Software program as a service (SaaS) apps are ubiquitous, hybrid work is the brand new regular, and defending them and the necessary knowledge they retailer is a giant problem for organizations. In the present day, 59 p.c of safety professionals discover the SaaS sprawl difficult to handle¹ and have recognized cloud misconfigurations as the highest danger of their surroundings.²

To fight these assaults successfully, safety groups want a brand new strategy that protects their knowledge inside cloud apps past the normal scope of cloud entry safety brokers (CASBs). That’s why Microsoft Defender for Cloud Apps is now delivering full safety of SaaS functions. This consists of new investments in SaaS Safety Posture Administration (SSPM), superior risk safety as a part of Microsoft’s prolonged detection and response (XDR) resolution, and app-to-app safety—whereas persevering with to construct upon different highly effective CASB capabilities like Shadow IT discovery and data safety.

In the present day, we’re excited to announce that Defender for Cloud Apps is extending its SSPM capabilities to a few of the most important apps organizations use immediately, together with Microsoft 365, Salesforce,³ ServiceNow,⁴ Okta,⁵ GitHub, and extra.

A holistic SaaS safety strategy

Traditionally, CASBs have been the principle software to deal with SaaS safety wants with Shadow IT discovery, visibility into cloud app utilization, and safety in opposition to app-based threats as the principle use instances. Nevertheless, the uptick in app utilization mixed with staff accessing firm sources exterior of the company perimeter has launched new assault vectors. That’s why Defender for Cloud Apps now delivers capabilities to deal with these new assault vectors throughout prevention and safety for a extra holistic strategy all through the app utilization lifecycle. The addition of SSPM allows safety groups to enhance the group’s safety posture; app-to-app safety addresses a brand new risk state of affairs the place apps alternate knowledge straight; and the mixing into the Microsoft 365 Defender XDR resolution allows highly effective correlation of sign and visibility throughout the total kill chain of superior assaults. These new units of capabilities, mixed with the normal CASB situations, make up the Microsoft strategy to holistic SaaS safety and can assist organizations successfully defend in opposition to app-based threats.

In a current analysis paper, Omdia applauds Microsoft’s imaginative and prescient of a broader safety providing for SaaS and suspects that different distributors might want to emulate its providing, analyst agency Omdia acknowledged this new strategy, confirming the necessity for a holistic technique to guard cloud apps.

SaaS Safety Posture Administration is vital to prevention

Prevention and optimizing their group’s safety posture has turn out to be a vital focus space for safety groups to restrict the variety of breaches. A key problem in securing SaaS apps, nonetheless, is that safety groups must analysis configuration finest practices for every app individually, which creates vital overhead. To streamline this course of, Defender for Cloud Apps launched SSPM in June 2022 to floor misconfigurations and supply suggestions to strengthen an app’s posture.

In preview beginning immediately, Defender for Cloud Apps now gives safety posture administration for Microsoft 365, Salesforce, ServiceNow, Okta, GitHub, and extra. Not solely are we increasing the breadth of app protection but in addition the depth of assessments and capabilities for every software. Right here is what to anticipate:

• Seamless integration with the Defender for Cloud Apps connector expertise: You probably have already linked any of those apps to Defender for Cloud, the brand new SSPM capabilities robotically gentle up with none extra deployment.
• Alignment to finest practices and benchmarks:  We advocate actions primarily based on business requirements just like the Heart for Web Safety and comply with finest practices set by the particular app supplier (for instance, Salesforce Safety Well being Examine).

Defend inter-app knowledge alternate with software governance

Lately, there was a rise in assaults involving OAuth functions. Again in April 2022, Github fell sufferer to a marketing campaign the place an attacker used stolen OAuth app tokens to achieve entry to non-public person code repositories and started cloning them to exfiltrate knowledge.⁶ The principle problem with an OAuth app is that it’s tough to see the extent of permissions and the kind of knowledge it will possibly entry. They usually behave unnoticed whereas nonetheless having in depth permissions to entry knowledge in different apps on behalf of an worker, which makes them simply vulnerable to a compromise.

Defender for Cloud Apps acknowledges this open assault vector and the necessity for stronger app-to-app safety. With the principle challenge being visibility and governing these apps, upkeeping app hygiene is vital. To assist organizations fill this hole, we’ll quickly launch a brand new functionality that can permit safety groups to achieve visibility into unused apps, credentials, and expired credentials. Recognized by Microsoft Azure Energetic Listing, they’ll have the ability to see these vulnerabilities and implement a predefined coverage with detailed remediation actions, to simply resolve these potential dangers.

Unused OAuth apps and credentials could be a backdoor for an adversary to achieve entry to a corporation’s surroundings to exfiltrate knowledge or use privileged credentials to entry delicate knowledge in one other app. Through the use of these new capabilities in Defender for Cloud Apps, organizations will have the ability to drastically cut back their potential OAuth assault floor.

Defend in opposition to superior assaults utilizing app sign in Microsoft XDR

Whereas cloud apps proceed to be a goal for adversaries making an attempt to exfiltrate company knowledge, subtle assaults usually cross modalities—transferring laterally from e-mail as the commonest entry level, to compromise endpoints, and identities, earlier than finally getting access to in-app knowledge. Whereas CASBs deal with alert safety operations middle (SOC) groups by figuring out anomalies like a mass obtain exercise, this strategy leaves SOC groups with out sufficient context to prioritize their investigation successfully.

That’s why Defender for Cloud Apps is natively built-in into Microsoft 365 Defender. The XDR know-how correlates indicators from the Microsoft Defender suite throughout endpoints, identities, e-mail, and SaaS apps to supply incident-level detection, investigation, and highly effective response capabilities like automated assault disruption. The mixing of SaaS safety into an XDR expertise offers SOC groups full kill chain visibility and improves operational effectivity with higher prioritization and shorter response occasions to finally defend the group extra successfully.

As an integral a part of the Microsoft 365 Defender XDR resolution, organizations can fulfill each: their SaaS safety use instances, in addition to leverage the SaaS indicators and insights for efficient SOC processes.

Get began in your SaaS safety journey with Microsoft

It’s vital that you simply defend knowledge and belongings by implementing SaaS safety ideas in your safety technique whereas empowering customers to remain productive.

Microsoft’s distinctive strategy helps safety professionals simply begin irrespective of the place they’re of their app safety journey. Discover ways to defend your group’s apps throughout the SaaS app administration lifecycle by way of a set of straightforward steps and finest practices:

To study extra about Microsoft Safety options, go to our web site. Bookmark the Safety weblog to maintain up with our professional protection on safety issues. Additionally, comply with us on LinkedIn (Microsoft Safety) and Twitter (@MSFTSecurity) for the most recent information and updates on cybersecurity.

¹2023 State of SaaSOps, Higher Cloud. 2023.

²Prime 7 SaaS Safety Dangers (and Tips on how to Repair Them), Catherine Chipeta. June 13, 2022.

³Join Salesforce to Microsoft Defender for Cloud Apps, Microsoft Study. February 5, 2023.

⁴Join ServiceNow to Microsoft Defender for Cloud Apps, Microsoft Study. February 5, 2023.

⁵Join Okta to Microsoft Defender for Cloud Apps, Microsoft Study. February 5, 2023.

⁶Safety alert: Assault marketing campaign involving stolen OAuth person tokens issued to 2 third-party integrators, Mike Hanley. April 15, 2022.