Minimize the Breach Blast Radius with Valence Security and SentinelOne

Anna Sarnek
December 14, 2023
Time icon
xxx
min read
Share
Minimize the Breach Blast Radius with Valence Security and SentinelOne

SaaS breaches often originate from compromised endpoint devices. Wouldn't it be nice if you could quickly correlate such incidents? By associating the compromised device with its users' activities, permissions, and any SaaS misconfigurations, you could gain greater insights into the scope of a breach and understand its potential blast radius.

Today we proudly announce our strategic partnership with SentinelOne, a global leader in AI cybersecurity, securing endpoints, cloud workloads, containers, identities, and mobile and network-connected devices. This partnership helps organizations to enrich threat investigations by correlating user activity across endpoints and SaaS apps, providing holistic endpoint-to-SaaS context. The solution is now available as the first SaaS Security partnership on the Singularity Marketplace!

The impact of integrating endpoint and SaaS security can have is evident in recent incidents like the CircleCI breach. The breach originated from the compromise of a CircleCI engineer's laptop and rapidly spread to their SaaS applications, including GitHub. What makes such attacks particularly dangerous is that they can bypass identity security by stealing valid session tokens from the compromised endpoint user. Detecting such an attack becomes possible only when the compromised device signal is quickly correlated with the user's SaaS permissions, which is precisely what our combined solution offers.

To highlight the potential damage such breaches can do, our 2023 State of SaaS Security Report found that on average there are 54 shared resources on any given SaaS platform (e.g. files, folders, Sharepoint sites) per employee, and 193,000 shared resources per company. Multiply that by the number of employees and endpoint(s) per employee, and suddenly your organization’s exposure risk exponentially increases. 

Valence Security and SentinelOne: holistic endpoint to SaaS context

The new Valence Security and SentinelOne integration combines risk signals from SaaS applications and enterprise endpoint devices. With the combined solution joint customers can detect what compromised users can do in SaaS applications and what recent activities were performed by compromised user accounts.

Enrich threat investigations:
By enriching endpoint device risk signals identified by SentinelOne with risk signals from core SaaS applications such as Salesforce, Microsoft 365, Slack, and GitHub derived from the Valence platform, security teams can assign higher criticality to endpoint vulnerabilities that, for example, are associated with users with admin access to SaaS applications - resulting in a faster containment of a breach if it were to occur.

Analyze the blast radius: 

Correlating threat events that occur at the endpoint with threat events from SaaS applications detected by the Valence platform helps security teams better understand the scope of a speech. As an example, security analysts can discover endpoint user behavior such as critical information access and theft from core SaaS applications to determine the scale of an event.

Automate remediation:

Set up automated remediation workflows triggered through SentinelOne. These workflows respond to endpoint-generated events containing SaaS-related risks associated with identities, integrations, and data access. 

Secure SentinelOne:

SaaS-based cybersecurity platforms host some of the most sensitive organizational data, which can serve as an attack vector to critical assets. The Valence platform analyzes SentinelOne’s management platform, enabling security teams to gain visibility into potential risks and misconfigurations such as unenforced SSO, weak authentication without MFA, over-privileged users, unauthorized third-party integrations, and more.

Learn more about our partnership with SentinelOne!

Download the PDF

Latest Blogs