Scirge 3.5 – Instant Shadow IT Discovery & Audit
Big news in, we have just released a major feature: Instant Shadow IT Discovery! This new capability comes with a twist, it is independent from our browser extension-based architecture and works without any endpoint deployment. This means that you can assess your cloud footprint during a free evaluation, without a complex deployment.
A snapshot of your unmanaged cloud footprint (i.e. Shadow IT) comes from your employees’ historic browsing activity, and accounts can be enumerated in case they were saved in the browser’s autofill option. In this case, we can identify business-related accounts and differentiate private ones, based on the email address used.
Why is this so important?
When employees sign-up to webistes to acquire services, what they really do is create an unmanaged footprint, or attack surface to the organization. Accounts that are email-based, which is the case for 99% of the web, are completely unmanaged, uncategorized, and bring about a number of problems that we have been talking about for a long time. This includes the obvious security risk of credential reuse, sharing sensitive or PII data with third-parties, and potentially accessing important corporate resources without control – even after leaving the organization.
The though part in discovering that, is network traffic doesn’t give us a clue about the nature of sessions, and especially the credentials used for signups. This also makes it impossible to differentiate private activities from business-related services.
How is Scirge Discovery different then?
Our main product offers complete visibility for account usage and registrations, via monitoring browsing activity. However, this takes a bit of time to show data, because we need to wait for people to sign in or use their credentials to be able to catch them.
The only reasonable way to investigate historic activity comes from, well, the browsing history. The URLs visited usually tell a story about logins and registrations. Remember that each employee has several hundred online registrations on average, so discovering a few percent across the organization will immediately give us a large chunk of visibility.
On top of that, companies that do not restrict browser-autofill features will likely see that many use these built-in password managers. The reason this is a treasure trove is that passwords tend to live very long lives, stretching several years, and Shadow IT apps may be forgotten or abandoned, but the accounts created remain out there, along with any data shared with a given service.
Browser histories are limited, but autofill features have infinite memory, and can also provide us with the email used, to differentiate business usage from personal. Also, passwords are encrypted, so no additional vulnerability is created when assessing these files. But just to be sure, it all happens locally anyway.
What comes out of the discovery?
- Reports on applications used by employees
- Estimated number of accounts based on browsing history
- Accounts saved in browser (only business-related, based on your configuration)
- The risk profile for discovered apps
How to get started?
Sign up here, for a free evaluation and start discovering your cloud footprint!
Scirge provides a unique approach to unveil and gain control over unmanaged third-party web accounts. Scirge tracks the websites employees use corporate email addresses to register on and log in to. Having a central dashboard of discovered accounts helps to reduce the risk of credential-related threats such as password reuse or account takeover (ATO). Scirge gives a level of control over SaaS usage to overcome Shadow IT. It also helps to ensure that your company complies with GDPR, CCPA, and other audit requirements.