In just a few clicks, any SaaS app can turn into a company’s go-to system for collaboration, record keeping, CRM, workflow organization, marketing, human resource management, and more. These apps can also act as footholds from which threat actors can pivot into corporate environments and steal critical data.
The rapid adoption of SaaS apps is outpacing the implementation of necessary security measures. The rise in attacks—such as account takeovers and credential leaks—highlights this gap. On the users’ end, the responsibilities include taking a security-first approach to account configuration i.e., continuously monitoring for access risks and emerging threats to their data. But with so many users, so many apps and so much data, it’s easier said than done.
What leaves companies exposed to data breaches and leaks is the lack of clarity, context, and prompt action. Security teams must make a massive effort to research threats, filter the relevant ones, assess the impact of potential attacks, and integrate huge amounts of details such as user permissions and data sharing into their action plan, all of which take time and resources.
This is where threat intelligence becomes the game-changer. Simply put, threat intelligence is actionable data about potential threats. It’s that crucial part of cybersecurity that provides security teams with critical insights into new risks as they emerge and insights that they can act on before it’s too late.
Coping With 24 Billion Leaked Credentials Is Impossible Without Threat Intelligence
One of the main reasons companies need specialized threat intelligence is the sheer volume of threats. While you’re reading this article, 24 billion stolen credentials are circulating on the Darknet. According to Dark Shadows (acquired by ReliaQuest) and Microsoft, there were 4,000 blocked password attacks per second over the past year. These disturbing trends mean that as soon as your employees’ credentials are leaked, you need to act quickly to remove them, or your company is exposed.
In the 2024 breach of Dropbox Sign, attackers exploited lesser-known OAuth vulnerabilities, compromising a service account with elevated privileges, and gaining access to the customer database, including API keys, OAuth tokens, and hashed passwords. This incident underscored the importance of proactive measures to close security gaps before malicious actors can exploit them, once again highlighting the importance of catching leaked credentials and passwords.
Can Multi-Factor Authentication (MFA) be a complete solution? Unfortunately, no. MFA bypass was at the center of numerous SaaS app attacks in recent months such as the attack on Change Healthcare and Snowflake. With billions of credentials floating around the dark web, attackers can easily gain control over accounts where MFA is not configured correctly or enforced at all. The real issue is twofold: First, not all apps and users are configured securely, and second, what’s being targeted are apps that are critical to your business processes or contain sensitive company information. This is why it’s crucial to act quickly. With SaaS-specific threat intelligence, you can respond before attackers access your sensitive assets.
Tailored Threat Intelligence for Your Unique SaaS App Ecosystem
The speed at which threats are identified and mitigated can significantly impact your company’s security posture. With tailored SaaS threat intelligence, threat data is filtered based on its relevance, potential impact, and likelihood of exploitation specific to your company. The purpose of custom SaaS threat intelligence is to provide real-time and contextual alerts that notify you when one of your apps is putting your company at risk.
With real-time alerts, you can respond swiftly to emerging threats, minimizing potential damage. For instance, in 2023, GitHub experienced a security incident where stolen OAuth tokens were used to download data from dozens of companies. This required immediate action from affected users to revoke tokens and secure their accounts. A good SaaS threat intelligence solution not only alerts you when a SaaS app is compromised but also provides you with clear, actionable steps to mitigate the risk.
Wing’s SaaS Threat Intelligence
Wing Security provides prioritized, timely, and contextual threat intelligence as part of its SaaS security solution. Wing’s platform combines curated insights from an expert analyst team with automated contextual analysis of the SaaS environment, blending machine learning with human research. It cross-references incoming intelligence with the company’s SaaS app inventory, offering actionable steps, for example: suspending users, revoking tokens, creating tickets, and even sending push notifications via Slack.
Threat intelligence is just one feature of Wing Security's platform. Wing Security offers a holistic, low-touch SaaS security solution that provides full visibility and control across the SaaS ecosystem. With its comprehensive approach, Wing simplifies SaaS security life-cycle management, ensuring data is secured and configurations are correctly managed for CISOs.
About the Author
Galit Lubetzky is Co-Founder & CEO of Wing Security. A retired Colonel from the elite 8200 Unit, Galit has vast, hands-on experience designing, developing, and deploying some of the Israeli Defense Forces’ most vital defensive and offensive cyber platforms as well as leading large and strategic operations. She was an integral part of developing the IDF’s first cyber capabilities and continued improving and enhancing these capabilities throughout her career. She is the recipient of numerous accolades including the prestigious Israeli Defense Award.
Galit Lubetzky — Co-Founder & CEO of Wing Security https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiwR8MCT0AeMkLiYUxhOInyIOpIBcOaPiEpyAG5dxqi8xyU0wMpHfrPVeh9Ne47yjcTtXgZHYyDsSeSjkQ-_rMk8Hx8am5WOK_kUlVyOieOL4Yhx4wXvVS9tQWXLzG-JclUfXXmzLhz0sXtx4V_B0GwqXGA2idpRNNLhHZIvXa7SYxJ-dSPmQiEO0aYto4/s1600/Galit.png