Started in 2010 by Mark Risher, who was formerly general manager of Yahoo Mail, the company has garnered around 500,000 companies as clients, including CNN, Pinterest, Typepad and Tumblr.
The draw? Because Impermium monitors how people are behaving on all those many sites, including how they're using social media, the company is able to know if someone trying to login to a site has a pattern of abuse or a pattern of good behavior. In that way is able to predict if an attempted attack is likely. Basically, it sniffs out deviations in user behavior across all those online territories, looking at what devices people are using, their network and physical locations as well as the social reputation of whomever is trying to login to a site.
Impermium offers two products: one for business users of software as a service platforms and another that protects companies' websites.
The former, called Accountability, is a new service that monitors Twitter, Salesforce, Box, Facebook, and Marketo accounts and sends email or text message alerts to users if it detects fishy activity. For now, the beta service is free.
Impermium's second product, called CloudSentry, helps web-hosted applications identify suspicious behavior.
"It integrates into the log-in flow of the site and performs analyses of the circumstances around someone trying to connect," Risher says. "So if you're logging in from [your usual city] from your regular iPad that you use all the time, that's a low-risk scenario and we'd identify it as such. If someone is logging in with your credentials from a cybercafé in Indonesia, that is a higher-risk scenario and so we would give that a higher risk rating and suggest that [a client] maybe suspend the account, give it some reduced privileges, or ask for a secondary authentication like Toopher."
Risher likens what Impermium offers to the alarm system that augments the locks on the front door of your house, and in that way is an important complement to two-factor authentication solutions.
"YubiKey and Toopher... are both well regarded products that strengthen the front door. But a site and an application needs intelligence, needs real-time risk analyses to be able to determine [whether] even if someone has the key, should we let them in or not?"
Sign up for CIO Asia eNewsletters.