Microsoft is set to acquire Israeli cloud security firm Adallom, making it the company’s tenth outright acquisition in Israel, reports said Monday.

According to the Hebrew-language business daily Calcalist, the deal to acquire the Israeli start-up will cost Microsoft $320 million. Neither company responded to requests for comment.

According to the reports, Tel Aviv-based Adallom, currently with about 60 employees, will continue to operate in Israel and will expand to become Microsoft’s cyber-security development headquarters in Israel.

If the reported buyout sum is correct, it would be the most Microsoft ever paid for an Israeli tech firm, and would place Adallom among the top 25 biggest buyouts made by Microsoft. The software behemoth has made 179 acquisitions since 1987.

Adallom’s product is designed to prevent misuse of online Software as a Service (Saas) systems within organizations by keeping an eye on how they are being used. The key to SaaS data security, such as corporate mail and messaging systems, is to ensure that not only is the data itself safe but that it is being used in a legitimate manner even by company employees, said Ami Luttwak, co-founder and CTO at Adallom,

“Sales people save their contacts, programmers save their code fragments and documents, finance has their spreadsheets with custom macros, and so on,” Luttwak said in a recent interview. “Copying data is only the ‘first hop’ of the insider problem, and we can think of credentials sharing as a ‘second hop’ of an ‘insider threat.’ I think we know how dangerous it is when employees share their passwords with other colleagues.”

Ensuring that login credentials are being used properly is an important part of Adallom’s security system, Luttwak said. If a user logs into their email from New York, for example, the system makes note of it. If it then sees that the same user is trying to access records from an IP address in London just an hour later, the Adallom system sends out an alert; clearly, two different people in two different places are using the same account to access data. One of them may be legitimate, but the other one isn’t, and may be using credentials “borrowed” or even stolen from the legitimate user.

The system keeps tabs on many other security issues as well. If a user generally reads or downloads 3-5 technical documents a day, Adallom’s system will send out an alert if it sees the user downloading hundreds of documents; perhaps the employee is planning to quit that very day and is taking along some data “souvenirs” before leaving. If the system notices that there is a great deal of browser activity and many access requests, that could be evidence of malware operating on a user’s system, sucking up data from an employee’s computer or from the network. A quick alert dispatched by Adallom’s security solution allows administrators to put a clamp on that user’s access privileges.

As the system builds a user profile, Adallom is able to hone its understanding of how that user interacts with a company’s SaaS accounts to better judge whether given activities are legitimate.

“By learning how each user interacts with each SaaS application, we realized we could develop a behavioral model that would alert us and our customers when that user acted in a manner unlike themselves, when user activities fall outside their standard behavioral deviation,” the company said. “This model allows us to know with high certainty when user accounts have been compromised, and stop malicious behavior immediately. It also allows us to understand heuristic information that could then be aggregated to protect all of customers.”

The system, said the company, can examine more than 70 variables to set the baseline for normal usage within an enterprise.

Adallom — the name means “up to here” in Hebrew, denoting the limits of IT security and how the company’s technology goes beyond that perimeter — was established in 2011 by Luttwak, Assaf Rappaport, and Roy Reznik, who all previously served in the Israeli Intelligence Corps (“unit 8200”). Since then has become a go-to enterprise solution for companies like HP, SAP, FireEye, LinkedIn, Pixar, Netflix and DropBox. Adallom also has specific solutions for SaaS-cloud services like Google Docs, Office365, Salesforce.com, and many others.

“The freedom provided by SaaS applications has introduced a new threat vector through the myriad of modern attacks targeted at human interactions with SaaS applications,” said company CEO Rappaport. “Adallom addresses this gap, preventing attacks by helping organizations extend visibility, compliance and security to SaaS and cloud services.”

By David Shamah