Managing SaaS security risks is time-consuming and complex — even for SaaS applications sanctioned by IT and security teams.
Given that organizations nowadays use hundreds or even thousands of SaaS applications (with just as many SaaS app users), most security teams struggle to understand and control their SaaS security posture. That challenge goes way beyond understanding the full scope of SaaS applications and their utilization within the organization.
When talking to security and IT professionals about their SaaS adoption challenges we at Axonius notice a few that are very consistent — regardless of industry or company size:
The most effective way to deal with the complexity of SaaS today? Leverage a solution that deals with both operational and security risk management aspects together in one place.
With the latest expansion of its remediation capabilities, Axonius SaaS Management now provides the ability to suspend suspicious or inactive user accounts, and remove discovered app-to-app connections with access to sensitive company data. By introducing controls for selected core business applications, Axonius reduces the required effort from security and Identity and Access Management (IAM) teams while ensuring quick impact in reducing the attack surface and improving the SaaS security posture.
The introduction of the user suspension capability closes the loop between the discovery of either inactive, unused, or suspicious user accounts and the actions that can immediately be taken to suspend their access to various applications hosting sensitive corporate data. Another benefit of suspending unneeded user accounts is it allows companies to optimize SaaS spend by rightsizing licenses.
This capability further increases the benefits of leveraging the behavioral analytics capabilities within Axonius SaaS Management, with organizations now being able to detect and act on anomalies and suspicious behavior that may indicate user account compromise.
Suspending SaaS app users with Axonius SaaS Management
Extensions or 4th-party applications that have been granted access to the organization's SaaS applications by users — either knowingly or by mistake — pose additional security risks to any organization.
Now with Axonius SaaS Management, extensions that may pose security risks can be terminated by users. This capability is critical when it comes to terminating newly discovered extensions with unapproved apps given access to various sensitive data, like email accounts, cloud drives, etc.
A common example we see is active 0auth tokens with excessive (admin) privileges that are no longer being used or expose sensitive corporate data. These extensions now can be tracked down and terminated, reducing potential data sprawl and the customer’s SaaS app attack surface.
Tokens are terminated through adapter connections to SSO/identity providers (e.g., Okta or Google Workspace), and other apps able to grant the tokens.
Along with the above-mentioned remediation features, Axonius SaaS Management now provides additional ticketing and workflow automation capabilities to ensure security teams have timely alerts on various SaaS security risks around configurations, user access or behavior, and more. Axonius supports running predefined actions or sending specific data and alerts programmatically or ad hoc to specific teams and app owners via different solutions, like email clients, Slack, or workflow automation via webhook automation.
Pre-built and custom reports
To ensure continuous monitoring and easy access to top areas of interest for security and IT teams around SaaS apps, Axonius SaaS Management is also continuously expanding its portfolio of reports available within the product. The currently available pre-built and automatically updated reports include overviews of users with excessive permissions or admin credentials, inactive and unused user accounts, existing offboarding gaps, and more. These reports contain essential information for IT management and SaaS security operations, compliance, or internal reporting needs.
Axonius also allows users to leverage their saved filters into custom scheduled reports that can be sent on a recurring basis as a CSV attachment to an email or other destinations.
Insight into SaaS risks is only so valuable without the ability to take action. The latest developments allow IT and security teams to continuously reduce the SaaS app attack surface, control SaaS access, and optimize SaaS licensing.
"Culture is the foundation for any high-performing team. We all process information differently, we listen differently. We come from different backgrounds and experiences. No matter who you are, I want to know that. I want to understand what makes you you and treat you the way you want to be treated, not how I project myself onto you.”
— Jen Easterly, director, Cybersecurity and Infrastructure Security Agency (CISA)
“[Create an environment] where people can understand when they can take time off and not feel like everything is going to fall apart. [Where] they have a plan for their career and how they’re going to grow. [Where] they have time to be with their friends and family enough not to be burned out."
— Deidre Diamond, founder and CEO of CyberSN and Security Diversity
“Actively invite engagement, listen with purpose, and look for signs of burnout. You can't expect everyone to feel equally comfortable expressing an opinion, and so it's important to solicit feedback at times as opposed to always passively expecting it. When you are getting engagement, listen with purpose. Make an effort to not only hear what's being said, but understand and empathize. Lastly, look for signs of burnout. … If you're noticing signs of burnout on the team, look for ways to intervene, like ensuring adequate team resourcing/load balancing to create a healthy work/life balance for everyone, and that team members are able to take PTO."
— Daniel Trauner, senior director of security, Axonius
“We need an environment where failure is not only tolerated, but an understood aspect of innovation. Our attackers are failing forward every single day, [and] we deserve the ability to do the same if we are going to protect our people, data, and organizations.”
— Chris Cochran, co-founder at Hacker Valley Media and creative director at Axonius
41 Madison Avenue, 37th Floor
New York, NY 10010