Cofense launches new cloud security service, CloudSeeker, to address security risks around shadow IT

Share Now


Free tool gives enterprises visibility into cyber exposure caused by the proliferation of cloud services and ability to tackle the visibility gap caused by unsanctioned IT

Leesburg, VA and London, UK – April 6, 2018 – Cofense™, the leading provider of human-driven phishing defense solutions worldwide, today announced its new free cloud discovery utility –  CloudSeeker™. The tool helps organizations understand what SaaS applications are in use by an organization – sanctioned or not – and allows them to identify configured cloud services. CloudSeeker can shine a light on which cloud properties an attacker may impersonate to increase authenticity of phishing attacks.

CloudSeeker is a tool that a network defender can use to determine if their corporate domain has been used to configure SaaS applications. The corporate domain is entered into CloudSeeker and that domain is tested across a catalogue of common SaaS applications. The results of that query delivers the visibility into the cloud services configured for a corporate domain, highlighting applications that are in use but may not have been provisioned with IT’s knowledge. Output is placed into a file that can be compared against future scans to identify changes.

“With Gartner observing shadow IT amounts to between 30 and 40 percent of total IT spend, it highlights just how in the dark enterprises can be to the types of business emails their staff will be receiving and a large portion of this will be dominated by SaaS providers,” said Aaron Higbee, co-founder and CTO of Cofense. “CEO fraud or Business Email Compromise (BEC) is a very real threat that typically targets members in finance.  But attackers can easily repurpose the technique creating realistic phishing sites targeting HR, IT, Engineering, Support, etc… masquerading as cloud tools the organization actually uses.”

It only takes a few guesses as to what shadow IT may be in use and a fraudulent login page on what appears to be a SaaS website for a cybercriminal to convince an employee to hand over their log in details or click a compromised link that grants the hacker access to the corporate network.

“CloudSeeker shines a light on shadow IT and counters the security risk it presents by seamlessly fitting into an organization’s broader security ecosystem. By offering this free solution to businesses, we are leveling up the playing field between attackers and would-be victims. After all, putting up a good defense requires a strong offense, critical to this is knowing where the threats are in the first place,” concludes Higbee.

Cofense CloudSeeker is the first free cloud security tool of its kind that performs this service without collecting any personally identifiable information, requires no credentials to operate and complements Cofense’s Human Phishing Defense Solution. As part of this, Cofense PhishMe™ and Cofense Reporter™ turn all employees into a human phishing defense, and Cofense Triage™ and Cofense Intelligence™ strengthen the organization’s ability to quickly identify and respond to phishing attacks in progress.

For more information about Cofense CloudSeeker, please visit:

About Cofense

Cofense™, formerly PhishMe®, is the leading provider of human-driven phishing defense solutions world-wide. Cofense delivers a collaborative approach to cybersecurity by enabling organization-wide engagement to active email threats. Our collective defense suite combines timely attack intelligence sourced from employees with best-in-class incident response technologies to stop attacks faster and stay ahead of breaches.  Cofense customers include Global 1000 organizations in defense, energy, financial services, healthcare and manufacturing sectors that understand how changing user behavior will improve security, aid incident response and reduce the risk of compromise. To learn more, visit

Read More Related Phishing Blog Posts


We use our own and third-party cookies to enhance your experience by showing you relevant content, personalizing our communications with you, and remembering your preferences when you visit our website. We also use them to improve the overall performance of our site. You can learn more about the cookies and similar technology we use by viewing our privacy policy. By clicking ‘Accept,’ you acknowledge and consent to our use of all cookies on our website.

This site is registered on as a development site.