By Cassandra Balentine
Cloud applications (apps) represent an important—and growing—area within the software industry. Security remains a prime consideration for enterprises looking to migrate business processes and applications to cloud platforms. Many organizations provide solutions to address these concerns.
Founded two years ago by Yair Grindlinger and Doron Elgressy, veteran entrepreneurs in the IT security field, FireLayers is dedicated to enabling CIOs and CISOs to responsibly adopt cloud apps, and ensure compliance and governance of these apps on any device by any user with a comprehensive, policy based platform.
The company started with backing from YL Ventures and Akamai. Today, the company has more than 25 employees with offices in Israel, France, and the U.S—both east and west coasts. IT also serves over a dozen customers in EMEA, Europe, and the U.S. A private company, it declined to unveil their annual revenue numbers.
FireLayers offers solutions designed to provide CIOs and CISOs with the power to strategically control and protect cloud app usage and data. The company allows organizations to maintain an enterprise level of security, compliance, and IT governance across all cloud apps.
Recently, FireLayers announced a partnership with Check Point in which the two companies developed a joint solution designed to fill a major gap in available threat protections for cloud apps in relation to malware distribution.
The solution, Extend Perimeter Security Software solution, pairs the FireLayers Secure Cloud Application Platform with Check Point’s SandBlast Threat Emulation service for advanced sandboxing. Documents downloaded through file-sharing apps are scanned for and cleaned of any potential malicious behavior, ensuring the recipient of a document is not met by foul play.
This joint solution was developed as a result of a real market need, according to Boris Gorin, VP security, FireLayers. He offers the example of something as ubiquitous as sending an email with Microsoft Office365 or sharing a document via collaboration software like Box and how it could expose an enterprise to risk because the interaction is not protected.
“Now, with the joint Check Point and FireLayers Extended Perimeter Security Solution, security tools are extended to cloud apps,” says Gorin. For FireLayers, this provides the opportunity to partner with a market leader in order to bring a needed enterprise-ready solution to market.
The FireLayers platform was designed to integrate and support a diverse ecosystem of technologies, including DLP, MDMs, anti-virus, and SIEM tools. “So, the actual development of Extend Perimeter Security solution was more of an integration, configuration, and verification process due to our open architecture and support of standard integration protocols like iCap,” he explains.
The solution leverages several of FireLayers’ unique capabilities, including a risk engine, real time security, user-centric mitigations, and true full-stack security covering all levels of cloud applications form network, IP, and device to content—then passes the context to Check Point’s SandBlast Threat Emulation, resulting in a significant reduction of false negatives and positives, says Gorin.
The actual integration of the two platforms took a few months to ensure smooth user experience and adoption.
Gorin suggests that any organization using cloud applications for core business processes—especially collaboration apps and those supporting the inbound sharing of files and media—need to establish the appropriate protections for its users of these services and the data in question. “Currently, the users accessing these services, including Office365, Box, DropBox, and Google Apps, are beyond the organization’s perimeter and their unmanaged devices are exposed to the most trivial of malware attacks, that is assuming the managed ones have traditional protections on the endpoint level,” says Gorin.
Meeting Future Needs
From an evolutionary standpoint, Gorin says cloud security is in its early stages. “Most organizations are hardly aware of the cloud app security problem landscape and those that are focus more on understanding the risks associated with cloud apps by using tools and technologies geared more towards cloud apps discovery and visibility rather than actually managing the risks and establishing appropriate protections from emerging cloud threats.”
“The analogy to the traditional perimeter security would be installing Intrusion Detection Systems and Honeypots and allocating resources for maintaining and analyzing the results before installing firewalls while watching data being exfiltrated and user accounts compromised,” he explains. “So, while having an understanding of your risk landscape is crucial to for the success of any security program, with most security organizations today being understaffed, under budgeted, and overflowed with incident management and response, it seems to me a rather inefficient strategy.”
Extend Perimeter Security solution is the first product to hit the market. However, Gorin explains that they have a joint pipeline of solutions on the way, which will transform how enterprises protect their extended perimeters including the cloud application landscape. SW