Software as a service (SaaS) apps are ubiquitous, hybrid work is the brand new regular, and defending them and the necessary information they retailer is a giant problem for organizations. Today, 59 p.c of safety professionals discover the SaaS sprawl difficult to handle1 and have recognized cloud misconfigurations as the highest danger of their surroundings.2
To fight these assaults successfully, safety groups want a brand new method that protects their information inside cloud apps past the standard scope of cloud entry safety brokers (CASBs). That’s why Microsoft Defender for Cloud Apps is now delivering full safety of SaaS functions. This consists of new investments in SaaS Security Posture Management (SSPM), superior risk safety as a part of Microsoft’s prolonged detection and response (XDR) resolution, and app-to-app safety—whereas persevering with to construct upon different highly effective CASB capabilities like Shadow IT discovery and knowledge safety.
Today, we’re excited to announce that Defender for Cloud Apps is extending its SSPM capabilities to a number of the most important apps organizations use at present, together with Microsoft 365, Salesforce,3 ServiceNow,4 Okta,5 GitHub, and extra.
A holistic SaaS safety method
Historically, CASBs have been the principle software to deal with SaaS safety wants with Shadow IT discovery, visibility into cloud app utilization, and safety towards app-based threats as the principle use instances. However, the uptick in app utilization mixed with workers accessing firm assets outdoors of the company perimeter has launched new assault vectors. That’s why Defender for Cloud Apps now delivers capabilities to deal with these new assault vectors throughout prevention and safety for a extra holistic method all through the app utilization lifecycle. The addition of SSPM allows safety groups to enhance the group’s safety posture; app-to-app safety addresses a brand new risk state of affairs the place apps alternate information immediately; and the combination into the Microsoft 365 Defender XDR resolution allows highly effective correlation of sign and visibility throughout the complete kill chain of superior assaults. These new units of capabilities, mixed with the standard CASB eventualities, make up the Microsoft method to holistic SaaS safety and can assist organizations successfully shield towards app-based threats.
In a latest analysis paper, Omdia applauds Microsoft’s imaginative and prescient of a broader safety providing for SaaS and suspects that different distributors might want to emulate its providing, analyst agency Omdia acknowledged this new method, confirming the necessity for a holistic technique to guard cloud apps.
SaaS Security Posture Management is important to prevention
Prevention and optimizing their group’s safety posture has develop into a important focus space for safety groups to restrict the variety of breaches. A key problem in securing SaaS apps, nonetheless, is that safety groups have to analysis configuration greatest practices for every app individually, which creates vital overhead. To streamline this course of, Defender for Cloud Apps launched SSPM in June 2022 to floor misconfigurations and supply suggestions to strengthen an app’s posture.
In preview beginning at present, Defender for Cloud Apps now offers safety posture administration for Microsoft 365, Salesforce, ServiceNow, Okta, GitHub, and extra. Not solely are we increasing the breadth of app protection but additionally the depth of assessments and capabilities for every software. Here is what to anticipate:
- Seamless integration with the Defender for Cloud Apps connector expertise: If you’ve got already related any of those apps to Defender for Cloud, the brand new SSPM capabilities robotically mild up with none further deployment.
- Alignment to greatest practices and benchmarks: We suggest actions based mostly on business requirements just like the Center for Internet Security and comply with greatest practices set by the precise app supplier (for instance, Salesforce Security Health Check).
Protect inter-app information alternate with software governance
In latest years, there was a rise in assaults involving OAuth functions. Back in April 2022, Github fell sufferer to a marketing campaign the place an attacker used stolen OAuth app tokens to achieve entry to personal person code repositories and started cloning them to exfiltrate information.6 The major problem with an OAuth app is that it’s troublesome to see the extent of permissions and the kind of information it may entry. They usually behave unnoticed whereas nonetheless having in depth permissions to entry information in different apps on behalf of an worker, which makes them simply inclined to a compromise.
Defender for Cloud Apps acknowledges this open assault vector and the necessity for stronger app-to-app safety. With the principle subject being visibility and governing these apps, upkeeping app hygiene is important. To assist organizations fill this hole, we are going to quickly launch a brand new functionality that can permit safety groups to achieve visibility into unused apps, credentials, and expired credentials. Identified by Microsoft Azure Active Directory, they’ll have the ability to see these vulnerabilities and implement a predefined coverage with detailed remediation actions, to simply resolve these potential dangers.
Unused OAuth apps and credentials generally is a backdoor for an adversary to achieve entry to a company’s surroundings to exfiltrate information or use privileged credentials to entry delicate information in one other app. By utilizing these new capabilities in Defender for Cloud Apps, organizations will have the ability to drastically scale back their potential OAuth assault floor.
Defend towards superior assaults utilizing app sign in Microsoft XDR
While cloud apps proceed to be a goal for adversaries making an attempt to exfiltrate company information, subtle assaults usually cross modalities—transferring laterally from electronic mail as the commonest entry level, to compromise endpoints, and identities, earlier than finally having access to in-app information. While CASBs deal with alert safety operations heart (SOC) groups by figuring out anomalies like a mass obtain exercise, this method leaves SOC groups with out sufficient context to prioritize their investigation successfully.
That’s why Defender for Cloud Apps is natively built-in into Microsoft 365 Defender. The XDR know-how correlates alerts from the Microsoft Defender suite throughout endpoints, identities, electronic mail, and SaaS apps to supply incident-level detection, investigation, and highly effective response capabilities like computerized assault disruption. The integration of SaaS safety into an XDR expertise provides SOC groups full kill chain visibility and improves operational effectivity with higher prioritization and shorter response occasions to finally shield the group extra successfully.
As an integral a part of the Microsoft 365 Defender XDR resolution, organizations can fulfill each: their SaaS safety use instances, in addition to leverage the SaaS alerts and insights for efficient SOC processes.
Get began in your SaaS safety journey with Microsoft
It is important that you simply shield information and belongings by implementing SaaS safety rules in your safety technique whereas empowering customers to remain productive.
Microsoft’s distinctive method helps safety professionals simply begin irrespective of the place they’re of their app safety journey. Learn the best way to shield your group’s apps throughout the SaaS app administration lifecycle via a set of easy steps and greatest practices:
To study extra about Microsoft Security options, go to our web site. Bookmark the Security weblog to maintain up with our skilled protection on safety issues. Also, comply with us on LinkedIn (Microsoft Security) and Twitter (@MSFTSecurity) for the newest information and updates on cybersecurity.
12023 State of SaaSOps, Better Cloud. 2023.
2Top 7 SaaS Security Risks (and How to Fix Them), Catherine Chipeta. June 13, 2022.
3Connect Salesforce to Microsoft Defender for Cloud Apps, Microsoft Learn. February 5, 2023.
4Connect ServiceNow to Microsoft Defender for Cloud Apps, Microsoft Learn. February 5, 2023.
5Connect Okta to Microsoft Defender for Cloud Apps, Microsoft Learn. February 5, 2023.
6Security alert: Attack marketing campaign involving stolen OAuth person tokens issued to 2 third-party integrators, Mike Hanley. April 15, 2022.