Software-as-a-service ecosystem security startup Vorlon Inc. today announced the launch of DataMatrix, a new technology that it claims will open the opaque “black box” of SaaS security.

DataMatrix fills API security logging gaps present in more than half of SaaS apps and gives security teams visibility and tools to protect entire interconnected SaaS ecosystems.

Vorlon argues that today’s SaaS security is broken, not only from misconfigurations but also because security teams cannot see data flowing through APIs, SaaS human and nonhuman identities and third-party services. The web of API-enabled connections is often unmonitored and leaves blind spots that attacks are increasingly exploiting.

DataMatrix tackles those issues head-on with an engine that creates a digital twin of an organization’s SaaS environment. The model is updated in near-real time and enriched with proprietary insights from SaaS vendor documentation to allow security teams to monitor sensitive data flows, detect anomalies and correlate activity across applications and services with greater precision than traditional approaches.

Vorlon’s research into top-used SaaS applications also revealed that nearly half require additional licensing or manual intervention just to access audit logs. The lack of visibility creates significant risks, particularly as app-to-app communication now accounts for the majority of internet traffic. DataMatrix eliminates those visibility gaps by ingesting and analyzing API traffic out-of-band, meaning it operates without deploying agents or interrupting services.

The approach secures the SaaS ecosystem as it really exists — one big interconnected attack surface. DataMatrix says it offers a unique set of capabilities in a single platform that examines what talks to what and how sensitive data flows across a complicated web of connections.

“Today, security teams are missing critical SaaS forensic data, making it difficult to detect, investigate, and respond to SaaS-based threats,” explained co-founder and Chief Executive Amir Khayat. “This results in greater cybersecurity risks for enterprises, as it limits their ability to preemptively stop breaches and slows down the response to incidents when they occur. Vorlon closes these gaps to protect the entire SaaS ecosystem.”

Vorlon is a venture capital-backed startup that most recently raised $15.7 million Series A in April 2024. Investors in the company include Accel Partners Inc. and Shied Capital.

Image: Vorlon