Boris Gorin, Canonical Security: We are redefining enterprise application security by providing continuous visibility into interconnectivity
Canon Security will be present at the 2022 edition of the FIC. This company that specializes in securing professional application integrations and access to third-party applications provides a SaaS-based application security platform that continually profiles applications, identifies suspicious behavior or non-compliance with defined policy, and automatically reduces the attack surface. Boris Gorin, CEO and co-founder of Canonic Security, believes his solution redefines enterprise application security by providing continuous visibility into interconnectivity.
Global Security Mag: What’s New at the International Cybersecurity Forum 2022?
Boris Gorin: Canonic Security is the first company to guarantee professional application integrations and access to third-party applications.
Canonic Security provides a SaaS-based application security platform that continually profiles applications, identifies suspicious or out-of-policy behavior, and automatically reduces the SaaS attack surface.
Our platform provides access and vulnerability insights, detects native threats, and helps security teams respond quickly.
Canonic Security redefines enterprise application security by providing continuous visibility into application interconnectivity and automated application risk scoring for native services and third-party add-ons.
Today, integration risks are increasing more than ever with the proliferation of line-of-business applications, add-ons, and API extensions.
A new risk landscape emerges during application-to-application integrations, such as:
• Vulnerable or misconfigured integrations,
• Compromised application identifiers,
• Harmful apps,
• Applications that require elevated privileges.
Global Security Mag: What are the strengths of the solutions you are going to present on this occasion?
Boris Gorin: Canonic Security addresses all these challenges by mapping the interconnectivity of business applications, discovering harmful, vulnerable, or high-privilege applications and integrations, and mitigating the risks of accessing third-party APIs.
With Canonic Security, our customers benefit from the following advantages:
• Full visibility of 1st, 2nd and 3rd party API integrations across the entire business application fleet,
• Assessment of each integration posture and the risk related to its API access,
• Reduction of your third-party attack surface,
• Simplified application verification and recertification processes.
Global Security Mag: Since the beginning of the year, have you noticed the emergence of new cyber threats?
Boris Gorin: We are certainly seeing a proliferation of native SaaS threats as the use of enterprise SaaS applications has increased, creating a new attack surface.
Hackers tend to attack the “easiest to catch” companies, companies using SaaS apps, OAuth apps, and third-party APIs being one of them.
Global Security Mag: How should technologies evolve to combat these threats?
Boris Gorin: Many organizations already have verification and pre-approval workflows.
Many of our customers discovered Canon Security by leveraging AppTotal, which we launched as a free community platform offering.
The premium offering allows our customers to integrate the following features into a variety of SaaS platforms: • Access intelligence: map and analyze applications, services, add-ons and many other available integrations, • Vulnerability Insight: discover vulnerabilities, abuses and/or integrations misconfigured, • Continuous monitoring: Continuously monitor behavior, revoke access if necessary, and simplify end-user notifications.
Global Security Mag: In your opinion, what place can humans have to reinforce the defense strategy to be implemented?
Boris Gorin: Cybersecurity has always been at the intersection of people, culture and technology.
When considering solutions to emerging challenges in particular, it is important to deploy new capabilities that leverage current processes and strengths. The SaaS application approval and revocation workflows are a great example. By simplifying and automating the approval process for current and new SaaS applications, our customers can decrease their attack surface. However, it is the notification-based process that addresses the human element that allows organizations to embrace next-generation technologies such as Canonical Security.
Global Security Mag: There has been a talent shortage for years, what actions can cybersecurity players take to attract new talent?
Boris Gorin: Above all, leverage your existing workforce network to attract talent that matches your unique organizational culture. It should also be borne in mind that cybersecurity is by nature a dynamic and multidisciplinary discipline. As such, motivation and dedication often trump experience. The natural consequence is that onboarding new employees takes more time to overcome such a steep learning curve.
Hire for values and proven results in related fields, foster an open culture of personal development, and arm yourself with patience!
Global Security Mag: What message would you like to convey to CISOs?
Boris Gorin: One of the reasons I love working with CISOs is that the successful ones tend to be great teachers – often even personal mentors. My role as CEO is to listen to my clients and give my team the ideal environment to solve their specific problems. It doesn’t matter if a supplier has been in the market for two years or two decades.
Stick with vendors who listen to you, who consider your needs, and who are constantly working to improve their products in a win-win approach.