Security News

Not All Sandboxes Are for Children: How to Secure Your SaaS Sandbox
2022-10-20 11:20

Many organizations use a Sandbox for their SaaS apps - to test changes without disrupting the production SaaS app or even to connect new apps. The same security concepts are used when creating a SaaS Sandbox - it duplicates the main instance of SaaS including its data.

The Ultimate SaaS Security Posture Management Checklist, 2023 Edition
2022-10-06 12:04

It's been a year since the release of The Ultimate SaaS Security Posture Management Checklist. SaaS apps are dynamicand ever-evolving - apps' settings need to be modified on a continuous basis from security updates and app feature enhancements to employees added or removed, and user roles and permissions set, reset, updated, etc.

Companies underestimate number of SaaS applications in their environment
2022-09-02 03:30

A new research study focused on SaaS usage among enterprises across the USA, UK, and Europe, highlights a striking difference between consumption and security of SaaS applications. The majority of respondents reported more than half of their applications are now SaaS-based, and 70% of organizations in the UK reported spending more on SaaS applications today than a year ago.

Phishing attacks abusing SaaS platforms see a massive 1,100% growth
2022-08-23 20:08

Threat actors are increasingly abusing legitimate software-as-a-service platforms like website builders and personal branding spaces to create malicious phishing websites that steal login credentials. Because SaaS platforms simplify and streamline the process of creating new sites, phishing actors can easily switch to different themes, scale up or diversify their operations, and quickly respond to reports and takedowns.

Who Has Control: The SaaS App Admin Paradox
2022-08-04 15:50

The paradox lies in the fact that it's the security team's responsibility to secure the organization's SaaS app stack and they cannot effectively execute this task without full control of the SaaS app. While the security and IT teams are reported to be the main destination for SaaS app management, it's the 40% of business departments also taking part and having full access that complicates the threat landscape.

Organizations are struggling with SaaS security. Why?
2022-07-27 04:30

SaaS services are highly valuable targets as data is now being stored in the different apps and services. In this Help Net Security video, Yoav Kalati, Head of Threat Intelligence at Wing Security, illustrates how it's no surprise that SaaS security is failing.

The New Weak Link in SaaS Security: Devices
2022-07-22 09:33

The challenge in remediating the threats posed by endpoints and devices lies in the ability to correlate between the SaaS app users, their roles, and permissions with their associated devices' compliance and integrity levels. Not a simple feat automated SaaS Security Posture Management solutions, like Adaptive Shield, can now provide visibility that correlates the SaaS user and their associated devices with the device's hygiene score.

What It Takes to Tackle Your SaaS Security
2022-07-11 05:29

There are three main challenges that have arisen stemming from this evolution: While SaaS apps include a host of native security settings, they need to be hardened by the security team of the organization. Employees are granting 3rd party app access to core SaaS apps that pose potential threats to the company.

Manual vs. SSPM: Research on What Streamlines SaaS Security Detection & Remediation
2022-06-23 04:07

When it comes to keeping SaaS stacks secure, IT and security teams need to be able to streamline the detection and remediation of misconfigurations in order to best protect their SaaS stack from threats. While companies adopt more and more apps, their increase in SaaS security tools and staff has lagged behind, as found in the 2022 SaaS Security Survey Report.

Saas security: How to avoid “death by 1000 apps”
2022-06-14 04:30

SaaS applications have become synonymous with modern business environments, and CISOs and security teams struggle to find a happy medium between ensuring the security of their SaaS portfolio and empowering the organization's streamlined business workflows and productivity. In recent conversations with leading CISOs in the global market, including Frank Kim, fellow and former CSO at the SANS Institute; Sounil Yu, CSO at JupiterOne; Ray Espinoza, VP Cloud Security at Medallia; Leon Ravenna, CISO at KAR Global; Alex Manea, CISO at Georgian and Tim Fitzgerald, CISO at Arm, we took a deep dive into the CISO perspective on SaaS challenges, security pitfalls, actionable tips for successful SaaS management and to avoid the dreaded "Death by 1000 apps."