize what some of those risks are. So definitely with this convergence of AI and SaaS, what we're seeing here is these two are definitely coming together. Underwriting it though is this fundamental need to think about the data to think about holistically about that data as it flows between the different applications. And so one of the things that I'll just sort of see here is thinking about some of these risks that you mentioned here, and I'll just kind of recount them for you around access control data movements, the shadow applications that are out there, the need to monitor those set applications, and then also other things as well from the Black Hat DEFCON conference that we heard last week, NHI and IM are huge risks as well, especially as you have more of these agentic things operating on behalf of other users or other processes.

Justin Lam, 451 Research  (24:09):

But tying this all back together again, I feel like we still have to tie it back to what the rewards are and something that we see in our experience here at 4 51 research s and P Global are some of these contradictions in the marketplace. And so I'll just kind of take an example here of customer experience and I'll just sort of make this sort of next series of examples here really rooted in CRM and what our spaces are at shows like Dreamforce and just the MarTech overall. And so in recent 4 51 research s and p global research in our customer experience and commerce study of 2025 where we asked decision makers in marketing technologies, what was your number one priority? What were your top priorities? They said anti-fraud and improving data security were two out of the top three digital commerce initiatives that they had.

Justin Lam, 451 Research  (25:16):

So these are people who make decisions on CRM technologies or just general SaaS technologies. And then surprisingly, when you ask them, well, what's the biggest thing you're going to go invest in? Well, maybe not so surprisingly, generative AI was the number one answer because it kind of makes sense. Like we said, they're trying to leverage the most that they have in their investment and many of the MarTech stacks are integrating gen AI in. So of course naturally there is this strong desire to heavily invest. But then when we asked the same marketing and technology leaders, the same one who said to us data to security and anti-fraud were two of our top three initiatives. When we asked them what else are they going to increase their investment in, even though gen AI was the number one answer, data security and data governance, they were tied for ninth place in the categories.

Justin Lam, 451 Research  (26:19):

And what I think here is happening underneath the covers here is that part of it is I think there's this lull into thinking, hey, whatever tool I buy, it has its own security features, therefore the aggregate of it must be secure. That's one sort of thought avenue that's sort an optimistic one. A second one is that many organizations who say they profess a care about data security may not actually care about data security because it's reflected in what their investment intentions are. Either way, you slice that though with this tension, there's an unserved need being met because at the end of the day we're seeing these MarTech leaders who are saying, Hey, data security and governance are important for me, anti-fraud are important for me, but at the end of it I'm still not investing in those needs or in those initiatives. And that disconnect is something that either gets met, either doesn't get met in the marketplace, and some of these MarTech stacks operate less securely than they should be or they, they're met by other means, perhaps by security leaders who can say, Hey, maybe we can have something here to help you onboard some of those apps more securely help you onboard more of that generative AI securely.

Justin Lam, 451 Research  (27:50):

But by doing so, you're actually talking about both the risks and the rewards of adopting some of that MarTech stack. So with that conversions here, the space is moving quickly here. I'm just wondering if there's a different way to reframe how we think about the security and AI challenges and how can we be more proactive? And I know you wanted to say loads about how security organizations could be more proactive, but maybe you could spend some time and some comments here expanding more.

Amir Khayat, Vorlon (28:27):

Yeah, I would love to, I guess hearing your statistics and from your research, I would say that in general, the risk and the impact on companies, that's what dictate their security focus in the end of the day. And I think that again, we both agree before this webinar and I'm sharing now with our audience, is that data security and governance is basically one of the top things that will impact your company. And we can see that with the different breaches that occurred. And I think that another parameter without, before diving into the SaaS and AI aspect, I would say the frequency of those type of things. And if we look across the last 24 months or so, almost every week you hear about a big company that was in a situation of data leakage that impacted them and then that impact their customers, that impact their employees and eventually if they are a traded company, also also the company financials in general, but agree with you, absolutely.

Amir Khayat, Vorlon (29:37):

Security can no longer be an afterthought. It must be proactive security team now with all the complexity have to be the enabler of the business and supporting the business line every day. And when I say every day is that every SaaS adoption, gen AI capabilities in general AI tools. So if we look at it from an AI and SaaS perspective, every SaaS and AI today comes with its own API own monitoring tool, permission models, but the true security meaning managing this risk in the data level, regardless of which app it lives in, it's a proprietary document that is lost. So I think that once you become proactive about it, whether it's your CRM is damaged or your Google Drive, OneDrive is now leaking information, that's where you're ahead of the game and you're able to close these gaps very, very quickly. And that requires focus. That requires continuously monitoring of all your complex environment and understanding once your vendors are now, and pretty much every SaaS vendor is adding AI capabilities once they're adding them, you need to discover that, understand that, and breaking down into what is the impact and what is the value for the company. So I will not prevent from our employees to run faster, but on the other hand, I will be able to identify and detect any abnormal behavior that can impact the company eventually because it's no longer let's detonate a malware, right? It's a different game.

Justin Lam, 451 Research  (31:23):

Right, right. Let's talk a little bit more about just here, you mentioned something here earlier, a little bit about the shared responsibility model, and I'm just wondering if you could, you had some thoughts around that. That's been a topic here and I think there's this blend between what I think of as shared responsibility. Some others have called it shared fate, and I think there's still this idea of what I'll call shared operation here, but how do you think about the shared responsibility, some of the cracks in it, some of the delineation between, hey, here's a SaaS offering or here's an AI offering, and now according to what the breaches there are, could you share a little bit more about that?

Amir Khayat, Vorlon (32:13):

Yeah, absolutely. From our experience at Lon, the more we talk to security leaders, the industry now in a stage that they know that they can't roll it back to the vendor anymore, and every environment is also different. So if we take for one second the shiny bridge as the latest example, Salesforce did not have a bridge. Everything was fine on the Salesforce side. On the other hand, Salesforce customers were suffering from that bridge, so Salesforce could help them up into a certain stage, but now it's all around the company landscape, right? So where is the border, right? What's the actually balance between supporting you as a vendor, put all the right controls in place, obviously if the vendor does it, and then how to help you when something happened to your data? And I think that the industry now is in an intermediate phase, I would say, of learning how to approach it.

Amir Khayat, Vorlon (33:19):

There were also some core decision about that. I think that in the end of the day, that means that organization need to go to the basic and do security old school like they did just with the understanding of the new normal, I would say. And that means, again, being proactive about things and not reactive because even when your vendor breached, whether it did already or it'll in the end of the day, it impact your landscape, your configuration, you'll need to put a lot of work to understand how to mitigate it. And if we look at some statistics, it takes a couple of months to identify those things, at least I would say for enterprises. And from there to mitigate and understanding, connecting all the dots it can take from a quarter to six months. We've seen that in some breaches, some recent breaches as well.

Justin Lam, 451 Research  (34:16):

For sure, for sure. I think that one of the things that we're seeing here in our research, and this probably is a longer conversation or maybe a sequel someday for us in another episode, is that distinction between secure by design and then secure by operation. Because I think you're absolutely right. Some of the times, I mean many of the SaaS offerings, many of the cloud offerings out there from a security by design perspective and that separation of duties, that shared responsibility, they've actually operated and they actually have a very good, what I would call a very good track record in terms of uptime, in terms of being able to, as the service provider be able to overall provide high levels of assurances. What I would just say, kind of going forward though, is more along the lines of sort of that shared fate. Can customers, can enterprises operate these environments safely?

Justin Lam, 451 Research  (35:23):

And I think where the lines especially blur, especially as that we're seeing here, is the speed of the ecosystem, the speed of the changes being pushed and propagated. When you look at hugging face and you see it has almost 2 million models and it's adding about a hundred thousand every single month, and you just think the sheer number of language models is changing this amount and the other kinds of technologies that are also changing as well. One year ago, I don't think anyone heard of Cursor or was using Claude code now that certainly it's almost become a lifestyle for many, many people. And so I think that this combination of things, you have to be looking at the operation. Yes, I have passed a security questionnaire with my particular SaaS vendor, but I also have to think about how can I operate this safely for a net new technology, which seems to come continuously.

Justin Lam, 451 Research  (36:21):

Now, how can I always be thinking about that relative vis-a-vis to the data? And if I'm an enterprise, I'm thinking, I've got this piece or this segment or this bucket of enterprise data, what are the new avenues I want to grow and leverage that data to add more value to my fur? These are all the same kinds of questions being asked, and on one hand it's great because it allows for a better customer touch, but by the same token, it also allows for a lot of risk here. And so maybe to add a little bit more concreteness to this, Amir, maybe if you wanted to, I know we talked about this just before we began here. Could we give a little visual here about shiny hunters, a little bit of a visual about just what it means to visualize that data, what it means to be thinking about the threat more holistically. I know you had a visual to share with us, and it's not a slide promise you that, but it just is one sort of thing here just to show people.

Amir Khayat, Vorlon (37:34):

Yeah. So no slides as we promised, but definitely just wanted to go back to the challenge, the complexity and what it requires, because everything that you said just now, Justin, I think it goes back to times in essence you don't want to prevent from your organization to move fast, but you also have to be aware of any potential threat risk that can come with that. So I guess if you're going back to the shiny hunters and overall to understand again, how's your overall SaaS and AI ecosystem looks like? Can you see see my screen? Sure. Alright, let's see a quick demo of Lon and we'll also focus on the shiny hunters. But I guess before I'll start, I do want for the audience that haven't seen Lon yet to conflict cover, how does rolon works and what's our approach starting from the discovery? Basically what volun does is observing application.

Amir Khayat, Vorlon (38:33):

If you follow my mouse here, you see that in our demo environment we're observing eight application. This is the starting point for volun. In order to start continuously monitoring and behavioral detection, basically just using a read only access token to the desired application, you configure volun. And from that moment, volun will start to learn all the relationship users applications, discover all the third party application that are connected to your SaaS application from data movement perspective, identity and authorization. You can see here in the discovery page that basically once we observe these eight application vol, discover and detected 51 application, vol can detect over thousands of different application including AI tools. If you'll hover with the mouse here on the ai, you can see that specifically that will give you a better understanding of all the different AI tools and agent that are accessing your data and all the data movement that comes with that.

Amir Khayat, Vorlon (39:46):

Now, in related to the shiny hunters breach, I will say that volun can integrate with all your existing security tools that within your stack essentially to trigger insight and high critical alert. So for organizations that already have security processes in place, essentially the shiny hunters should be trigger in their SOC dashboard, si, or any other tool that they usually consume a high critical alert. But let's focus on the role on interface for today. So essentially if we're looking at the dashboard, if I'm an analyst, what I can see immediately is that there was a spike here in June 25. Essentially this is because a new OAuth application was created in our environment. We can see here that this has a high risk. Their name is the name of the app, oau app is data loader. So if I want to learn more, I'll just click on that and go through the timeline before talking specifically about this attack vector and how it was handled.

Amir Khayat, Vorlon (40:55):

I will say that one of the value that fullon brings is the ability to reduce your effort to understand the full picture very, very quickly. Think about that. When your vendor basically is being bridged, there is a time to identify that you're relying on the vendor to notify you. Having an environment and a solution like volin that continuously monitoring all your connection will basically make you proactive, will allow you to understand things even ahead of your vendor and you will not need to be relying on them to notify you. Now more specifically about the effort, I will say that understanding all of that, everything that you're going to see now is a high effort. What do I mean by that? Internally, you will need to reach out to the business application owner, get access to the logs or any information piece of information that you will allow you to do a better investigation and go through hundreds of roll logs, including additional application to understand if this breach has evolved like in the scenario of shiny hunters.

Amir Khayat, Vorlon (42:05):

Going back to the demo here, you can see a clear timeline. We can see here that on June 19 there was an identity that was created and that was first seen in Lon. Lon automatically triggered an alert here, mainly because it identified that as a new AU app with full permission. So this is something that the security team should be alerted on. Now as a typical attack, the attackers didn't attack immediately. They sat quietly and waited for their time. And you can see here across the timeline that two months after basically the attacker woke up and started to pull some information, volun correlated it with a previous alert and basically notify you that there was some communication from a new unknown source ip. If you click here, you'll get a full picture, I will say before drilling down into this specific alert, that volun also allow you to take action immediately.

Amir Khayat, Vorlon (43:06):

It'll correlate all the information, will give you a very, very specific steps that can either be delegated to the business application owner or being run automatically assuming that you created the right role and you trust volume to take actions for you. In addition to that, we're correlating all the information, stitching it in a way that will allow you to do a good investigation. You can see here the owner that was probably phished and his identity was impersonate in order to create this odd application, you'll see the full permission, you will see all the identities relationship, but essentially all goes back to the different alert that we create. If you click here, you can see that the two different alert that are associated with shiny hunters, if you click on the recent activity, you can see that essentially there was some communication coming from the Netherland in Europe.

Amir Khayat, Vorlon (44:01):

LON will enrich that for you, and this is the interesting part here. You can see that based on different threat intel databases, this IP is associated with the threat. It actually is an anonymous one, and it was also classified coming from a TOR exit, which also give you more indication that that communication was intended to be masked. Our focus on data movement will allow you to very quickly understand what type of data you shared with the attacker. We're also you the ability to see if it was connected to other data flows or other application. But essentially there are two ways that you can respond here, either delegated via an IT ticket to the business application owner or essentially take an action and revoke this specific application token from the system immediately. Or again, if you have the right role at Lon, that will execute automatic actions for you. You can also do it from here hopefully, that help you to understand how we approach your overall SAS ecosystem and ai, and more specifically with the shiny hunters, how lon can help you to respond to these type of bridges very quickly.

Justin Lam, 451 Research  (45:19):

One of the other big trends, and maybe if this is also a sequel for our next conversation, is that fundamentally at the end of the day, many of these companies that are themselves transforming themselves by SaaS and by ag agentic ai, they are for better or worse becoming ag agentic and SaaS driven organizations of themselves. The economics of how they even think about recurring revenue, for example, that is no longer a construct that is simply just limited to technology companies. And so I say that all to say that one of the other things that is becoming a huge trend is in the idea of the shared fate or the shared responsibility, shared operation. The outcome that we're seeing here at s and p Global is a trend towards organizations that are more trustworthy. Beyond any single enterprise, of course, are your downstream stakeholders, your customers, your consumers, and there are just higher and higher levels of trust that are needed for brand recognition, for brand interaction, whether you operate in a B2B fashion or in a B2C fashion or B two, B2C, or any of those variations thereof, trustworthiness and being able to be defensible in how you approach onboard technologies, provide transparency on the controls of those technologies, although those things are going to be essential for you, especially given how fractured the eject world is, how fractured misinformation or disinformation about a brand can be.

Justin Lam, 451 Research  (47:09):

All these different things are leading up to organizations driving themselves to become more trustworthy. But that's probably another longer conversation here, but I just am thankful for our time here together and maybe we can just wrap it up with any closing thoughts, Amir, on your side.

Amir Khayat, Vorlon (47:32):

Yeah, definitely don't put the destiny, your destiny as a company, as a security organization with others. Be proactive. I'll say this is thing that we see over and over working with customers that are very much focused on the productivity and SaaS and AI is a real threat, real attack vector that every bad actor is leveraging today, pretty much, or thinking in the reconna stage. So yeah.

Justin Lam, 451 Research  (48:03):

Yeah. Got it. Got it. Hey, we've got a few more minutes here for some q and a here, so just kind of rapid fire. Amir, I'll give it to you. A few questions streaming in here and also from blackout DEFCON here. First question here is there's this idea of SSPM and DSPM, SaaS security, posture management and data security, posture management. Do you make a differentiation or a distinction? Amir, how do you think about the differences? What's your thought process there?

Amir Khayat, Vorlon (48:43):

Yeah, so definitely I would say that if we're looking at the DS PM technology, the DSPs classifying data address, if we're talking about from an infrastructure as a service, G-C-P-A-W-S, Azure, this is one bucket. The other bucket is data lake perspective and definitely classifying and helping security teams. So this technology helped to focus on data addressed. SSPM is part of the SaaS challenge. Again, I think that looking at configuration, it's definitely a problem. It's a problem that there are vendor in the industry there are solving, but SaaS security, posture management is mainly focused on misconfiguration. I think that our approach in general, just to say as a solution, we're focusing on the context and that again, drives your priorities. When I say focus on the context, what type of data was actually moving side by side with misconfiguration?

Justin Lam, 451 Research  (49:46):

Sure. Next rapid fire question. I sort of summarized this one. With so much SaaS out there, how do organizations get started if there were a couple sorts of ways to get some easy wins, especially for organizations that have loads of SaaS out there, loads of complex SaaS deployments, loads of all that complexity, it feels like boiling the ocean. What's an easy way to get started? Where are some quick wins?

Amir Khayat, Vorlon (50:18):

So I think our approach when we work with our customer is first to understand where do they believe they store the most sensitive information that can impact organization, right? And I think that usually we identify the list of those application first with us. It's very, very, very minimal lift. You basically provide us a read-only API token, or you can put some logs and we will start to show you what you don't know. I think that the whole idea of, and our data metrics technology is allowing you to discover thousands of connections immediately and then we recommend you what is next? So back to your question, deploy, start to see what you don't see, learn about that investing in solution that help you to understand where are your risks and what can be a potential risk and helping you to navigate this complexity and where to focus in terms of your next steps.

Justin Lam, 451 Research  (51:19):

Got it. Got it. And then I guess another sort of question here, just sort related to that is what do you think are some of the gotchas that people aren't thinking about when they're thinking about securing ai, thinking about securing SaaS, thinking about securing it in a joint motion. What are some of the gotchas out there that people aren't realizing along the journey? That they suddenly have this aha moment that, oh, well, I didn't know that or I wasn't prepared for that and now I have to get prepared for that. What are some of those gotchas?

Amir Khayat, Vorlon (51:59):

I can say that from our perspective, what we hear a lot is that we actually elevated the conversation between security and business application owner. Again, you help them to see what they haven't seen before. And I think that's the starting point. Now, going back to ai, I think the discussion about iGen AI is not something new. I think that companies SaaS vendors are developing things fast now, and that creates, again, a challenge from a security perspective. The big ones can invest immediately in security and hopefully other will follow. But definitely being able to identify what data you share with your AI tools as a whole and what permission. And one of the things I can tell you that we're working with a customer that actually they created an agent that's starting now to connect to their HR system and can expose bonuses, compensation, and for managers. And this is kind of like a way that they look at it. So again, focusing on the data that you share, what you share, and who you share it with. I would say that this is kind of like where we've seen a quick interest when we plug in.

Justin Lam, 451 Research  (53:20):

Oh, Elias. Hey.

Elias Terman, Vorlon  (53:21):

Great conversation you guys. Yeah, thank you. Thank you so much, Justin. Thank you so much, Amir. Wonderful conversation and we're going to make sure everyone in the audience here gets some great follow-up materials related to today's event. And thank you guys again, and this concludes today's webinar.

Amir Khayat, Vorlon (53:42):

Alright, thank you so much. Great chatting with you Justin, and thank you you with you here, Elise. Take care. Alright, bye. Have a great weekend.