Blog

  • -

7 Steps to Stronger SaaS Security

When the White House warned all businesses to be on high alert for cyberattacks earlier this year, it was a wake-up call for many. While these kinds of warnings are often directed at government agencies or even critical infrastructure companies, a blanket warning is unusual.

All organizations should take this warning as an opportunity to review and, if needed, improve their security. Software-as-a-service (SaaS) application security is often a blind spot, so give your SaaS ecosystem some extra attention. SaaS is ubiquitous, highly configurable, and continuously updated, leaving many organizations vulnerable if they aren’t closely monitoring for security gaps and changes.

Continuous monitoring is key to keeping up with SaaS changes, but that’s not all you’ll need to get better visibility into your SaaS security. Follow these seven steps to implement improved security measures that will help minimize your risk of a breach:

1. Close critical configuration gaps. Some 55% of companies have sensitive data exposed to the internet, and misconfiguration is often to blame. The configurability that makes SaaS apps so powerful is also a weakness if not closely monitored. Get better visibility into the configurations of your SaaS platforms, beginning with those that house the most sensitive data and have the largest number of users. Consult best practices from the Cloud Security Alliance and other experts and close those configuration gaps.

2. Disable legacy authentication methods and protocols. The majority of compromising sign-in attempts come from legacy authentication, which does not support multifactor authentication (MFA). Even if you have an MFA policy enabled on your directory, a bad actor can authenticate using a legacy protocol and bypass MFA. The best way to protect your environment from malicious authentication requests made by legacy protocols is to block these attempts altogether.

3. Enforce higher security authentication requirements. An account is 99.9% less likely to be compromised if you use MFA.

4. Analyze and monitor conditional access rules. Attackers often make modifications to conditional access rules to open access permissions further or implement exception rules. Since these rules can be nested and complex, it’s important to validate rules and enable continuous monitoring. Keep an eye out for any changes and IP block exceptions.

5. Assess third-party access. Third-party integrations and applications are often installed with high-level permissions and can be conduits for horizontal privilege escalation to other SaaS systems. Verify that third-party access and applications have been reviewed, approved, and are actively in use. To lower your risk of a third-party compromise, grant permissions and data access to third-party apps following the principle of least privilege and withdraw access as soon as it’s no longer needed.

6. Identify public and anonymous data access permissions. Least privilege access offers you better protection as ransomware attacks proliferate and the tool sets to execute attacks are more broadly distributed. Data access modeling and third-party app analysis can help identify exposure points to the public internet, allowing you to better protect all datasets.

7. Monitor for anomalous user activity. Watch for password spraying and excessive failures. Monitor for compromised accounts in threat intelligence feeds. The faster you can spot unusual activity, the faster and better you can respond and limit the damage.

SaaS applications run business-critical functions in many organizations, and SaaS security should be considered as critical as the security measures in place for other technologies. Continuously monitoring your SaaS ecosystem, addressing misconfigurations quickly, and keeping a close eye on third-party access to your systems can help keep your data safe and your business running smoothly.

Source: 7 Steps to Stronger SaaS Security


  • 0

Remember, Think Before You Click!

There is a phishing attack going on you need to know about. The campaign sends and email with the subject: “Assessment document” and the body of the email has a PDF attachment in it that claims that it is locked. The message reads: “PDF Secure File UNLOCK to Access File Content”. If you click to unlock the document, a dialog box comes up that asks you to put in your email address and password.

If an email like that makes it into your inbox, do not click on anything, and definitely do not enter your email address and password. Follow the organization’s procedure and if you are at the house, delete the email. Remember, Think Before You Click!


  • 0

YAHOO Users beware, act Now!!!

I don’t like to just parrot other posts, but this is too important to waste time.  If you have a YAHOO account take note, change your password and identity questions or close it and open a new one. (best option)

Yahoo announced that 1 billion of their accounts were hacked. These accounts are now sold by internet criminals to other bad guys which are going to use this information in a variety of ways. For instance, they will send phishing emails claiming you need to change your Yahoo account, looking just like the real ones. Here is what I suggest you do right away.

• If you do not use your Yahoo account a lot. Close it down because it’s a risk. If you use it every day:
• Open your browser and go to Yahoo. Do not use a link in any email. Reset your password and make it a strong, complex password or rather a pass-phrase.
• If you were using that same password on multiple websites, you need to stop that right now. Using the same password all over the place is an invitation to get hacked. If you did use your Yahoo passwords on other sites, go to those sites and change the password there too. Also change the security questions and make the answer something non-obvious.
• At the house, use a free password manager that can generate hard-to-hack passwords, keep and remember them for you.
• Watch out for any phishing emails that relate to Yahoo in any way and ask for information.
• Now would also be a good time to use Yahoo Account Key, a simple authentication tool that eliminates the need to use a password altogether.

 

Repeated to get the word out from:  http://newsletter.knowbe4.com/a/1022/preview/105/345449/7f81410a6165cd68d60697e95c319548ced801da?message_id=IjE5ODViMDQwLWE4MmItMDEzNC0zMmIxLTE0MDJlYzgzYjg3MEBrbm93YmU0LmNvbSI=

 


  • 0

Anticipating Black Friday Threat Trends 2016

  • We studied attacks reported during the 2015 holiday period and identified new tools, techniques, and procedures (TTPs) that have emerged recently to help anticipate what to expect this year.
  • Targeted threats against shoppers and retailers increase as the volume of shoppers surges during the holiday period.
  • Key attack methods used over the Black Friday holiday period include phishing/smishing/spam, malvertising, pre-installed malware, point-of-sale (POS) malware, service disruption attacks, and account takeovers.
  • Recent advances in threat actor TTPs have included updated POS malware such as FastPOS and increased service disruption potential following the Mirai botnet 1.2TB distributed denial of service (DDoS) attack.
  • Both consumers and retailers can take actions to minmize successful attacks.
  • In addition to strengthening security within the network, retailers can gain awareness into external risks using threat intelligence; for example, a recent Recorded Future analysis shows how analysts can be alerted to fake company websites used in phishing and other attacks.
  • Consumers need to be vigilant with both online and offline transactions and check with your bank on setting up alerts on suspicious transactions, ensure your computer has the latest security updates and anti-malware, and don’t be afraid to ask retailers on the protection measures they have implemented.

Be very suspicious of emails offering deals to good to be true, check the links, are you sure they go to the place you shop or bank?   Be sure and type them in yourself and not just click on it   Look closely and you might be fooled just clicking on something bad.  For example example[.]com can become exanple[.]com.  Do you see what happened, the M was changed to N and would take you to a hostile site to steal your credentials, credit card, or deliver malware.  Typing it yourself helps avoid this optical illusion by making  sure it is correct.

Don’t fall for any odd prompts in your browser to load or change things.

When in doubt call the vendor to confirm what you see is what they are doing.  A little more effort may just save your identity, bank account, or even the data and pictures on your computer or phone.

Happy Thanks Giving and a safe Black Friday and Cyber Monday.