Close Menu
Indo Guard OnlineIndo Guard Online
  • Home
  • Cyber Security
  • Risk Management
  • Travel
  • Security News
  • Tech
  • More
    • Data Privacy
    • Data Protection
    • Global Security
What's Hot

New Mattery Model for Browser Safety: Closing Risk in Last Mile

July 1, 2025

Google Patches Critical Lack of Zero Day in the V8 Chrome engine after active operation

July 1, 2025

US arrests in North Korean IT -Work scheme; Captures 29 domains and raids 21 laptops

July 1, 2025
Facebook X (Twitter) Instagram
Facebook X (Twitter) Instagram YouTube
Indo Guard OnlineIndo Guard Online
Subscribe
  • Home
  • Cyber Security
  • Risk Management
  • Travel
  • Security News
  • Tech
  • More
    • Data Privacy
    • Data Protection
    • Global Security
Indo Guard OnlineIndo Guard Online
Home » Threat prevention and detection in a SaaS environment
Global Security

Threat prevention and detection in a SaaS environment

AdminBy AdminJuly 16, 2024No Comments6 Mins Read
Threat Prevention
Share
Facebook Twitter LinkedIn Pinterest Email Copy Link


Threat prevention

Identity-based threats in SaaS applications are a growing concern among security professionals, although few have the capabilities to detect and respond to them.

According to the US Cybersecurity and Infrastructure Security Agency (CISA), 90% of all cyber attacks start with phishing, an identity-based threat. Attacks using stolen credentials, over-provisioned accounts, and insider threats make it abundantly clear that identity is the primary attack vector.

Worse, it’s not just human accounts that are being targeted. Threat actors also capture non-human identities, including service accounts and OAuth authorizations, and infiltrate them deep into SaaS applications.

When threat actors get past initial defenses, having a robust Identity Threat Detection and Response (ITDR) system in place as an integral part of Identity Security can prevent mass breaches. Last month Snowflake breach is a great example. Threat actors took advantage of one-factor authentication to gain account access. Once inside, the company had no meaningful threat detection capability, allowing threat actors to steal more than 560 million customer records.

How ITDR works

ITDR combines several elements to detect SaaS threats. It tracks events across the entire SaaS stack and uses login information, device data, and user behavior to detect behavioral anomalies that indicate a threat. Each anomaly is considered an indicator of intrusion (IOC), and when these IOCs reach a pre-set threshold, ITDR triggers an alert.

For example, if an administrator downloads an unusual amount of data, ITDR will count it as an IOC. However, if the download is in the middle of the night or on an unusual computer, the combination of these IOCs can be considered a threat.

Similarly, if a user logs in from a suspicious ASN after a brute-force login attempt, ITDR classifies the login as a threat, triggering an incident response. Using a rich data set from multiple applications, ITDR can detect threats based on data from different applications. If a user is logged into one program from New York and another from Paris at the same time, it may seem normal for ITDR to be limited to viewing the event logs for one program. The power of SaaS ITDR comes from monitoring data from the entire SaaS stack.

In a recent breach discovered by Adaptive Shield, threat actors infiltrated an HR department’s payroll system and changed the account numbers of several employee bank accounts. Fortunately, ITDR’s mechanisms detected the anomalous activity and the account data was fixed before any funds were transferred to the threat actor.

Mitigation of risks based on identification

There are a number of steps organizations should take to reduce the risk of identity-based threats and strengthen their identity framework.

Multi-factor authentication (MFA) and single sign-on (SSO) are critical to this effort. Permission pruning, least privilege (PoLP) and role-based access control (RBAC) also limit user access and reduce the attack surface.

Unfortunately, many identity management tools are underutilized. Organizations disable MFA, and most SaaS applications require administrators to be able to log in locally in the event of an SSO system failure.

Here are some proactive identity management measures to reduce the risk of identity breaches:

Categorize your accounts

High-risk accounts generally fall into several categories. To create strong identity management, security teams must start by classifying the different types of users. These can be former employee accounts, high-privilege accounts, inactive accounts, non-human accounts, or external accounts.

1. Deactivate former employees and deactivate inactive user accounts

Active accounts of former employees can lead to significant risk for organizations. Many SaaS administrators assume that once an employee is disconnected from an identity provider (IdP), their access to the company’s SaaS programs is automatically removed.

While this may be true for SaaS applications connected to an IdP, many SaaS applications are not. In such circumstances, administrators and security teams must work together to strip former users of local credentials.

Dormant accounts should be identified and deactivated whenever possible. Often, administrators used these accounts to test or configure the application. They have high privileges and are used by multiple users with an easy-to-remember password. These user accounts pose a significant risk to the application and its data.

2. Monitor external users

External accounts must also be monitored. Often outsourced to agencies, partners or freelancers, the organization has no real control over who has access to their data. When projects are completed, these accounts often remain active and can be used by anyone with the credentials to compromise the application. In many cases, these accounts are also privileged.

3. Limit user rights

As mentioned earlier, excessive permissions increase the attack surface. By applying the Principle of Least Privilege (POLP), each user has access to only those areas and data in the application that they need to do their job. Reducing the number of high-privilege accounts significantly reduces a company’s risk of a serious breach.

4. Create checks for privileged accounts

Administrator accounts are high risk. If breached, they expose organizations to significant data breaches.

Create security checks that send alerts when users act suspiciously. Some examples of suspicious behavior include unusually late logins, connecting to a workstation from abroad, or downloading large amounts of data. Administrators who create high-privilege user accounts but do not assign them to a managed email address may be suspect.

Defining security checks that track these types of behaviors can give your security team a head start in detecting an attack at an early stage.

Make identifying threat detection a priority

As more sensitive corporate information is placed behind the identity-based perimeter, it is increasingly important for organizations to prioritize their identity framework. Each layer of security placed around an individual makes it even more difficult for threat actors to gain access.

For those who can handle the initial protection, having a robust ITDR system as an integral part of the identity framework is critical to maintaining security and protecting sensitive data from exposure. It identifies active threats and alerts security teams or takes automated steps to prevent threat actors from doing harm.

Learn more about threat detection in your SaaS stack

Hacker news

Did you find this article interesting? This article is from one of our respected partners. Follow us Twitter  and LinkedIn to read more exclusive content we publish.





Source link

Share. Facebook Twitter Pinterest LinkedIn Tumblr Email Copy Link
Admin
  • Website

Related Posts

New Mattery Model for Browser Safety: Closing Risk in Last Mile

July 1, 2025

Google Patches Critical Lack of Zero Day in the V8 Chrome engine after active operation

July 1, 2025

US arrests in North Korean IT -Work scheme; Captures 29 domains and raids 21 laptops

July 1, 2025

Microsoft Removes Password Management from Authenticator app since August 2025

July 1, 2025

American agencies warn of Iranian protection cyber growth, OT networks and critical infrastructure

June 30, 2025

Europol demonstrates $ 540 million in cryptocurrency fraud, arrests five suspects

June 30, 2025
Add A Comment
Leave A Reply Cancel Reply

Loading poll ...
Coming Soon
Do You Like Our Website
: {{ tsp_total }}

Subscribe to Updates

Get the latest security news from Indoguardonline.com

Latest Posts

New Mattery Model for Browser Safety: Closing Risk in Last Mile

July 1, 2025

Google Patches Critical Lack of Zero Day in the V8 Chrome engine after active operation

July 1, 2025

US arrests in North Korean IT -Work scheme; Captures 29 domains and raids 21 laptops

July 1, 2025

Microsoft Removes Password Management from Authenticator app since August 2025

July 1, 2025

American agencies warn of Iranian protection cyber growth, OT networks and critical infrastructure

June 30, 2025

Europol demonstrates $ 540 million in cryptocurrency fraud, arrests five suspects

June 30, 2025

Slide

June 30, 2025

Pragmatic approach to NHI stocks

June 30, 2025
About Us
About Us

Provide a constantly updating feed of the latest security news and developments specific to Indonesia.

Facebook X (Twitter) Pinterest YouTube WhatsApp
Our Picks

New Mattery Model for Browser Safety: Closing Risk in Last Mile

July 1, 2025

Google Patches Critical Lack of Zero Day in the V8 Chrome engine after active operation

July 1, 2025

US arrests in North Korean IT -Work scheme; Captures 29 domains and raids 21 laptops

July 1, 2025
Most Popular

In Indonesia, crippling immigration ransomware breach sparks privacy crisis

July 6, 2024

Why Indonesia’s Data Breach Crisis Calls for Better Security

July 6, 2024

Indonesia’s plan to integrate 27,000 govt apps in one platform welcomed but data security concerns linger

July 6, 2024
© 2025 indoguardonline.com
  • Home
  • About us
  • Contact us
  • Privacy Policy

Type above and press Enter to search. Press Esc to cancel.