Regulatory concerns may have slowed initial SaaS adoption for financial services companies, but today, many rely heavily on apps like Salesforce, Microsoft 365, and ServiceNow to manage their operations.  Now, fully invested, financial services companies are faced with the challenge of safeguarding sensitive financial data that is stored off-prem. At the same time, they need […]

Arye Zacks

In July, an Emerging Tech report by analyst firm Gartner® focused on the ways SaaS ecosystem security products are transforming SaaS security. Among its recommendations, it wrote that product leaders must “focus on integration breadth and depth; key criteria include the number of integrated SaaS apps. Prioritize critical apps.”  As usual, to us this insight […]

Zehava Musahanov

In October 2023, analyst firm Gartner® included Continuous Threat Exposure Management (CTEM) in its top ten strategic tech trends for 2024. This appears to be the next step in an evolutionary security process, as organizations must look beyond vulnerability management to truly secure a digital footprint covering SaaS applications and external tools. In a blog […]

Arye Zacks

Permissions in platform apps, such as Salesforce, Microsoft 365, and Workday, are remarkably complex. While the terminology differs within each application, they are essentially composed of user profiles based on roles, additional permissions based on tasks, and frequently layered with custom permissions required by the individual user.  These permissions appear on different screens within the […]

Adaptive Shield Team

Last month, a threat actor used stolen credentials in an unsuccessful attempt to access a client’s One Drive account. On the surface, this was just another threat actor attempting an account takeover attack that was detected by Adaptive Shield’s ITDR capabilities and denied access by our customer’s security team. However, a deeper investigation revealed that […]

Yoav Kook

In today’s digital landscape, social media platforms stand at the heart of a brand’s identity, reputation, and customer engagement. Despite this, many organizations overlook the security of their social media accounts when considering SaaS apps. A breach in any of these accounts can have devastating consequences, ranging from brand and reputational damage to significant financial […]

Shachar Maimon

In this two-part series, we began by examining the structure of ServiceNow, and the relationship between articles, pages, and widgets. Now, in Part 2, we discover how a widget misconfiguration can be exploited. To read the intro (Part 1), click here. ServiceNow is one of the world’s most popular IT service management (ITSM) platforms, used […]

Dan Meged

What if I told you that thousands of companies (30% of the accounts we reviewed) are leaving a backdoor open to their ServiceNow databases for anyone with limited programming skills? This is a story of how a simple misconfiguration in one of the world’s most used SaaS applications sitting at the core of a company’s […]

Dan Meged

Mythology surrounding technology is pervasive. Although ideas like Macs can’t get viruses, charging a phone overnight destroys the battery, and private browsing prevents tracking have all been debunked, they continue to inform decisions.  SaaS security has myths of its own. They involve the prowess of CASB, the rarity of SaaS attacks, and the invincible security […]

Arye Zacks

In the world of SaaS ITDR, the journey taken matters. There are solutions that began from an ITDR perspective. They built threat-hunting capabilities to parse through any data set, look for anomalies, and flag any activity that looks suspicious.  It’s a reasonable approach taken by security organizations that lack a deep understanding of SaaS applications […]

Zehava Musahanov

Low-code/no-code (LCNC) programming is incredibly powerful. It enables non-programmers to develop microprograms that once took months to develop, all at a fraction of the cost. Created using drag-and-drop tools, LCNC applications are being used by every large and small enterprise to improve workflows, streamline processes, and compete more effectively. The benefits of LCNC are undeniable. […]

Zehava Musahanov

Studies detailing the impact cyberattacks have on healthcare quality are rare. Anecdotally, they lead to delayed surgeries and cancer treatments, impact communication between medical facilities, and degrade the system’s ability to provide care. One cyber-attack was cited in an Alabama lawsuit as the reason a baby died. In May of last year, the Journal of […]

Arye Zacks

In July, Guardio Labs reported they had detected “EchoSpoofing,” a critical in-the-wild exploit of Proofpoint’s email protection service. This sophisticated phishing campaign highlights the vulnerabilities of robust security systems and underscores the importance of comprehensive security measures of SSPM in alerting on misconfigurations in email systems that can be exploited in such attacks. Overview of […]

Shachar Maimon

In November 2009, as coach of a youth baseball team, I received a Google Sheet with the names, birthdays, contact information, and team names for about 30 kids born between 1997 and 2000. More than 14 years later, I still have access to that document.  Today, those players are in their early to mid-twenties. Presumably, […]

Arye Zacks

Two years ago, few people associated SaaS security with threat detection. Conventional wisdom believed that SaaS apps and their data would be secure by securing configurations, monitoring users and their devices, and detecting third-party app scopes. Breaches on Microsoft, Snowflake, ServiceNow, Salesforce, and others have forced the industry to reassess their position, and today ITDR […]

Adaptive Shield Team

Tension has long stood at the heart of the business team-security relationship. Business units want to meet corporate targets and choose the most effective software to get the job done. Security teams want to ensure data is secure and try to limit risk. When software was all on-prem, the security team was in command; they […]

Arye Zacks

Collaboration and cooperation are among the key benefits Salesforce offers its customers. The application’s sharing tools are typical of any cloud-based environment. However, ease of sharing is a two-sided coin, and there is a potential risk associated with publicly accessible links. Leaked documents can result in severe consequences, such as competitors gaining access to sensitive […]

Hananel Livneh

Inside the Hack Earlier this week, Twilio issued a security alert informing customers that hackers had exploited a security lapse in the Authy API to verify Authy MFA phone numbers. Hackers were able to check if a phone number was registered with Authy by feeding the number into an unauthenticated API endpoint. Using this data, […]

Hananel Livneh

In March, a container ship leaving the Helen Delich Bentley Port of Baltimore struck a support piling holding up the Francis Scott Key Bridge, knocking the bridge into the water and killing six workers who were aboard the bridge. With the port closed for an unknown duration and traffic to the port limited due to […]

Arye Zacks

Since 2016, the National Cyber Security Centre (NCSC) has been tasked with making the United Kingdom the safest place to live and work online. The organization offers practical guidance, incident response services, aids in recovery, and distills lessons learned from cyber incidents into valuable guidance for the future. The Cyber Security Breaches Survey is used […]

Adaptive Shield Team

On May 27, a threat actor group called ShinyHunters announced that it was selling 560 million records stolen in a data breach. The records include names, email addresses, physical addresses, and partial credit card numbers. This personally identifiable information (PII) can be used to conduct sophisticated phishing attacks, which could lead to future leaks.  Experts […]

Maor Bin

There was a time, not long ago, when SaaS security meant managing application configurations. Cutting-edge solutions might have included some type of third-party connected app monitoring tool, or user governance. In today’s SaaS security ecosystem, those capabilities are table stakes. Most security teams have recognized that they cannot consider their SaaS stack secure without 24/7 […]

Arye Zacks

In many ways, IaaS and SaaS are very different. Infrastructure-as-a-Service (IaaS) is a place where developers use virtualized resources to compute, network, and store data. Software-as-a-service is a piece of software that is hosted on the cloud. Despite their apparent differences, IaaS and SaaS each contain critical corporate information that must be secured. Securing IaaS […]

Adaptive Shield Team

GenAI risks explained and how Adaptive Shield’s new GenAI risk management capabilities within its SSPM platform enable security teams to manage and control them What is SaaS Security? SaaS vendors invest heavily in security controls, providing organizations with the necessary tools to secure their SaaS environments. This investment, however, often leads to confusion regarding the […]

Hananel Livneh

The rapid uptake of cloud services is presenting a challenge for organizations to keep their ecosystems safe from security breaches. To provide guidance, Gartner® recently published a Quick Answer report for security and risk management leaders on security posture management tools for cloud environments. As “cloud incidents continue to be dominated by configuration and identity […]

Adaptive Shield Team

Identities in SaaS applications can be either human, associated with individuals, or non-human, such as service accounts, API keys, and 3rd party app OAuth authorizations. Any unsecured identity in a SaaS app can create an opening for cybercriminals to compromise, leading to data breaches, compliance violations, and financial losses. In a webinar hosted by The […]

Adaptive Shield Team

Adaptive Shield’s SaaS Security Posture Management (SSPM) platform has transformed the way organizations secure and monitor their applications. In our latest update, we add a new dimension to improve accountability and reporting – the ability to measure SaaS Security posture by business unit, subsidiary, team, or any other bucket of choice SaaS applications are used […]

Hananel Livneh

Detection and response sit at the heart of any well-thought-out cybersecurity program. As resilient and strong as perimeter-based defenses are, most security professionals will concede that threats can make their way into the network, device, or application. Detection and response tools come into play after the breach has occurred, but often are able to stop […]

Arye Zacks

The healthcare industry is under a constant barrage of cyberattacks. It has traditionally been one of the most frequently targeted industries, and things haven’t changed in 2023. The U.S. Government’s Office for Civil Rights reported 145 data breaches in the United States during the first quarter of this year. That follows 707 incidents a year […]

Arye Zacks

We’re excited to announce that Adaptive Shield has made its debut on the Cyber 66, the Citizens JMP annual list of the hottest privately held cybersecurity companies. The annual survey highlights the 66 most well-positioned companies currently influencing the cybersecurity landscape. In compiling the 2024 list, the researchers predicted 2024 would continue to be impacted […]

Adaptive Shield Team

Last month, The Verge reported on an amusing story of abusing Slack in a design, technology, science, and science fiction website. Tom McKay of IT Brew successfully hid on Slack after leaving the company in 2022 by assuming the persona of “Slackbot,” remaining undetected by management for months. McKay shared screenshots of his antics on […]

Hananel Livneh

GitHub is in the news again, with malicious repositories stealing login credentials and cryptocurrency from developers’ devices. According to researchers at antivirus firm G-Data, these repositories, which are near clones of legitimate repositories, all lead to one of at least 13 GitHub repositories that install the RisePro malware.  Users have to go through several steps […]

Hananel Livneh

A major player in the US telecommunications industry, with over 117,000 employees, recently experienced an insider data breach that has impacted nearly half of its workforce. The breach, discovered on December 12, 2023, occurred on September 21, 2023, when an unauthorized employee accessed a file containing sensitive information of over 63,000 employees. The exposed data includes full […]

Arye Zacks

Oftentimes, there is a disconnect between identifying SaaS Security weak spots and remediation. Your SaaS Security Posture Management (SSPM) platform may have detected that MFA is turned off for admins, or a threat that requires immediate intervention by either the security team or the app owners. SIEM/ SOAR Security Orchestration, Automation, and Response (SOAR) and […]

Arye Zacks

In recent weeks, a concerning wave of cyber attacks has been targeting Microsoft Azure environments, compromising crucial user accounts, including those of senior executives. Proofpoint researchers have identified an ongoing malicious campaign, which utilizes sophisticated techniques like credential phishing and cloud account takeover (ATO).  This blog post will summarize and shed light on the nature […]

Hananel Livneh

Recent incidents continue to shed light on vulnerabilities that organizations face. A notable case involves a networking products company whose support website inadvertently exposed sensitive customer information, as reported by KrebsOnSecurity. This incident underscores the critical importance of robust security measures in safeguarding customer data. In this blog post, we’ll delve into the details of […]

Hananel Livneh

A major player in the US telecommunications industry, with over 117,000 employees, recently experienced an insider data breach that has impacted nearly half of its workforce. The breach, discovered on December 12, 2023, occurred on September 21, 2023, when an unauthorized employee accessed a file containing sensitive information of over 63,000 employees. The exposed data […]

Hananel Livneh

A Case Study on How a $10B Global Media Firm Significantly Improved SaaS Security Posture Media firms in the business of image and reputation don’t want to get bad publicity. With regulations requiring companies to report data breaches, information companies handling personal data must take extra cybersecurity caution. Take for example the case study of […]

Hananel Livneh

Adaptive Shield is honored to announce that Frost & Sullivan recently assessed the Software-as-a-Service (SaaS) security posture management (SSPM) industry and based on its findings, recognizes Adaptive Shield with the 2023 Global Technology Innovation Leadership Award. Ying Ting Neoh, research analyst for cybersecurity practice at Frost & Sullivan, said: “With continual enhancements to its SSPM […]

Adaptive Shield Team

AT&T Cybersecurity recently discovered phishing attacks conducted over Microsoft Teams. During a group chat, threat actors distributed malicious attachments to employees, which led to the installation of DarkGate malware on the victim’s systems.  This attack shines a bright light on the everchanging phishing surface as it expands from email to communication applications like Teams. This […]

Hananel Livneh

In a recent cybersecurity event reported by Lawrence Abrams in Bleeping Computer and disclosed by the Microsoft Security Response Center, Microsoft found itself at the center of a cyber-attack. Nobelium, a Russian state-sponsored hacking group also known as APT29 and Midnight Blizzard, breached Microsoft corporate email accounts for over a month. The attack, which was […]

Hananel Livneh

Today, we released that one of our customers achieved a 201% return on investment (ROI) in less than six months from adopting a SaaS Security Posture Management (SSPM) solution, according to results of a Forrester Consulting Total Economic Impact™ (TEI) study. The 2024 Forrester Consulting TEI study is based on data from the customer experience […]

Adaptive Shield Team

SaaS Security’s roots are in configuration management. An astounding 35% of all security breaches begin with security settings that were misconfigured. In the past 3 years, the initial access vectors to SaaS data have widened beyond misconfiguration management. “SaaS Security on Tap” is a new video series that takes place in Eliana V’s bar making […]

Arye Zacks

As we near the end of 2023, it’s an opportune moment to assess your roster of SaaS users. Beyond the potential cost savings from eliminating unnecessary license fees, maintaining a well-organized user inventory plays a crucial role in fortifying the security of your SaaS applications. Here are five compelling security reasons to clean your user […]

Arye Zacks

Over the past few years, SaaS has developed into the backbone of corporate IT. Service businesses, such as medical practices, law firms, and financial services firms, are almost entirely SaaS based. Non-service businesses, including manufacturers and retailers, have about 70% of their software in the cloud. These applications contain a wealth of data, from minimally […]

Arye Zacks

On Wednesday, December 13, MongoDB detected an exposure in their systems, and customer account metadata and contact information. MongoDB is currently conducting an investigation to determine the extent of the exposure. In an email sent out to customers, MongoDB CISO Lena Smart informed users that at present they were “not aware of any exposure to […]

Adaptive Shield Team

The dynamic landscape of cybersecurity is witnessing a paradigm shift, with the SaaS Security Posture Management (SSPM) market emerging as a critical and pivotal player in safeguarding organizations against evolving cloud-based threats. As a clear must-have solution, Forrester has now brought to market their SSPM Wave, laying out their assertions and designating the top providers […]

Adaptive Shield Team

Former employees retaining SaaS app access happens far more often than businesses care to admit. Nearly a third of all employees retain some degree of access to the SaaS stack. When employees move on, voluntarily or otherwise, it’s in the organization’s best interests to remove all access to corporate assets. Much of this process is […]

Arye Zacks

If forecasters are right, over the course of today, consumers will spend $13.7 billion. Just about every click, sale, and engagement will be captured by a CRM, Marketing or Customer Service platform and more operational apps. Inventory applications will trigger automated re-orders; communication tools will send automated email and text messages confirming sales and sharing […]

Arye Zacks

Earlier this month, threat actors leveraged compromised credentials to access Sumo Logic’s Amazon Web Services account. Sumo Logic immediately took down the infrastructure exposed by the incident, and conducted a rotation of credentials to prevent further compromises. Sumo Logic is a cloud-based log management and analytics platform that empowers organizations to gain actionable insights from […]

Adaptive Shield Team

Effective marketing operations today are driven by the use of Software-as-a-Service (SaaS) applications. Marketing apps such as Salesforce, Hubspot, Outreach, Asana, Monday, and Box empower marketing teams, agencies, freelancers, and subject matter experts to collaborate seamlessly on campaigns and marketing initiatives. These apps serve as the digital command centers for marketing professionals. They house essential […]

Arye Zacks

Mergers and acquisitions (M&A) are exciting times for organizations. Initially, most of the attention is focused on integrating two companies into a single entity, and exploring the new capabilities brought on due to the merger. In this environment, surrounded by organizational changes and amid swirling questions surrounding responsibility, SaaS security is often nothing more than […]

Eliana Vuijsje

Earlier this week, ServiceNow announced on its support site that misconfigurations within the platform could result in “unintended access” to sensitive data. For organizations that use ServiceNow, this security exposure is a critical concern that can result in a major data leakage of sensitive corporate data. ServiceNow is a cloud-based platform used for automating IT […]

Adaptive Shield Team

Cloud security is the umbrella that holds within it: IaaS, PaaS and SaaS. Gartner created the SaaS Security Posture Management (SSPM) category for solutions that continuously assess security risk and manage the SaaS applications’ security posture. With enterprises having 1,000 or more employees relying on dozens to hundreds of apps, the need for deep visibility […]

Eliana Vuijsje

Overpermissioning is one of the seven deadly SaaS sins. It paves a path straight to data leakage and catastrophic data breaches, and unnecessarily stretches resources that would be better served addressing other cyber threats. This phenomenon happens for any number of reasons. Some admins decide to grant users all access so they aren’t bothered by […]

Arye Zacks

The great thing about SaaS applications is that they are quick to install and ready from the start to get employees using them for their endless business needs. They easily integrate with third-party applications to increase functionality and make it easier for employees to get their job done. The downside, of course, is this integration […]

Adaptive Shield Team

SaaS applications are the backbone of modern businesses, constituting a staggering 70% of total software usage. Applications like Box, Google Workplace, and Microsoft 365 are integral to daily operations. This widespread adoption has transformed them into potential breeding grounds for cyber threats. Each SaaS application presents unique security challenges, and the landscape constantly evolves as […]

Arye Zacks

Why SaaS Security Is a Challenge In today’s digital landscape, organizations are increasingly relying on software-as-a-service (SaaS) applications to drive their operations. However, this widespread adoption has also opened the doors to new security risks and vulnerabilities. ‍ The SaaS security attack surface continues to widen. It started with managing misconfigurations and now requires a […]

Adaptive Shield Team

Over the last three years, Simple Storage Service (S3) buckets in Amazon Web Services (AWS) have leaked a lot of information. An American publishing company for educational content exposed grades and personal information for 100,000 students. A consumer ratings and review website exposed 182 GB worth of data covering American and Canadian senior citizens. Thousands […]

Arye Zacks

Companies store an incredibly large volume of data and resources within SaaS apps like Box, Google Workplace, and Microsoft 365. SaaS applications make up 70% of total company software usage, and as businesses increase their reliance on SaaS apps, they also increase their reliance on security solutions.  SaaS security is not a new problem, however, […]

Arye Zacks

Brick-and-mortar retailers and e-commerce sellers may be locked in a fierce battle for market share, but one area both can agree on is the need to secure their SaaS stack. From communications tools to order management and fulfillment systems, much of today’s critical retail software lives in SaaS apps in the cloud. Securing those applications […]

Adaptive Shield Team

It’s easy to think high-tech companies have a security advantage over other older, more mature industries. Most are unburdened by 40 years of legacy systems and software. They draw some of the world’s youngest, brightest digital natives to their ranks, all of whom consider cybersecurity issues their entire lives. Perhaps it is due to their […]

Adaptive Shield Team

Recently, Max Corbridge and Tom Ellson from JUMPSEC’s Red Team discovered a vulnerability in Microsoft Teams. This vulnerability allows for the introduction of malware into organizations using Microsoft Teams in its default configuration. In this blog post, we will delve into the details of this vulnerability and explore its potential impact. The Configuration In Microsoft […]

Hananel Livneh

The Quick Serve Restaurant (QSR) industry is built on consistency and shared resources. National chains like McDonald’s and regional ones like Cracker Barrel grow faster by reusing the same business model, decor, and menu, with little change from one location to the next. QSR technology stacks mirror the consistency of the front end of each […]

Arye Zacks

As SaaS adoption continues to grow in the business landscape, it brings emerging security challenges that high-tech and telecom companies must grapple with.  A particularly attractive target for cybercriminals, the telecom industry allows attackers to inflict maximum damage with little effort.  The combination of interconnected networks, customer data, and sensitive information allows cybercriminals to inflict […]

The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications, and best practices to help ensure a secure cloud computing environment, today released the findings of its latest survey, SaaS Security Survey Report: 2024 Plans & Priorities. Commissioned by Adaptive Shield, the leading SaaS Security Posture Management (SSPM) company, the survey […]

Adaptive Shield Team

What are Password Policies and Configurations? In a world where identity is the new perimeter, user passwords are essential to protect your SaaS applications from unauthorized access. Effective password policies that are enforced at the corporate level reduce the gateway into your corporate data. SaaS applications include a number of security settings that promote safe […]

Adaptive Shield Team

The telecom industry has always been a tantalizing target for cybercriminals. The combination of interconnected networks, customer data, and sensitive information allows cybercriminals to inflict maximum damage through minimal effort. It’s the breaches in telecom companies that tend to have a seismic impact and far-reaching implications — in addition to reputational damage, which can be […]

Arye Zacks

How does Malware Impact the SaaS Stack? Malware is harmful code designed to infect, damage, or provide access to computer systems. It can take many different forms, including viruses, worms, Trojan horses, ransomware, adware, and spyware. While it is easy to understand how that impacts a computer or mobile device, it is less clear when […]

Adaptive Shield Team

According to a recent report by cybersecurity expert Brian Krebs, several organizations, including banks and healthcare providers, are leaking sensitive information due to a misconfiguration in Salesforce Communities. Communities, which allows Salesforce users to easily create websites, has two means of entry. Some sites require user login, while others allow guests to view content without […]

Hananel Livneh

What are Data Leakage and Data Leakage Protection? Data leakage is the unauthorized transmission of data from within an organization to external destinations or parties. In a SaaS context, it can refer to data that is exposed without passwords or an expiration date. The data may contain sensitive financial records, customer PII, strategic documents, or […]

Adaptive Shield Team

CASBs and SSPM are complementary solutions that focus on different aspects of SaaS data security. CASBs apply corporate policies relating primarily to identity, permissions, and data encryption while SSPM protects data from each individual SaaS app based on the usage and settings within each application including identity, permissions, data encryption, and much more. What is […]

Adaptive Shield Team

Cloud Security Posture Management (CSPM) and SaaS Security Posture Management (SSPM) are frequently confused. The similarity of the acronyms notwithstanding, both security solutions focus on securing data in the cloud. In a world where the terms cloud and SaaS are used interchangeably, this confusion is understandable. This confusion, though, is dangerous to organizations that need […]

Adaptive Shield Team

What is Access Control? Access control is the key to your SaaS kingdom. It determines who has access, their permission levels, and the steps they need to take to enter into the system. Access control is the center of your SaaS security foundation, which is why it accounts for 59% of all SaaS configurations. Of […]

Adaptive Shield Team

As organizations work toward securing their SaaS apps, security teams are looking for benchmarks that can help guide their efforts. SaaS ecosystems are growing quickly, and without some standardized tool to measure success, most security teams lack the data to know where they stand. In our Benchmarks for SaaS Apps series, we’ll share benchmark data […]

Adaptive Shield Team

Collaboration sits at the essence of SaaS applications. The word, or some form of it, appears in the top two headlines on Google Workspace’s homepage. It can be found six times on Microsoft 365’s homepage, three times on Box, and once on Workday. Visit nearly any SaaS site, and odds are ‘collaboration’ will appear as […]

Arye Zacks

Microsoft is a primary target for threat actors, who scour Microsoft applications for weaknesses. Our security research team at Adaptive Shield recently discovered another new attack vector caused by a vulnerability within Microsoft’s OAuth application registration that allows attackers to leverage Exchange’s legacy API to create hidden forwarding rules in Microsoft 365 mailboxes. To understand […]

Maor Bin

The National Institute of Standards and Technology (NIST) is one of the standard-bearers in global cybersecurity. The U.S.-based institute’s cybersecurity framework helps organizations of all sizes understand, manage, and reduce their cyber-risk levels and better protect their data. Its importance in the fight against cyberattacks can’t be overstated.   While NIST hasn’t directly developed standards […]

Arye Zacks

Spoiler Alert: Organizations with 10,000 SaaS users that use M365 and Google Workspace average over 4,371 additional connected apps. SaaS-to-SaaS (third-party) app installations are growing nonstop at organizations around the world. When an employee needs an additional app to increase their efficiency or productivity, they rarely think twice before installing. Most employees don’t even realize […]

Eliana Vuijsje

Tel Aviv, February 27, 2023—Adaptive Shield, the leading SaaS Security company, today announced the release of its SaaS-to-SaaS Access Report. According to the research, employees are granting thousands of third-party apps access to the two most dominant workspaces, Microsoft 365 (M365) and Google Workspace. With no oversight or control from security teams, companies have no […]

Adaptive Shield Team

When SaaS applications started growing in popularity, it was unclear who was responsible for securing the data. What’s far murkier, however, is where the data responsibility lies on the organization’s side. For large organizations, this is a particularly challenging question. They store terabytes of customer data, employee data, financial data, strategic data, and other sensitive […]

Arye Zacks

Security teams can’t protect every byte within their digital footprint. Limited resources mean making choices, and so security teams run assessments to evaluate the value of their assets, the cost to protect those assets, and the damage to the company should an asset be breached or compromised. In some industries, regulatory requirements shape those decisions, […]

Arye Zacks

The move to SaaS and other cloud tools has put an emphasis on Identity & Access Management (IAM). After all, user identity is one of the only barriers standing between sensitive corporate data and any unauthorized access. The tools used to define IAM make up its identity fabric. The stronger the fabric, the more resistant […]

Arye Zacks

Earlier this year, threat actors infiltrated Mailchimp, the popular SaaS email marketing platform. They viewed over 300 Mailchimp customer accounts and exported audience data from 102 of them. The breach was preceded by a successful phishing attempt and led to malicious attacks against Mailchimp’s customers’ end users. Three months later, Mailchimp was hit with another […]

Arye Zacks

Nissan North America is informing customers of a data breach that occurred at a third-party service provider. The security incident was reported to the Office of the Maine Attorney General on January 16, 2023, and it was disclosed that almost 18,000 customers were affected by the breach. According to the notification, Nissan received notice of […]

Hananel Livneh

On average, organizations report using 102 business-critical SaaS applications, enabling operations of most departments across an organization, such as IT and Security, Sales, Marketing, R&D, Product Management, HR, Legal, Finance, and Enablement. An attack can come from any app, no matter how robust the app is. Without visibility and control over a critical mass of […]

Adaptive Shield Team

Over the last year, we’ve seen increasing evidence of an upcoming recession. Interest rate hikes and inflation, energy uncertainty, and the war in Ukraine are all harbingers of rough times ahead. CNBC reported that more than 50,000 employees from Twitter, Meta, Amazon, Salesforce, and other tech companies lost their jobs in November. While no one […]

Arye Zacks

Earlier today, a story broke that GitHub repositories of Slack were breached over the holiday weekend. Slack detected the breach after noticing suspicious activity, and in their investigation found that stolen Slack employee tokens were the source of the breach. As a result of the attack, private Slack code repositories were downloaded, but no customer […]

Hananel Livneh

Business leaders may fear an upcoming recession, but they fear falling behind their competitors even more. PwC’s November Pulse Survey found that 35% of executives are planning an acquisition or divestiture within the next 12-18 months. M&A has proven itself to be a key to business resurgence, strategic growth, and capability expansion. One area that’s […]

Arye Zacks

Healthcare has been cautious in moving toward cloud technologies and SaaS applications. Concerns over privacy and the need to comply with HIPAA regulations had left them stuck using on-premises software solutions. However, COVID forced healthcare organizations to develop telehealth models. Patients increasingly wanted digital access to their records, and healthcare organizations recognized the need to […]

Adaptive Shield Team

With 2022 coming to a close, there is no better time to buckle down and prepare to face the security challenges in the year to come. This past year has seen its fair share of breaches, attacks, and leaks, forcing organizations to scramble to protect their SaaS stacks. March alone saw three different breaches from […]

The short answer: It’s no secret that in today’s day and age, organizations rely heavily on hundreds of SaaS apps for their day-to-day operations. While SaaS apps include a host of native security settings, they need to be hardened and monitored by the organization’s security team. SaaS Security Posture Management (SSPM), a category created by […]

Eliana Vuijsje

This past month, Adaptive Shield partnered with Panorays (a SaaS-based third-party security risk management platform) to produce a joint webinar Pinpoint Your SaaS App Risks: From Evaluation to Usage. These two security experts, Maor Bin, CEO of Adaptive Shield, and Demi Ben Ari, CTO OF Panorays, discussed the evolution of third-party apps, the tools used […]

Adaptive Shield Team

Forrester, a research and advisory company, offers organization’s a variety of services including research and consulting. Their reports help professionals understand their customer’s behavior, concerns, and interests to help organizations make more informed decisions. Their Trend Report ‘Embrace A Paradigm Shift In SaaS Protection: SaaS Security Posture Management’ looks at the increased use of SaaS […]

Adaptive Shield Team

Every SaaS app user and login is a potential threat; whether it’s bad actors or potential disgruntled former associates, identity management and access control is crucial to prevent unwanted or mistaken entrances to the organization’s data and systems. Since enterprises have thousands to tens of thousands of users, and hundreds to thousands of different apps, […]

“SaaS applications have native security controls as part of their offering which makes them security products themselves — that security teams now need to manage”. Asserted by Adaptive Shield’s CEO, Maor Bin partnered with Okta’s VP of Strategy, Stephen Lee in the Security Boulevard Webinar: SaaS Security Trends, Challenges, and Solutions for 2022. This joint […]

Adaptive Shield Team

The ease with which SaaS apps can be deployed and adopted today is remarkable, but it has become a double-edged sword. On the one hand, apps are quickly onboarded, employees can work from anywhere, and there is little need for operational management. On the other hand, there are pain points that stem from the explosion […]

Eliana Vuijsje

It’s without a doubt that the SaaS app attack surface has been continuing to grow as businesses have become more reliant on apps to organize and run their business-critical operations.  To better understand how teams are dealing with their SaaS security posture, Adaptive Shield partnered with the leading organization dedicated to promoting best practices for […]

Adaptive Shield Team

When creating a Sandbox, the mindset tends to be that the Sandbox is considered a place to play around, test things, and there will be no effect on the production or operational system. Therefore, people don’t actively think they need to worry about its security. This mindset is not only wrong, but extremely dangerous. When […]

Hananel Livneh

The International Organization for Standardization (ISO) sets standards across various industries. As an internationally recognized standards organization, its two information technology security standards – ISO 27000:2018 and ISO 27001:2013 – can be used to help build out a strong security posture. SaaS security is critical to ISO compliance in the modern business world. However, with […]

Adaptive Shield Team

Another day, another attack method.  The Short Story GIFShell attack technique enables bad actors to exploit several Microsoft Teams features to act as a C&C for malware, and exfiltrate data using GIFs without being detected by EDR and other network monitoring tools. The technique assumes an already-compromised target. GifShell Attack Architecture & Process Discovered by […]

Adaptive Shield Team

The ease with which SaaS apps can be deployed and adopted is remarkable, but it has quickly become a double-edged sword. On one hand, the availability of SaaS tools enables employees to work from anywhere. For IT and security teams however, the adoption of SaaS apps has become a daunting endeavor. CISOs and security professionals […]

Adaptive Shield Team

According to Okta’s Business of Work report, large companies use 187 different SaaS apps on average, and this number is only growing—Gartner reports that end-user spending on SaaS will reach more than $171 billion in 2022. As this investment trend continues, new critical SaaS challenges emerge beyond the classic use case of misconfiguration and user […]

Maor Bin

Typically, when threat actors look to infiltrate an organization’s SaaS apps, they look to SaaS app misconfigurations as a means for entry. However, employees now use their personal devices, whether their phone or personal laptop, etc. to get their jobs done. If the device’s hygiene is not up to par, it increases the risk for […]

Eliana Vuijsje

It’s no secret that SaaS-to-SaaS apps can boost productivity, enable remote and hybrid work and are overall, essential in building and scaling a company’s work processes. It’s an innocuous process much like clicking on an attachment was in the earlier days of email — people don’t think twice when connecting an app they need with […]

Eliana Vuijsje

It’s not a new concept that Office 365, Salesforce, Slack, Google Workspace or Zoom, etc. are amazing for enabling the hybrid workforce and hyper productivity in businesses today.  However, there are three main challenges that have arisen stemming from this evolution: (1) While SaaS apps include a host of native security settings, they need to […]

Eliana Vuijsje

Adaptive Shield is officially On the Radar in Omdia’s report for an innovative solution making a big impact in the SaaS security space. In the report, Rik Turner, Senior Principal Analyst at Omdia, discusses accelerated cloud adoption, the rapid increase in threats, and ongoing shortage of skilled security professionals, that is driving the cybersecurity world […]

The old days of buying new software, installing it on the company servers, and making sure everything works is gone. All hail the new IT king – SaaS platforms. Ready to go from the start, no installation needed, no hardware involved, and easy to connect the organization and its users. An IT department haven of […]

Hananel Livneh

After 2 years of virtual events, RSA Conference 2022 in San Francisco brought back face-to-face interaction. And wow, what an experience! From live sessions and parties to games and demos galore, RSA was packed with it all. Here’s a recap of Adaptive Shield at RSA. Maor Bin’s Session: The SaaS RootKit: A New Attack Vector […]

Adaptive Shield Team

The SaaS app attack surface has widened and recent research shows that up to 63 percent of organizations have dealt with security incidents because of a SaaS misconfiguration. Lack of visibility, thousands of configurations for the security team to monitor and remediate, and too many departments with access are the leading causes of SaaS misconfigurations. […]

Adaptive Shield Team

When it comes to keeping SaaS stacks secure, IT and security teams need to be able to streamline detection and remediation of misconfigurations in order to best protect their SaaS stack from threats. However, while companies adopt more and more apps, their increase in SaaS security tools and staff has lagged behind, as found in […]

Adaptive Shield Team

Last year, we spearhead our first annual SaaS Security Survey Report, where the findings illuminated the SSPM landscape and where the market was holding. In the 2022 SaaS Security Survey Report, in collaboration with CSA, we examine the state of SaaS security in today’s enterprises and see how much the market and the overall space of […]

Every year the leaders and entrepreneurs of the cybersecurity world come together for four days for the annual RSA Conference. During these four days, visitors gain insight, join conversations, and experience solutions that could make an impact on their businesses and careers. Finally, after many years of the event being virtual, RSA is back in […]

Adaptive Shield Team

“How many people do you know that clean their house once a quarter? …you have to keep a certain level of hygiene both in your house and your SaaS stack.” Uttered by our CEO, Maor Bin, in a webinar with Omdia Senior Principal Analyst, Rik Turner about the growing need to take a proactive, automated approach […]

Adaptive Shield Team

Remember when cybersecurity was mostly about firewalls, VPNs, and antivirus software? Those days are long gone. Now one of the most prevalent places for exploitation has to do with misconfigurations found in an organization’s SaaS apps. If you are in IT, you might have come across the following scenario: an admin of a business-critical SaaS […]

Adaptive Shield Team

During the last week of March, three major tech companies – Microsoft, Okta, and HubSpot – reported significant data breaches. DEV-0537, also known as LAPSUS$, performed the first two. This highly sophisticated group utilizes state of the art attack vectors to great success. Meanwhile, the group behind the HubSpot breach was not disclosed. This blog […]

Hananel Livneh

This new partnership delivers security controls over SaaS environments including the ability to identify high-risk users and non-compliant devices Tel Aviv, March 15, 2022— Adaptive Shield, the leading SaaS Security Posture Management (SSPM) company, today announced it will partner with CrowdStrike, a leader in cloud-delivered protection of endpoints, cloud workloads, identity and data, to introduce […]

Adaptive Shield Team

An accountant and a security expert walk into a bar… SOC2 is no joke. Whether you’re a publicly held or private company, you are probably considering going through a Service Organization Controls (SOC) audit. For publicly held companies, these reports are required by the Securities and Exchange Commission (SEC) and executed by a Certified Public […]

Hananel Livneh

In the busy enterprise computing environment, user onboarding and offboarding is a fact of daily life. When employee counts range into five figure territory — and entire networks of contractors have to be accounted for as well — it’s easy to lose track of who’s, literally, coming and going. Oftentimes, there are “offboarding” steps that […]

Adaptive Shield Team

TEL AVIV, Israel, Jan. 11, 2022 — Adaptive Shield, the leading SaaS Security Posture Management (SSPM) company, today announced that it has joined the Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment. The threat landscape for SaaS security […]

Adaptive Shield Team

Tel Aviv, December 7, 2021—Adaptive Shield, the leading SaaS Security Posture Management (SSPM) company, today announced a tech integration with Okta, Inc. (NASDAQ: OKTA), the leading independent identity provider. Working together, the companies will deliver businesses an integrated solution to manage SaaS security configurations, enhance Identity and Access Management (IAM), and strengthen governance for privileged […]

Adaptive Shield Team

With 2021 drawing to a close and many closing their plans and budgets for 2022, the time has come to do a brief wrap up of the SaaS Security challenges on the horizon. Here are the top 3 SaaS security posture challenges as we see them. The Mess of Misconfiguration Management The good news is […]

Eliana Vuijsje

Introduction Microsoft 365 (M365), formerly called Office 365 (O365), is Microsoft’s cloud strategy flagship product with major changes ahead, such as the deprecation of their legacy authentication protocols. Often stored on or saved to the device, Basic Authentication protocols rely on sending usernames and passwords with every request, increasing the risk of attackers capturing users’ […]

Adaptive Shield Team

It’s unfortunate, but true: SaaS attacks continue to increase. You can’t get around it, COVID-19 accelerated the already exploding SaaS market and caused industries not planning on making a switch to embrace SaaS. With SaaS apps becoming the default system of record for organizations, it has left many struggling to secure their company’s SaaS estate. […]

Maor Bin

There is often confusion between Cloud Access Security Brokers (CASB) and SaaS Security Posture Management (SSPM) solutions, as both are designed to address security issues within SaaS applications. CASBs protect sensitive data by implementing multiple security policy enforcements to safeguard critical data. For identifying and classifying sensitive information, like Personally Identifiable Information (PII), Intellectual Property […]

Eliana Vuijsje

The 2021 SaaS Security Survey report is a deep-dive on the state of SaaS security for today’s enterprises. It looks at the top risks that security professionals identify in their organizations, how CISOs feel about the security of an ever-growing SaaS-based environment, and how this concern impacts the approach they use for protecting and managing […]

Adaptive Shield Team

Imagine this: a company-wide lockout to the company CRM, like Salesforce, because the organization’s external admin attempts to disable MFA for themselves. They don’t think to consult with the security team and don’t consider the security implications, only the ease which they need for their team to use their login. This CRM, however, defines MFA […]

Eliana Vuijsje

It might sound dramatic to call ransomware a “scourge on business,” but the reality is that more companies are impacted every day. Some of these attacks hit the news cycle, but many don’t. As you look to protect yourself against the ever-burgeoning threat landscape, securing your Software-as-a-Service (SaaS) application stack is more important than ever. […]

Maor Bin

August 24th, The Hacker News reported about a massive leak of 38 million records from upwards of a thousand web apps. These records included Microsoft’s own employee information (a.o. home addresses, social security numbers and vaccination status) which were left exposed online for anyone to find. Governmental bodies from places such as Maryland and New […]

Maor Bin

In response to malicious actors targeting US federal IT systems and their supply chain, the President released the “Executive Order on Improving the Nation’s Cybersecurity (Executive Order).” Although directed at Federal departments and agencies, the Executive Order will likely have a ripple effect through the Federal technology supply stream. Private companies and enterprises will look […]

Eliana Vuijsje

On the surface, Salesforce seems like a classic Software-as-a-Service (SaaS) platform. Someone might even argue that Salesforce invented the SaaS market. However, the more people work with the  full offering of Salesforce, the more they realize that it goes beyond a traditional SaaS platform’s capabilities. For example,  few people talk about managing the security aspects […]

Hananel Livneh

When I want to know the most recently published best practices in cyber security, I visit The National Institute of Standards and Technology (NIST). From the latest password requirements (NIST 800-63) to IoT security for manufacturers (NISTIR 8259), NIST is always the starting point. NIST plays a key role as a US standard-setter, due to […]

Adaptive Shield Team

The data is in. According to IBM Security’s 2020 Cost of a Data Breach Report, there is a 50% increase in cloud usage for enterprises across all industries. The number of threats targeting cloud services, predominantly collaboration services like Office 365, has increased 630%. Moreover, 75% of respondents report that discovery and recovery time from […]

Adaptive Shield Team

Adaptive Shield Wins Next-Gen Vulnerability Assessment, Remediation and Management Award in the 9th Annual Global InfoSec Awards at #RSAC 2021 SAN FRANCISCO, MAY 20, 2021 – Market leader in SaaS Security Posture Management (SSPM), Adaptive Shield has been awarded:‍ Next Gen Vulnerability Assessment, Remediation and Management “We’re thrilled to receive this prestigious cybersecurity award from […]

Adaptive Shield Team

It’s never quiet in the era of cybercrime — and becoming the more common vector for bad actors and infiltration is within the company’s SaaS security posture. With the SaaS market growing at 30% per year and with Deloitte and others predicting that post-covid, the SaaS model will be even more widespread, it is safe […]

Maor Bin

In the era of hacking and malicious actors, a company’s cloud security posture is a concern that preoccupies most, if not all, organizations. Yet even more than that, it is the SaaS Security Posture Management (SSPM) that is critical to today’s company security. Recently Malwarebytes released a statement on how they were targeted by Nation-State […]

Eliana Vuijsje

Released last week, the CISO/Security Vendor Relationship podcast, hosted by David Spark and Mark Johnson, with our sponsored guest, Travis Hoyt, TIAA’s Managing Director of exec cybersecurity technology went live! Here’s a recap if you haven’t had a chance to hear it yet. Travis opened the show with his ten-second tip, advising listeners they need […]

Adaptive Shield Team

A typical enterprise has on average 288 SaaS applications, which according to the 2020 SaaS Trends Reports increases 30% year over year. No need to spell it out, but that’s a lot of data points, workloads and sensitive information flowing. Enter Snowflake, the Data Cloud company that gives companies the ability to unify all of […]

If you’re a security professional, by now, you’ve already heard about the epic Solorigate or Sunburst breach. The massive hack was exposed in mid-December 2020 (ah 2020; the “gift” that just keeps on giving…) and compromised numerous high-profile companies and government organizations. Security giant FireEye first discovered the widespread breach which resulted in obtaining code […]

Adaptive Shield Team

Airports are among the most secure buildings in the world. Whether it’s London’s Heathrow, The Windy City’s O’Hare, or any other airport across the globe, what’s certain is that they deploy an impressive array of scanning equipment, facial recognition tools, physical security teams, and artificial intelligence systems to keep operations flowing smoothly and prevent threats. […]

Eliana Vuijsje

SaaS vendors are continuously improving their native security controls, with the intention of preventing misconfigurations that can lead to dangerous consequences. In practicality, this means that if a SaaS provider has reason to believe a user’s mailbox has been hacked, the user will receive an alert directly to their inbox notifying them of the suspicious […]

Enterprises depend on SaaS applications for countless functions, like collaboration, marketing, file sharing and more. But problematically, they often lack the resources to configure those apps to prevent cyberattacks, data exfiltration, and other risks. Catastrophic and costly data breaches result from SaaS security configuration errors. The Verizon 2020 Data Breach Investigations Report found that errors […]

Hananel Livneh

Account Takeovers (ATOs) are a major threat to organizations around the world. This common form of attack occurs when a cyber criminal uses legitimate credentials to gain unauthorized access to user accounts. Once inside, the attacker may steal data  (PII or sensitive corporate data), steal money, and perform fraud campaigns. Each year, organizations lose millions […]

Adaptive Shield Team

As security professionals who have spent more than a few years in the industry, we know a good challenge when we see one. That’s why we started Adaptive Shield–to address the critical issue of proactively maintaining continuous security for the myriad of SaaS applications used in organizations across the globe. Today, organizations have anywhere from […]

Maor Bin

On March 11th, 2020, the World Health Organization recognized the global outbreak of COVID-19 as a pandemic. In times like these, many companies encourage or mandate their employees to work from their homes to ensure they remain healthy and safe. During mandatory Work From Home situations, business communication and productivity are major factors of success. […]

Maor Bin