[MBSD] ASM service “CAAV” launches service that automatically lists SaaS in use, including shadow SaaS
*MBSD*
Press release: September 4, 2024
**
ASM service “CAAV” launches service that automatically lists SaaS in use, including shadow SaaS
Mitsui & Co. Secure Direction Co., Ltd. (Headquarters: Chuo-ku, Tokyo, President and CEO: Oyama Suzuki, hereinafter referred to as MBSD) has developed an in-house ASM (Attack
Surface Management) service “CAAV” (“Curve”), the SaaS (Software as a Service)
We have released a new service that automatically lists cloud services and other cloud services. This service centrally lists cloud services including SaaS (shadow SaaS) that are not known to the customer’s administrator. Properly managing this list can reduce security risks.
In recent years, the shift to the cloud has progressed, and the use of SaaS, which plays an important role in business, such as sales support systems (CRM) and web conferencing systems, is expanding. Along with this, security incidents have occurred due to SaaS configuration deficiencies, and many companies are facing risks. As exemplified by the shared responsibility model, users are responsible for security incidents caused by incorrect settings, so customers must properly manage cloud services themselves and take countermeasures.
In response to this situation, CAAV has strengthened the list of public assets[i] that it has provided since its launch in 2022, and has started providing a service that automatically lists SaaS and other cloud services used by customers. did. This service allows you to manage cloud services at a glance, including SaaS (shadow SaaS), which your administrator is unaware of, allowing you to accurately understand and take countermeasures against security risks.
● *Image of shadow SaaS detection*
● *What is CAAV*
CAAV is our proprietary tool that was highly praised at international conferences.
(GyoiThon) [ii] is a simple, purely domestic ASM service that anyone can easily use. CAAV provides a one-stop service for discovering and managing customers’ public assets, including network devices such as web servers and VPN devices, as well as the vulnerabilities that exist in these assets, which is a major issue in ASM*
Reduces operational burden* for customers. For more information on CAAV, please refer to the service introduction page [iii].
[Image of using CAAV]
CAAV has been used by many customers so far, and we will continue to evolve CAAV even further in order to protect our customers’ corporate brands.
* About Mitsui Bussan Secure Direction (MBSD) *
Established in 2001 as a company specializing in cyber security, providing various diagnostic services such as penetration
testing/TLPT/red team, web application/network vulnerability diagnosis, malware analysis, integrated log monitoring/Managed We are a company that provides advanced security technology services such as XDR services, consulting services, etc., and has many of Japan’s leading security technology personnel.
-Contact information regarding this matter-
Mitsui & Co. Secure Direction Co., Ltd.
Product & Solution Division
e-mail: caav-sales@mbsd.jp
[i] Servers and network equipment exposed on the Internet, such as websites, DNS servers, and routers, are called public assets. [ii] GyoiThon(R) (“Gyoi Thon”). Black Hat Arsenal and DEFCON We have a track record of presenting at global conferences such as DemoLabs. Click here for details: https://caav.jp/gyoithon/
[iii] Click here for the service introduction page: https://caav.jp/
CAAV and GyoiThon are registered trademarks of Mitsui & Co. Secure Direction.