Skip to content
slack_logo 1 Chat with Sales
Book a Demo

Press Release

Vorlon’s DataMatrix™ Cracks Open ‘Black Box’ of SaaS Ecosystem Security to Eliminate Blind Spots

Gives security teams first-time visibility and tools to protect entire interconnected SaaS attack surface increasingly exploited in data breaches

SAN FRANCISCO, RSA CONFERENCE, April 16, 2025 – For the first time, Vorlon is enabling security teams to crack open the opaque “black box” of SaaS security with the introduction of its patent-pending DataMatrix™. The technology breakthrough fills the API security logging gaps present in more than 50% of SaaS apps and gives security teams the visibility and tools needed to protect the entire interconnected Saas ecosystem.

Vorlon will be at RSAC 2025, demonstrating DataMatrix™ and its SaaS ecosystem security platform at Booth #ESE-66 in the Early Stage Expo Hall.

Existing solutions don’t solve the problem

Today’s SaaS security is broken, not just due to misconfigurations but also because security teams cannot see data flowing through APIs, SaaS human and non-human identities, and third-party services. Akamai estimates that app-to-app data flows already represent 83% of internet traffic.

Yet, these webs of API-enabled connections are unmonitored and leave blind spots that attackers are increasingly exploiting, leading to a 68% yearly growth rate in third-party breaches (Verizon DBIR). Furthermore, this complex attack surface is expanding rapidly due to the distributed nature of modern applications, no-code integrations, and AI-driven automation.

“Vorlon gives me a visualization of our SaaS ecosystem," said Anthony Lee-Masis, CISO and Vice President of IT at ThoughtSpot. "With Vorlon, I can click into one of my SaaS apps and see all the other apps, services, and secrets connecting to it, and where the data is going. I've got the full context, and in the security world, context is king.”

Vorlon’s research into top SaaS apps shows more than 50% of SaaS apps fail at meeting basic logging requirements because of the lack of maturity, consistency, and availability of SaaS API audit logs. Other red-flag findings were:

  • 30% lacked full API logging, meaning security teams would have no record of certain API-based activity
  • 40% failed to distinguish between human and machine-based activity, creating a major attribution challenge for security teams
  • Nearly 50% required additional licensing or manual support requests to access security logs

In addition, existing security approaches, such as SaaS Security Posture Management (SSPM) or Non-Human Identity (NHI) security tools, only solve half the problem.

  • SSPM helps enforce access policies and reduce misconfiguration risks, but lacks real-time detection and response capabilities, especially when it comes to issues unrelated to configurations, such as traffic volume anomalies, dormant secrets, multi-use secrets, sensitive data access, and more.
  • NHI tools help track API keys, but do not provide the SaaS-wide visibility and context needed to prioritize risk and detect active threats.

The bottom line is that these tools fail to provide the context needed to detect and respond to threats in this highly interconnected environment.

Introducing Vorlon’s SaaS ecosystem security platform

In sharp contrast, Vorlon unifies SSPM, NHI security, data flow visibility, and detection and response into a single platform, providing the context to detect, investigate, and respond to real threats across modern SaaS ecosystems.

“SaaS security is more than managing configurations or tracking API keys. It is about understanding how applications, integrations, sensitive data, and identities interact in real time to create a baseline, monitor suspicious activity, and prioritize risk,” said Amir Khayat, CEO and co-founder of Vorlon.

“Today, security teams are missing this critical SaaS forensic data, making it difficult to detect, investigate, and respond to SaaS-based threats. This results in greater cybersecurity risks for enterprises, as it limits their ability to preemptively stop breaches and slows down the response to incidents when they occur. Vorlon closes these gaps to protect the entire SaaS ecosystem.”

According to Gartner®, “Software as a service ecosystem security encompasses a comprehensive set of security controls and safeguards to secure the SaaS environment of an enterprise. Similar to multicloud protection providers, these solutions are multi-SaaS protection offerings. They support the ability to perform detection and response and respond to security incidents in real time with multi-SaaS alert ingestion and application visibility into shadow IT and user usage of applications. These security measures are essential for protecting sensitive data and ensuring the availability and integrity of that data within SaaS.”1

SaaS security has long been constrained by a fragmented approach, in which individual applications are treated as isolated security challenges rather than part of an interconnected whole.

Vorlon’s innovative approach secures the SaaS ecosystem as it really exists — one entire, interconnected attack surface. The company combines a unique set of capabilities in a single platform that examines what talks to what and how sensitive data flows across this complicated web of connections.

To achieve this, Vorlon first eliminates the gaps in SaaS API monitoring. It captures API traffic from the environment’s SaaS apps, including third-party SaaS and mission-critical custom applications that are often deeply integrated into the broader SaaS ecosystem. It then enriches the raw data with intelligence gleaned from each SaaS vendor’s API docs and proprietary research.

Addition of powerful DataMatrix engine provides single solution

Using this information, the new DataMatrix™ technology generates an algorithmic model of the entire SaaS ecosystem. This “digital twin” comprises an out-of-band model, updated in near real time, which can now monitor sensitive data flows, detect anomalies and policy drift, and provide the context necessary for faster, AI-driven incident remediations.

Vorlon’s SaaS ecosystem security platform, with its powerful DataMatrix™ engine, unifies SSPM and NHI security, data flow visibility and detection and response into a single solution, providing security teams with the context necessary to detect, investigate and respond to real threats across modern SaaS ecosystems. For the first time, teams can use a single solution that:

  • Provides comprehensive API visibility: Examines in depth how app-to-app data, identities, and secrets move between SaaS, internal applications, and connected services
  • Delivers real-time detection and response: Alerts on active threats in near real time; provides remediation steps that integrate with existing workflows in SIEM, SOAR, and ITSM tools
  • Correlates posture misconfigurations, secrets, API activity, and sensitive data flows: Alerts when the same secret is used across multiple SaaS applications, identifies active data exfiltration attempts, and revokes the key in two clicks before damage is done
  • Provides full context for security investigations: Shows what identities are doing, what data they can access, and whether the access is being misused

Use cases for Vorlon’s SaaS ecosystem security platform include:

  • Breach Response: Assess the impact and recover from a third-party app breach
  • Third-Party Risk Management: Add real-time monitoring to cyber TPRM programs
  • NHI Security: Manage secrets and respond to suspicious behavior
  • SaaS Security: Provide visibility into APIs, risky misconfigurations, sensitive data flows, and suspicious behavior
  • Compliance: Audit-ready reports for PCI and data privacy mandates

​​​Schedule a meeting with Vorlon at RSA Conference 2025.

Learn more about how Vorlon and DataMatrix provide proactive SaaS security online or schedule a demo now.

1 Gartner, Emerging Tech: SaaS Ecosystem Security Products Transform SaaS Security, By Lawrence Pingree, Mark Wah, 19 July 2024. GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved.

About Vorlon
SaaS moves fast—Vorlon’s SaaS ecosystem security platform gives enterprises the context to move faster. By combining data flow visibility, posture and secrets management, and detection and response, Vorlon helps you see what’s connected, what’s at risk, and what to do next. With its agentless, patent-pending DataMatrix™ technology, Vorlon builds a live model of your SaaS environment to power fast, AI-driven remediation. Backed by Accel and SOC 2 Type 2 Certified, Vorlon is trusted by Fortune 500 companies to secure what others miss: the interactions between apps, identities, and data that power modern business. Learn more at vorlon.io.

Media Contact:
Montner Tech PR Deb Montner
dmontner@montner.com