Software program as a service (SaaS) apps are ubiquitous, hybrid work is the brand new regular, and defending them and the vital information they retailer is an enormous problem for organizations. As we speak, 59 p.c of safety professionals discover the SaaS sprawl difficult to handle1 and have recognized cloud misconfigurations as the highest threat of their atmosphere.2
To fight these assaults successfully, safety groups want a brand new method that protects their information inside cloud apps past the normal scope of cloud entry safety brokers (CASBs). That’s why Microsoft Defender for Cloud Apps is now delivering full safety of SaaS functions. This contains new investments in SaaS Safety Posture Administration (SSPM), superior menace safety as a part of Microsoft’s prolonged detection and response (XDR) answer, and app-to-app safety—whereas persevering with to construct upon different highly effective CASB capabilities like Shadow IT discovery and data safety.
As we speak, we’re excited to announce that Defender for Cloud Apps is extending its SSPM capabilities to a number of the most important apps organizations use in the present day, together with Microsoft 365, Salesforce,3 ServiceNow,4 Okta,5 GitHub, and extra.
A holistic SaaS safety method
Traditionally, CASBs have been the primary software to handle SaaS safety wants with Shadow IT discovery, visibility into cloud app utilization, and safety towards app-based threats as the primary use circumstances. Nonetheless, the uptick in app utilization mixed with staff accessing firm assets exterior of the company perimeter has launched new assault vectors. That’s why Defender for Cloud Apps now delivers capabilities to handle these new assault vectors throughout prevention and safety for a extra holistic method all through the app utilization lifecycle. The addition of SSPM allows safety groups to enhance the group’s safety posture; app-to-app safety addresses a brand new menace situation the place apps alternate information straight; and the combination into the Microsoft 365 Defender XDR answer allows highly effective correlation of sign and visibility throughout the total kill chain of superior assaults. These new units of capabilities, mixed with the normal CASB situations, make up the Microsoft method to holistic SaaS safety and can assist organizations successfully shield towards app-based threats.
In a current analysis paper, Omdia applauds Microsoft’s imaginative and prescient of a broader safety providing for SaaS and suspects that different distributors might want to emulate its providing, analyst agency Omdia acknowledged this new method, confirming the necessity for a holistic technique to guard cloud apps.
SaaS Safety Posture Administration is essential to prevention
Prevention and optimizing their group’s safety posture has change into a essential focus space for safety groups to restrict the variety of breaches. A key problem in securing SaaS apps, nevertheless, is that safety groups have to analysis configuration finest practices for every app individually, which creates vital overhead. To streamline this course of, Defender for Cloud Apps launched SSPM in June 2022 to floor misconfigurations and supply suggestions to strengthen an app’s posture.
In preview beginning in the present day, Defender for Cloud Apps now offers safety posture administration for Microsoft 365, Salesforce, ServiceNow, Okta, GitHub, and extra. Not solely are we increasing the breadth of app protection but in addition the depth of assessments and capabilities for every software. Right here is what to anticipate:
- Seamless integration with the Defender for Cloud Apps connector expertise: In case you have already related any of those apps to Defender for Cloud, the brand new SSPM capabilities routinely mild up with none further deployment.
- Alignment to finest practices and benchmarks: We suggest actions based mostly on trade requirements just like the Middle for Web Safety and comply with finest practices set by the precise app supplier (for instance, Salesforce Safety Well being Test).
Shield inter-app information alternate with software governance
In recent times, there was a rise in assaults involving OAuth functions. Again in April 2022, Github fell sufferer to a marketing campaign the place an attacker used stolen OAuth app tokens to realize entry to personal consumer code repositories and started cloning them to exfiltrate information.6 The principle problem with an OAuth app is that it’s troublesome to see the extent of permissions and the kind of information it will possibly entry. They usually behave unnoticed whereas nonetheless having in depth permissions to entry information in different apps on behalf of an worker, which makes them simply prone to a compromise.
Defender for Cloud Apps acknowledges this open assault vector and the necessity for stronger app-to-app safety. With the primary situation being visibility and governing these apps, upkeeping app hygiene is essential. To assist organizations fill this hole, we’ll quickly launch a brand new functionality that can enable safety groups to realize visibility into unused apps, credentials, and expired credentials. Recognized by Microsoft Azure Lively Listing, they may have the ability to see these vulnerabilities and implement a predefined coverage with detailed remediation actions, to simply resolve these potential dangers.
Unused OAuth apps and credentials generally is a backdoor for an adversary to realize entry to a corporation’s atmosphere to exfiltrate information or use privileged credentials to entry delicate information in one other app. Through the use of these new capabilities in Defender for Cloud Apps, organizations will have the ability to drastically cut back their potential OAuth assault floor.
Defend towards superior assaults utilizing app sign in Microsoft XDR
Whereas cloud apps proceed to be a goal for adversaries making an attempt to exfiltrate company information, refined assaults usually cross modalities—shifting laterally from electronic mail as the commonest entry level, to compromise endpoints, and identities, earlier than finally having access to in-app information. Whereas CASBs handle alert safety operations middle (SOC) groups by figuring out anomalies like a mass obtain exercise, this method leaves SOC groups with out sufficient context to prioritize their investigation successfully.
That’s why Defender for Cloud Apps is natively built-in into Microsoft 365 Defender. The XDR expertise correlates alerts from the Microsoft Defender suite throughout endpoints, identities, electronic mail, and SaaS apps to offer incident-level detection, investigation, and highly effective response capabilities like automated assault disruption. The combination of SaaS safety into an XDR expertise provides SOC groups full kill chain visibility and improves operational effectivity with higher prioritization and shorter response instances to finally shield the group extra successfully.
As an integral a part of the Microsoft 365 Defender XDR answer, organizations can fulfill each: their SaaS safety use circumstances, in addition to leverage the SaaS alerts and insights for efficient SOC processes.
Get began in your SaaS safety journey with Microsoft
It’s essential that you simply shield information and belongings by implementing SaaS safety rules in your safety technique whereas empowering customers to remain productive.
Microsoft’s distinctive method helps safety professionals simply begin regardless of the place they’re of their app safety journey. Learn to shield your group’s apps throughout the SaaS app administration lifecycle by way of a set of straightforward steps and finest practices:
To study extra about Microsoft Safety options, go to our web site. Bookmark the Safety weblog to maintain up with our skilled protection on safety issues. Additionally, comply with us on LinkedIn (Microsoft Safety) and Twitter (@MSFTSecurity) for the most recent information and updates on cybersecurity.
12023 State of SaaSOps, Higher Cloud. 2023.
2High 7 SaaS Safety Dangers (and How you can Repair Them), Catherine Chipeta. June 13, 2022.
3Join Salesforce to Microsoft Defender for Cloud Apps, Microsoft Be taught. February 5, 2023.
4Join ServiceNow to Microsoft Defender for Cloud Apps, Microsoft Be taught. February 5, 2023.
5Join Okta to Microsoft Defender for Cloud Apps, Microsoft Be taught. February 5, 2023.
6Safety alert: Assault marketing campaign involving stolen OAuth consumer tokens issued to 2 third-party integrators, Mike Hanley. April 15, 2022.