Security News

SaaS Security Posture Management (SSPM) as a Layer in Your Identity Fabric
2023-01-23 11:39

The move to SaaS and other cloud tools has put an emphasis on Identity & Access Management. The scope of identity fabric includes any human, machine, or application that is granted access to your applications and data.

Why Do User Permissions Matter for SaaS Security?
2023-01-09 12:57

The attack ended when security teams were able to terminate user access, although data which had already been downloaded remained in the threat actor's hands. SaaS user permissions allow app owners to limit a user's resources and actions based on the user's role.

Top SaaS Cybersecurity Threats in 2023: Are You Ready?
2023-01-09 07:56

SaaS applications are often multi-tenanted, so your applications need to be secure against attacks where one customer could access the data of another customer, such as logic flaws, injection flaws, or access control weaknesses. Security testing with an automated vulnerability scanner in combination with regular pentesting can help you design and build secure web applications by integrating with your existing environment, catching vulnerabilities as they're introduced throughout the development cycle.

Top 4 SaaS Security Threats for 2023
2022-12-12 15:24

Security teams should onboard a SaaS Security Posture Management solution, like Adaptive Shield, that provides full visibility and control across a critical mass of SaaS apps in the SaaS stack. Security teams should be able to use the solution to gain context into security alerts and gain answers to questions like: Which users are subject to a certain misconfiguration? Are they admins? Is their MFA enabled? By having these answers at their fingertips, security teams can enforce company and industry policies to remediate potential risks from any misconfiguration.

The impact of inadequate SaaS management
2022-11-23 05:00

In this Help Net Security video, Uri Haramati, CEO at Torii, talks about how it's impossible for IT to take full ownership or responsibility for managing cloud apps today. Instead, SaaS management is a team sport-but not all the players know they're on a team.

Why Identity & Access Management Governance is a Core Part of Your SaaS Security
2022-11-03 10:34

Every SaaS app user and login is a potential threat; whether it's bad actors or potential disgruntled former associates, identity management and access control is crucial to prevent unwanted or mistaken entrances to the organization's data and systems. Identity and Access Management solutions administer user identities and control access to enterprise resources and applications.

Not All Sandboxes Are for Children: How to Secure Your SaaS Sandbox
2022-10-20 11:20

Many organizations use a Sandbox for their SaaS apps - to test changes without disrupting the production SaaS app or even to connect new apps. The same security concepts are used when creating a SaaS Sandbox - it duplicates the main instance of SaaS including its data.

The Ultimate SaaS Security Posture Management Checklist, 2023 Edition
2022-10-06 12:04

It's been a year since the release of The Ultimate SaaS Security Posture Management Checklist. SaaS apps are dynamicand ever-evolving - apps' settings need to be modified on a continuous basis from security updates and app feature enhancements to employees added or removed, and user roles and permissions set, reset, updated, etc.

Companies underestimate number of SaaS applications in their environment
2022-09-02 03:30

A new research study focused on SaaS usage among enterprises across the USA, UK, and Europe, highlights a striking difference between consumption and security of SaaS applications. The majority of respondents reported more than half of their applications are now SaaS-based, and 70% of organizations in the UK reported spending more on SaaS applications today than a year ago.

Phishing attacks abusing SaaS platforms see a massive 1,100% growth
2022-08-23 20:08

Threat actors are increasingly abusing legitimate software-as-a-service platforms like website builders and personal branding spaces to create malicious phishing websites that steal login credentials. Because SaaS platforms simplify and streamline the process of creating new sites, phishing actors can easily switch to different themes, scale up or diversify their operations, and quickly respond to reports and takedowns.