Identity -based attacks are increasing. The attackers aim at identity with violated powers, abducted by authentication and privileges abuse. While many decisions on detection threats focus on cloud, end and network threats, they ignore the unique risks that cause Saas identity ecosystems. This blind place applies chaos for large and small Saas organizations.
The question is, what can the security teams do?
Don’t be afraid because Identification and reaction of the threat of identity (ITDR) here to keep the day. It is necessary to have visibility and response mechanisms to stop the attacks before they become disturbance.
Here is the super range necessary for each team to stop the Saas identity threats.
No. 1 Full Cover: Cover each corner
Like the CAP shield, this protection should cover each corner. Traditional threatening tools such as XDRS and EDRS cannot cover SAAS applications and leave the organizations vulnerable. Saas (ITDR) threats and reaction should include:
- ITDR must go beyond the traditional cloud, network, IoT and final points to enable Saas apps such as Microsoft 365, SalesForce, Jira and GitHub.
- Unobstructed integrations with IDP such as Okta, Azure Ad and Google Workspace to make sure no entrances slipped through the cracks.
- A deep forensic study of the events and log magazines for a detailed report on the cutting and historical analysis of all identity incidents.
№ 2, oriented to identity: Let no one slip through the threads
Web -networks Spidey ensnares before they apply a strike and no one slips on the threads. If the security events are given only in chronological order, the abnormal activity of one identity may go unnoticed. It is important to make sure that your ITDR reveals and correlates threats to identity orientation.
What means identity in ITDR means:
- You can see the complete attack history on one identity in all your SAAS environment, reflecting the lateral movements from infiltration to expansion.
- The events of authentication, changes in privileges and access anomalies are built in the attack chains.
- User analyst and essence (UEBA) is used to detect deviations from ordinary identity, so you don’t have to hunt for events to find suspicious.
- Both human and inhuman identities, such as maintenance accounts, API keys, and Oauth tokens, are constantly monitored and indicated by abnormal activity.
- Unusual escalation of privileges or lateral traffic attempts in the SAAS environment are revealed so you can quickly examine and respond.
#3 Intelligence threat: Identify indefinite
Professor X can see everything from Cerebro, and full ITDR should be able to detect indefinite. ITDR Intelligence Intelligence should:
- Classify any Darknet activity for easy investigation into security groups.
- Include IP Geolocation and IP Privacy (VPN) for context.
- Enjoy the detection of a threat with compromise (IOC) indicators, such as compromised powers, malicious IPS and other suspicious markers.
- Stages of attack on the card using frames such as MITER ATT&T to help determine the compromise of the identity and lateral movement.
No. 4 Prioritization: Focus on real threats
The alert fatigue is real. Daredevil’s heard feelings allow him to filter through the prevailing noise, reveal hidden dangers and focus on real threats – just as ITDR priorities cut out alert fatigue and emphasize critical risks. Saas ITDR threats should include:
- Dynamic risk calculations in real time to reduce false positive results and highlight the most important threats.
- The full term of submission, which binds the events of the identity with the cohesive history of the attack, turning scattered signals into high accuracy, effective alerts.
- A clear context of the alerts with the affected identities, the impact of applications, the attack in the Miter ATT&T & CK, as well as with key events such as unsuccessful inputs, escalation of privileges and behavioral anomalies.
No. 5 Integration: Be stopping
Just like Avengers combine their powers to stop, effective Saas ITDR must have integration for automated workflows, making the command more efficient and reducing heavy lifting. ITDR’s integration must include:
- Siem & Soar for automated workflows.
- Step -by -step books on the consequences and policy management for each application and each stage of the MITER ATT & CK frame
#6 Posal Office: Use a dynamic duo (bonus advice!)
Black widow and Hawkeye – a dynamic duo, and a comprehensive ITDR relies on the Saas security (SSPM) control to minimize the attack surface as the first layer of defense. Free SSPM should include:
- Deep visibility in all SAAS apps, including Shadow IT, App-App integration, user resolutions, roles and access levels.
- False configuration and detection of policy drifts given within SCUBA CISA, to identify incorrect authentication policies, such as lack of Foreign Affairs, weak password policies and excessive role permits for constant implementation
- Detection at rest and orphans accounts for the flag of inactive, unused or orphans that pose a risk.
- Tracking the events of users’ life cycle to prevent unauthorized access.
With great force comes great responsibility
This composition of compulsory affairs completely leads to organizations to face any threat based on Saas identity that comes on their way. Not all heroes wear the capes … Some just don’t stop.
Learn more about detection and reaction by threatening Saas Saas Saas there.
