Similarweb is a digital intelligence provider for enterprise and small to mid-sized business customers. Similarweb ranks websites and applications based on traffic and engagement metrics. Its ranking is calculated according to the collected datasets and updated on a monthly basis with new data. The platform provides web analytics services and offers its users information on their clients' and competitors' web traffic and performance.
SimilarWeb leverages many business-critical SaaS applications to enable productivity throughout their workforce. The security team’s number one focus is to protect their customer, employee and company data – most of which resides across these critical applications. They were concerned about certain groups and domains within the organization that had regular access to sensitive assets and files. The ongoing use of these applications made it nearly impossible for the team to apply effective data access policies that enforce the same levels of security and control across the different SaaS applications being utilized.
The built-in security features were not advanced or granular enough to implement the controls they needed to mitigate the risk of a data exfiltration or a larger scale cyber attack. The rate in which assets were created and shared across all the various users (both internal employees and 3rd party vendors) created a scalable security problem. There were also concerns around departing employees taking sensitive company data prior to their departure. Relying on the native security functionality of each application, or trying to address these challenges through manual process was ineffective and did not scale. SimilarWeb was looking to centralize secure access to the critical applications being utilized to drive their business forward.
The DoControl solution provides us with the visibility, control and enforcement capabilities we need to deliver secure access to our critical SaaS applications and data.
DoControl provided SimilarWeb with clearer visibility of their SaaS assets, with a full mapping of ownership and the associated data access enabled for each. The security team now had end-to-end visibility of their SaaS landscape, allowing them to establish a standard baseline for both internal and external end user activity. DoControl’s continuous monitoring of SimilarWeb’s environment automatically identified high-risk events and deviations from that baseline, allowing the team to investigate anomalous events before they caused irreparable damage to the business.
The security team created automated security workflows and remediation policies that revoked specific users' access, as well as removing the public sharing of files after a predetermined amount of time. The DoControl platform delivered rich data enrichments from all the SaaS events and activities across SimilarWeb’s SaaS application estate, as well as adding a new layer of preventative controls to mitigate the risk of data overexposure for groups and domains that presented higher levels of risk. For departing employees, access across critical SaaS applications were automatically shut off when their Human Resources application triggered employment status changes. Further, DoControl enabled the team to identify and remediate any lingering access the former employee may otherwise retain and eliminate access points, protecting SimilarWeb from data exfiltration.
This stat comes from the industry report we published earlier this year: The SaaS Security Threat Landscape Report. It’s a great read. We recommend you check it out.