SkyFormation Modules


Stay on top of your shadow-IT trends and risks
and ensure acceptable usage policies

Shadow IT discovery


  • Which cloud services and applications are being used by our employees?

  • What are the security and compliance risks in cloud services and shadow IT?

  • How can I identify cloud usage violations and trigger incident response?


  • Discover and show your SIEM which cloud services are being used, by whom and when

  • Enrich discovered cloud services with security readiness score for effective and easy risk assessment

  • Ensure governance and compliance using the existing incident response process and systems


Do you want to know which cloud services and applications are being used by your organization's employees?

SkyFormation Discovery will show you which cloud services are being used, who is using them and additional useful information.



SkyFormation either uses log files from firewalls, proxies and Active Directory and resolve the organization usage and adoption of cloud services by the organization's users.

Your Shadow IT will become visible in just a few minutes after SkyFormation Discovery setup!


   Get activities visibility, and detect threats on
   cloud services in using your existing SIEM/SOC systems

Protect cloud application screen


  • How can my SIEM get granular events and users activity information without needing professional services?

  • How do I rapidly detect compromised accounts, data leakages, anomalous behaviors, and compliance violations?

  • How do I keep the detection rules
    in my SIEM updated without the time and expense of professional services?


  • Out-of-the-box cloud services connectors for your SIEM saving you expensive development or professional services.

  • Out-of-the-box threat detection rules in your SIEM, based on user access behavior, changes in permissions/privileges, administration changes, file and resource management issues and more.

  • On-going updates for the threat detection rules in your SIEM, to keep you up-to-date with latest threats and risks.


Do you need to identify compromised accounts, insecure security settings changes, sensitive data sharing activities and more  ?

Identifying security threats and regulation compliance risks reduces risks and allow safer and faster adoption of cloud services.


SkyFormation provides detection rules that are applied to your existing SIEM system, and detect security threats and compliance risks.

Example for out of the box detected scenarios and risks:


SkyFormation platform includes extensions to existing SIEM systems that add out of the box detection rules.


Trigger incident response 
on cloud services from your existing IR tool

Analyze cloud application risks


  • Our security operations staff is already stretched thin. How do we streamline cloud services incidents investigation?

  • Instead of buying a whole new CASB system, how can we leverage our existing security systems and operations?


  • Speed up investigation and incident response with the our cloud services connectors events sent in actionable and unified form to your existing investigation system.

  • Allow any existing remediation and automation tool to perform remediation actions on cloud services, as reset user password, remove a file and more, with our cloud services connectors remediation API.


SkyFormation has helped you learn about your cloud apps, users and data. Now, how can you govern them?

SkyFormation Extend employs a Universal Connector to collect security-related events from your cloud applications and transfer them to your SIEM/SoC security tools.


SkyFormation Extend Universal Connector collects security-related events to provide uniform, meaningful and actionable events to any of your existing security tools (SIEM, Splunk, Log aggregators and security analytics).

Zoom into business cloud applications such as Salesforce, ServiceNow, Office 365, Google Apps and AWS to continuously analyze their data security and compliance threats.


SkyFormation employs various technologies to collect data from cloud applications, sparing you the need to learn different APIs and each application's internal business logic.

Our Universal Collector can receive raw data across different applications and put rorth meaningful, uniform output so that the security team can easily understand what happened and act upon it.