RESOURCES
Organisations are increasingly relying on cloud applications to improve productivity and collaboration. Widely available statistics indicate that the average number of SaaS applications used per user exceeds 20 in small enterprises and is significantly higher in larger companies. The average number of SaaS applications used per company is over 250.
Suites of tools like Google Workspace, Microsoft 365 and cloud applications like Salesforce, collaboration tools like Trello and Slack as well as creative tools like Adobe Creative Cloud and CANVA are widely used to provide integrated solutions and boost efficiency. Alongside these well-known productivity applications, there are countless trial, free, or freemium tools, which, along with the rise of AI-based creativity tools, introduce a new set of security challenges, especially when used without formal approval or proper oversight.
The increased use of SaaS applications manifests two major cyber security risk categories:
- Unauthorised access to a third-party SaaS tool can expose organisations to further malicious activities by threat actors. The MITRE ATT&CK SaaS matrix shows (1), that threat actors are not short of tools and techniques to exploit SaaS ecosystems.
- Unauthorised use of SaaS applications has created a cloud-based Shadow IT phenomenon. Where users are often prompted to give excessive privileges to externally managed apps (SaaS) and SaaS app vendor vulnerabilities can lead to exploitation of sensitive corporate data with no oversight from internal security teams.
While the term Shadow IT originally defined the use of IT related hardware, software, or services by employees without the knowledge or approval of the organisation’s IT and security departments. This has now been extended into the cloud on a massive scale and this now extended category creates new risk factors such as granting excessive privileges via Admin Consent Flow, further exposes existing vulnerabilities in the vendor environment and it is now easier to become non-compliant as users sign up for unsanctioned cloud-based tools. Regulating the use of SaaS applications across the organisations is a mandatory requirement for companies to deal with the growing number of associated cyber risks. Commercially available Cloud Access Security Broker (CASB) solutions offer key features and functionalities to deal with this risk, but CASB alone cannot solve these extensive Shadow IT issues. To mitigate these risks advanced monitoring is required, built around tracking user identities and detailed network traffic analysis. This allows organisations to understand both sanctioned and unsanctioned cloud application usage. This is crucial in detecting and responding to threats, such as a “excessive downloading from corporate resources” or “suspicious activities within CRM platforms.
Cynode’s MDR for Cloud Apps Shadow IT
To explore these scenarios a little more, Cynode has designed a managed service that is especially effective because it integrates directly with cloud tools, SaaS infrastructure APIs and allows for native tracking of anomalous behaviours, in CRM tools, such as the creation of an unusual number of quotes in Salesforce or the deletion of critical SalesForce client or company data. Utilising native tools and APIs the Cynode service can monitor for interesting behaviour in Dropbox or OneDrive like an abnormal amount of file downloads, which might indicate data exfiltration taking place. By leveraging these monitoring capabilities, Cynode customers gain deeper visibility into SaaS usage, can enforce consent policies, and detect suspicious activities across collaboration tools like Google Workspace, Slack, and Microsoft Office 365. By regulating SaaS application usage across the enterprise, organisations can prevent the spread of Shadow IT security issues, reduce exposure to external vulnerabilities, and ensure compliance with security governance policies.
Key Benefits
· Gain complete visibility into SaaS application usage by your users
· Assess the consent policies as per the security governance policies.
· Prevent Shadow IT
· Detect suspicious activities that takes place in collaboration tools such as Google Workspace, Salesforce, Slack, Microsoft Office 365 (including OneDrive, SharePoint, Teams, etc.).
Cynode’s MDR for Cloud Apps Shadow IT service is a comprehensive solution designed to identify, monitor, and manage cloud applications and services across an organisation. By leveraging advanced detection and response capabilities, Cynode ensures that all cloud application usage is visible, controlled, and secure.
Why not schedule a call with one of our cyber advisors to discuss how we can help enhance your organisation’s cyber maturity. Or book a free trial of one of the many Cynode services.
References:
-
Interview with Senior Cyber Advisor Per-Olov Kask
Delve into the fascinating career journey of a seasoned cyber security professional who has dedicated over three decades to the ever-evolving IT and cyber security landscape. Starting as an IT technician in 1993, our expert quickly rose through the ranks to become a country IT manager, driven by a passion for combating emerging cyber threats. In 2022, this journey led to an impactful role at Cynode as a Senior Cyber Advisor. Join us as we explore his experiences, insights, and the innovative approaches that make Cynode a leader in the cyber security field.
-
Regular EDR Policy Tuning
The cyber security world has recently focused on EDR technology due to its significant impact across industries. This post explores the evolution from early antivirus software to EDR platforms. Key milestones include the introduction of commercial antivirus software in 1987, the emergence of heuristic and behavioural detection methods in the early 2000s, and the development of Next-Gen Antivirus (NGAV) in 2010. EDR solutions, emerging around 2013, are crucial for detecting, investigating, and mitigating security threats but require regular policy updates and meticulous tuning for optimal performance.
-
Mastering Log Management: Enhancing SIEM and SOC Efficacy
Efficient log management is critical for SIEM and SOC efficacy. Challenges include log agent malfunctions, configuration errors, and network issues. This blog explores four log problem categories, from detection failures to incomplete logs, and introduces innovative solutions for proactive threat detection and response. Learn how Cynode's integrated threat simulation and log validation processes ensure optimal log coverage and enhanced security monitoring. Stay ahead of cyber threats with robust log management practices.
-
Understanding WebApp Exposure
WebApp Exposure Monitoring involves regular assessments and updates to perimeter defence platforms like WAF policies, ensuring alignment with the latest threat intelligence. Having a proactive stance to WebApp attacks is crucial as cyber threats incredibly fast, often outpacing traditional security defences. The process of continuously monitoring web applications allows organisations to more readily detect anomalies and respond to threats in real-time, minimising the risk of data breaches and other cyber incidents.
-
Introduction to Managed Security Service Providers (MSSPs)
Businesses increasingly struggle with cyber security management, especially with limited resources. Managed Security Service Providers (MSSPs) like Cynode offer comprehensive, efficient solutions, managing everything from security infrastructure to incident response, often using cloud services for cost efficiency. This article explores the benefits and services MSSPs provide, underscoring their importance in modern cyber security strategies.
-
Improving SIEM Efficacy as the Market Evolves
As the SIEM market evolves with new mergers and partnerships, Cynode supports practitioners to ensure no security event is missed, offering comprehensive services from threat-centric log and rule validation to complete SIEM management.
-
Welcome Konrad Falk as Our New Senior Cyber Advisor & Architect!
Konrad brings extensive experience in Cyber Security and IT, with a background in programming, networking, and security. Passionate about securing companies and educating others, he values the trust of our leadership and is eager to manage security incidents and tackle evolving threats hands-on.
-
“Trust me, I was an engineer” – Björn Nilsson
We are pleased to announce Björn Nilsson as the new Head of Security Operations Sweden at Cynode. His extensive experience in cyber security and IT infrastructure marks a significant milestone in enhancing our capabilities. Björn brings a wealth of expertise from various critical roles within the industry.
-
Cynode Boosts Team with Gustav Bivstedt's Technical Expertise
Cynode hires Gustav Bivstedt as a Cyber Advisor to enhance our Cyber Advisory and Assurance Services. His expertise strengthens our technical capacity and supports business growth, including new offerings in security testing, cyber maturity assessments, and proactive risk management with Cyber Threat Intelligence.
-
Meet our "VP of Product" Cumhur Hatipoglu
As Cynode’s CMO, I am constantly impressed by our team's innovation and engagement. Cumhur Hatipoglu, our new VP of Product, enhances our mission to innovate in cyber security and MDR services. His approach integrates NIST CSF and best security practices to ensure our solutions meet clients' evolving needs.
-
Hacking and Cyber Warfare Go Hand in Hand
Sweden, amidst its NATO application and tensions with Russia and Turkey, has experienced a rise in political cyber-attacks. Groups such as Anonymous have targeted governmental infrastructures, leading to data leaks. Escalation of cyber-crime and nation-state backed cyber warfare necessitates global enhancement of defense measures.
-
EU updates NIS Directive. Are you compliant?
The European Union introduced the NIS 2 Directive to improve the cyber security of critical infrastructure systems within its member states and to ensure that digital service providers and operators of essential services have adequate security measures in place to secure their networks and data.
-
Rise of Cyber Due Diligence in M&A Processes
Sweden's post-pandemic economic recovery has spurred M&As. Cynode emphasises integrating cyber due diligence to address vulnerabilities, protect essential information, and optimise security spending, enhancing the security posture before, during and after M&As.