Soha Systems Finalizes $9.8M In Series A Funding For Multi-Layered Cloud Security Solution

Cloud security vendor Soha Systems recently announced the finalization of $9.8M in Series A funding led by Andreesen-Horowitz, Cervin Ventures, Menlo Ventures and Moment Ventures. The Soha Cloud establishes a line of defense against threats to cloud security by routing all incoming network traffic to the Soha Cloud. The Soha Cloud creates a multi-layered security barrier between a customer’s cloud-based infrastructure and internet-based intruders. By leveraging multi-factor authentication protocols to ensure that end users have appropriate credentials and authorization, the Soha Cloud identifies and remediates threats before they have the opportunity to interact with the designated cloud infrastructure. Capable of configuration in 15 minutes, the Soha Cloud security solution is compatible with Amazon Web Services, Microsoft Azure, Google Cloud Platform, VMware vSphere, VMware vCloudAir and the OpenStack platforms. The platform’s ability to support a multitude of well known cloud platforms out of the gate points to the maturity of the Soha Cloud technology at such an early stage of the company’s trajectory and underscores the ease of implementation of a solution that promises to enhance organizational compliance, security and auditing practices.


Niara Finalizes $20M In Series B Funding For Its Stealth Security Solution

Stealth security analytics company Niara announced the finalization of $20M in Series B funding led by Venrock with additional participation from New Enterprise Associates and Index Ventures on Thursday. Niara specializes in analytics for IT security that identify and remediate cyber attacks and their attendant root causes. Niara’s analytics have the ability to bridge siloed datasets in order to obtain a holistic solution to IT security that can identify security breaches, develop solutions tailored to the heterogeneity and evolution of threats and prioritize potential threats for investigation. By performing analytics “across disparate data sources,” Niara delivers a 360 degree view of an infrastructure that recognizes the variety and volume of sources of threats using nuanced analytics against historical data. The Sunnyvale-based company leverages a combination of advanced analytics and forensics to mitigate security-related risks and enhance the productivity of security, compliance and risk mitigation teams. Today’s capital raise brings the total funding raised by Niara to $29.4M. Precise details of the Niara solution remain scant although the cybersecurity space should expect to hear more details of its security solution in forthcoming months, particularly given the $20M Series B infusion of cash that is likely to fuel both product development and sales and marketing operations. The larger point worth noting, however, is that cloud security is a hot space for VCs and investors, particularly as the proliferation of infrastructure platforms, data frameworks and networking infrastructures converges to create increasingly complex IT amalgamations that require correspondingly more sophisticated security solutions to guard against systemic vulnerabilities as well as the diversification of threat sources and types.

AlienVault Announces Native Cloud Security Support For Amazon Web Services

AlienVault today announced that its security management platform is now generally available, natively, to protect infrastructure deployments on the Amazon Web Services platform. AlienVault’s Unified Security Management (USM) platform supports AWS by means of a SaaS application that specializes in threat identification and resolution. Core capabilities of USM include asset discovery, vulnerability assessments, threat detection and behavioral monitoring. AlienVault collects data from devices, applications, networks and other infrastructure components to build a catalogue of knowledge about an organization in order to detect aberrant behavior as well as security violations. Crowdsourced threat intelligence represents another key feature of the AlienVault platform that empowers security managers to leverage the insights of peer organizations to make informed judgments about the validity and severity of potential threats. With respect to Amazon Web Services, AlienVault begins by hooking into an AWS deployment to understand what instances have been spun up and how they have been related to one another. AlienVault subsequently performs a configuration assessment of the relevant AWS infrastructure to determine if it has violated best practices before unfurling USM’s core capabilities such as behavioral monitoring and predictive analytics-based threat intelligence. With today’s announcement, AWS customers stand to benefit from a security solution that delivers a high degree of visibility into the state of an AWS infrastructure with an easy to deploy solution that caters to the needs of mid-size organizations. Moreover, AlienVault USM bolsters the ability of organizations to maintain compliance with internal and third party protocols and subsequently gives organizations another control framework that they can use to manage IT-related risks, particularly as those risks relate to public cloud via AWS.

Notes On Cloud Security: An Interview With Krishna Narayanaswamy, Chief Data Scientist At Netskope

Cloud Computing Today recently spoke to Krishna Narayanaswamy, Chief Data Scientist at Netskope, about the company’s positioning in the cloud security space in addition to his predictions for the cloud security landscape in 2015. Part of the impetus for the conversation was to understand how cloud security involves more than the monitoring of real-time system and application behavior that suggests fraudulent or abnormal activity by implementing proactive actions based on predictive analytics and machine learning. Krishna responded by elaborating on Netskope’s ability to develop security policies in conjunction with its analytics as well as the BYOD phenomenon and its attendant challenges for cloud security. As for cloud security predictions for 2015, Krishna noted an expected increase in data breaches, the use of cloud apps as a vector for the spread of malware and the way in which cloud security for apps sanctioned by enterprise IT policies will need to address the security of data at rest as well as data in motion.

1. Cloud Computing Today: How do you understand Netskope’s differentiation within the cloud security space?

K. Narayanaswamy (Netskope): The workforce of nearly every company today uses cloud apps, and as adoption has become common, it’s more likely that people will share sensitive business information via those apps. Our research shows that the average organization today has 613 cloud apps in use, 88 percent of which are not enterprise ready. Today’s companies not only need a way to discover the cloud apps that are used by their workforce — sanctioned or not — they need to be aware of the activities that happen within those apps, and set policies to prevent the activities that put confidential and sensitive information at risk.

Netskope is the only cloud app security and enablement company that offers real-time analysis and policy creation to prevent unwanted behavior, and the ability to monitor ALL cloud apps (not just those within IT’s purview). Secure cloud enablement is no longer a “one-size fits all” solution, and through Netskope’s Active Encryption, any user can tailor the creation of policies to fit their needs — large healthcare companies are going to focus more in HIPAA compliance than a music and entertainment company, for example.

2. Cloud Computing Today: What is the fundamental problem of cloud security as you see it from a business perspective?

K. Narayanaswamy (Netskope): Cloud apps are the norm in the workforce, with the vast majority being brought in by users unknown to IT, known as “shadow IT.” Today, IT grossly underestimates the number of cloud apps in use by their workforce, which presents significant data security and compliance risks. With the BYOD trend gaining momentum with no end in sight, more apps are guaranteed to make their way into organizations, and access corporate information than ever before, and CISOs are scrambling for a solution. The underlying problem with cloud app security has been that IT’s been forced to make a stark black and white decision — either block all cloud apps at the network perimeter, or let secure corporate data run rampant in unsanctioned cloud apps. Today, IT can can get the insights they need about usage, users, and activities done within apps to that they can promote secure usage. Rather than clamping down and blocking all apps, IT can embrace BYOD, rid negative connotation with the term “shadow IT,” and formulate security policies using a highly scalable approach that adapts to the cloud app economy.

3. Cloud Computing Today: What are your Cloud Security Predictions for 2015?

K. Narayanaswamy (Netskope): In 2015 we will see continued growth and adoption of cloud services in enterprises. The adoption will fall under IT sanctioned apps as well as lines of business driven procurement. The implications for security solutions are:

•Enterprise IT sanctioned cloud apps will be deployed in production only in conjunction with a suitable security solution to secure the enterprise sensitive data as it migrates to the cloud. The security solutions will cover both data at rest as well as data in motion to the cloud apps.
•Cloud security solutions will be deployed to monitor and safely enable the use of non IT sanctioned cloud applications
•We will see increased use of SSO technologies and MFA policies to access cloud applications
•Data breaches in cloud apps will start becoming prominent. App vulnerabilities will continue to be a major threat vector. Keep an eye for open source related vulnerabilities. Cloud apps rely heavily on open source components. Vulnerabilities in open source packages will imply threats to cloud apps if not addressed in a timely manner. Vulnerable cloud apps in turn lead to data breaches
•Malware – cloud apps will become a significant channel for distribution of malware. Existing URL filtering technologies do not adequately address this threat vector.
•Data driven security will become mainstream. Cloud security solutions will generate metadata that is used for detecting anomalous user behaviors and data theft.

Kaseya Release 8 Adds Security And Compliance Functionality To Its Cloud Monitoring Platform

Kaseya recently announced the launch of Kaseya Release 8, which adds security and compliance features to its cloud monitoring platform. Kaseya 8 bolsters the ability of small to mid-size organizations to manage their IT infrastructure and applications by means of enhancements to Kaseya Remote Control that empower IT administrators to remotely perform work on servers and workstations. Moreover, Kaseya’s AuthAnvil product helps companies manage IT-related authentication protocols, including two factor authentication, single sign-on and password management functionality. AuthAnvil also enables users to customize the list of applications included within the purview of single sign-on applications as illustrated below:

Furthermore, Kaseya 8 claims enhanced centralized management functionality for Microsoft Office 365 and SharePoint Online. In addition, the platform delivers service level tracking software to automate compliance with service level agreements in conjunction with the delivery of notifications that signal cases in which a SLA stands a danger of violation. Overall, Tuesday’s release pivots the product toward security and compliance functionality for SMBs by delivering out of the box functionality that can assist organizations monitor compliance with SLAs and assure the implementation of robust identity access management features. As told to Cloud Computing Today in a phone interview with Kaseya’s CEO, Yogesh Gupta, the company’s primary client base consists of SMBs sized at roughly 50 to 250 employees. The latest release delivers security and compliance solutions that can be readily implemented by companies that fit the profile of Kaseya’s customer base that are seeking to ensure the security of their IT infrastructures. That said, cloud security and compliance are hot topics for virtually any organization with a cloud deployment, so Kaseya will need to ensure its offering can meet the demands of its customers as they grow and undertake more complex cloud and application deployments.