The SaaS Application Security Blog

The Latest Microsoft Midnight Blizzard Breach is a Wakeup Call for SaaS Security

Explore Microsoft's recent revelation on the Midnight Blizzard cyber attack, uncovering nation-state tactics, SaaS misconfigurations, and crucial lessons for enhancing your organization's cybersecurity.

Read Now

SaaS-Attacks

SaaS-Configurations

SaaS-Identity-Management

SaaS-Integrations

Combine CrowdStrike Falcon with Valence Security SSPM to Combat Endpoint-to-SaaS Threats

Valence is excited to partner with CrowdStrike, to empower security teams to protect their growing endpoint-to-SaaS risk surface. The integration correlates SaaS security risk signals with CrowdStike’s endpoint security signals to improve overall security posture, threat detection, and incident response processes.

Read Now

Security-Integrations

SaaS-Security-Posture-Management

SaaS-Risks

Minimize the Breach Blast Radius with Valence Security and SentinelOne

SaaS breaches often originate from compromised endpoint devices. Wouldn't it be nice if you could quickly correlate such incidents? By associating the compromised...

Read Now

Security-Integrations

SaaS-Security

Valence Security Is a Proud Participant in the Microsoft Security Copilot Partner Private Preview

Valence Security today announced its participation in the Microsoft Security Copilot Partner Private Preview. Valence Security was selected based on their proven experience with Microsoft Security technologies, willingness to explore and provide feedback on cutting edge functionality, and close relationship with Microsoft.

Read Now

Security-Integrations

SaaS-Security

Five Lessons Learned From the Okta Breach

While breaches remain a common occurrence, there's much to gain from studying them to avert future incidents. In this blog post, we delve deep into the most recent Okta Support Breach, extracting five crucial lessons from it.

Read Now

SaaS-Attacks

SaaS-Identity-Management

SaaS-Integrations

Cloud Security - from IaaS to SaaS, from CNAPP to SSPM

As organizations increasingly migrate to the cloud, the rapid adoption of both SaaS and IaaS solutions has created new challenges. Valence's collaboration with Orca Security addresses these challenges head-on, creating a powerful solution that bridges the gap between cloud and SaaS security posture management.

Read Now

SaaS-Security

SaaS-Security-Posture-Management

SaaS-Risks

Validate Cyber Insurance’s Preferred Security Controls in Your Critical SaaS

The surge in cyber threats and the wealth of available data on cyber posture and incidents pose a unique challenge for the cyber insurance industry. As attacks continue to rise, insurers face the daunting task of assessing and helping their clients mitigate cyber risks efficiently. This blog dives into the role SaaS applications play in cybersecurity.

Read Now

No items found.

What Does Zero Trust Mean for SaaS Security?

You’ve heard a lot about Zero Trust, but did you know that most SaaS applications are well-aligned with Zero Trust Architecture? If you’re planning to start adopting Zero Trust in your organization, SaaS is an ideal place to start. This blog will help you with understand how to apply Zero Trust to SaaS, through the lens of CISA’s Zero Trust Maturity Model.

Read Now

No items found.

Racking up Convenience Debt with SaaS Integrations

SaaS applications and platforms give every user the ability to integrate new third-party vendors. The problem? Most business users don’t understand the level of access they are granting, or if the third-party can be trusted! This blog explores how security teams can get a handle on SaaS integrations.

Read Now

No items found.

SaaS Misconfiguration Misconceptions Debunked

We hear a lot about attackers exploiting vulnerabilities, but did you know that misconfigurations are just as common? In this blog, we delve into the realm of common misconfigurations and provide insights on how to proactively prevent them.

Read Now

SaaS-Configurations

SaaS-Identity-Management

SaaS-Integrations

SaaS Identity and Employees: the Keys to Productivity and Breaches

‍There’s a lot of focus in cybersecurity on vulnerabilities, exploits, and assets. We focus on the data that was stolen, the device that was hacked, or the malware deployed. At the center of all these incidents, however, are identities. This blog delves into identity challenges that are related to the distributed nature of SaaS applications and platforms.

Read Now

No items found.

Salesforce Security Best Practices When Using Named Credentials

Learn SaaS security best practices for implementing named credentials in Salesforce.

Read Now

No items found.

External Data Sharing Is Out Of Control: But Does It Have to Be?

Secure data sharing has historically posed significant challenges for enterprises. This blog delves into the hurdles faced by organizations governing data including legacy methods of data sharing (email attachments, file transfer software and sync & share solutions) as well as modern, cloud-based SaaS methods.

Read Now

No items found.

Exploring the Microsoft Storm-0558 SaaS Breach

On June 16, 2023, a Microsoft 365 customer alerted Microsoft to some anomalous email activity they had detected. Microsoft began investigating and found that an external adversary had compromised the email of 24 other customers as well.

Read Now

SaaS-Attacks

SaaS-Security-Posture-Management

SaaS-Integrations

More SaaS Adoption → More SaaS Breaches

Despite the frequency of breaches, attackers are fairly predictable. They’re opportunists. They’ll go to where valuable data and useful identities live. Today, more than ever, that leads them to SaaS applications.‍ This blog discusses a number of ways SaaS breaches can occur.

Read Now

No items found.

Introducing the Valence 2023 State of SaaS Security Report

The 2023 Valence State of SaaS Security report compiles our perspective on SaaS security, the latest threats, data from dozens of real companies, and finally, our recommendations and predictions for this market.

Read Now

No items found.

How Generative AI Benefits SaaS Security

The Valence AI Assistant can analyze SaaS security risks and help security teams quickly define a remediation plan.

Read Now

No items found.

The Digital Office Moved to SaaS

The digital office has moved and it seems like we’re in a constant state of catching up. The modern organization’s files, schedules, communications, concerns, plans, and goals all live in SaaS applications today. It’s easier than ever to collaborate, but it’s also easier than ever for data to leak.

Read Now

No items found.

2023 SaaS Management Index Report

In the 2023 Zylo SaaS Management Index Report, researchers provide data, trends and actionable insights from their database of SaaS spend, license and usage data. The most notable of these findings–a staggering 69% of SaaS spend and 82% of SaaS apps by number are adopted and managed by individuals or business units, not IT.

Read Now

No items found.

Valence Security ThreatLabs Alert: Salesforce Risk

Valence Security ThreatLabs Alert: Brian Krebs from Krebs on Security has recently posted that numerous organizations, including banks and healthcare providers, are leaking sensitive info from public Salesforce Community websites due to misconfiguration.

Read Now

No items found.

Valence Joins Microsoft for Startups Pegasus Program

Valence Security is thrilled to be part of the Microsoft for Startups Pegasus Program! A big thank you to Microsoft for consistently supporting the startup ecosystem with programs like these.

Read Now

No items found.

3 out of 4 Employees Sidestep IT, Bring Their Own Tech

According to a Gartner® Press Release, “by 2027, 75% of employees will acquire, modify, or create technology outside IT's visibility, up from 41% in 2022.” Much of this trend is driven by the accelerated adoption of SaaS applications by business owners without the involvement of IT or cybersecurity teams, especially due to the rise of remote work following the COVID pandemic.

Read Now

No items found.

Detecting Risky Behavior with Microsoft and Valence

The Microsoft Azure AD team has been busy building identity protection features and making them available via the Microsoft Graph REST API. Valence has been collaborating with the Azure AD team – helping to bring new capabilities to detect Risky Users and Risky Service Principals into our SaaS security platform.

Read Now

No items found.

Valence 2023 RSA Conference Survival Guide

The RSA Conference is one of the largest and oldest cybersecurity conferences and its easy to get disoriented. Valence provides its 2023 RSA Conference Survival Guide to help you get the most of this awesome event.

Read Now

No items found.

Valence Security is an Innovation Sandbox Finalist

Valence will present its SaaS security solution, which unlocks employee productivity and accelerates safe SaaS adoption, on the first day of this year’s RSA Conference in the annual Innovation Sandbox competition

Read Now

No items found.

Cybersecurity Excellence Awards 2023: Valence Brings Home the Gold, Twice Over

For the 2023 Cyber Security Excellence Awards, Valence was awarded GOLD in two categories: Best Cybersecurity Startup and Best Product for SaaS Security Posture Management (SSPM).

Read Now

No items found.

CircleCI Says Hackers Stole Encryption Keys and Customers’ Secrets

CircleCI, a vendor specializing in CI/CD and DevOps tools, confirmed that some customer data was stolen in a data breach last month.

Read Now

SaaS-Configurations

SaaS-Attacks

SaaS-Integrations

CircleCI, LastPass, Okta, and Slack: Cyberattackers Pivot to Target Core Enterprise Tool

Dark Reading contributing writer Robert Lemos discusses how threat actors are increasingly focusing on exploiting core enterprise services.

Read Now

SaaS-Attacks

SaaS-Integrations

GitHub Accounts Breached…Again

Over the holiday weekend, the popular messaging app vendor Slack was notified of a breach of their GitHub account.

Read Now

SaaS-Attacks

SaaS-Identity-Management

SaaS-Integrations

Using SSPM to Start Resolving SaaS Security Issues

SaaS security risks go beyond administrative configurations which current SSPMs focus on.

Read Now

No items found.

Gartner Emerging Tech Impact Radar Reports

Valence Security mentioned as a SaaS Security Posture Management (SSPM) vendor in Gartner’s latest Emerging Tech Impact Radar: Cloud Native and Security reports.

Read Now

No items found.

Announcing Valence’s Series A Round: Introducing Collaborative SaaS Security Risk Mitigation

Valence announces $25M Series A round led by Microsoft’s M12 venture fund and Introduces Its Collaborative SaaS Risk Remediation Platform

Read Now

No items found.

Valence Integrates With Azure AD to Reduce SaaS Supply Chain Risks By Enforcing Zero Trust Principles

Valence Security has integrated with Azure Active Directory to give customers increased visibility and control over their SaaS supply chain risks.

Read Now

No items found.

IBM Cost of a Data Breach Report Confirms the Need to Immediately Remediate Supply Chain Risks

Recently, supply chain attacks leveraging the interconnectivity of SaaS applications have become increasingly lucrative for cyber criminals. As the 2022 IBM Cost of a Data Breach report points out, one in five data breaches this year was caused by a supply chain compromise.

Read Now

No items found.

Infographic: Major SaaS Security Breaches 2021-2022

Over the past two years, SaaS adoption has exploded, which has led to an increased frequency and magnitude of SaaS breaches and SaaS supply chain attacks. This infographic shows some of the most destructive recent exploits.

Read Now

No items found.

The Most Overlooked Element in Most Organizations' Cybersecurity Strategy

Securing the adoption and use of non-human identities is probably the most overlooked element in most organizations' cybersecurity strategy today.

Read Now

No items found.

Verizon 2022 DBIR Report: Supply Chain Attacks at Record High

The Verizon 2022 Data Breach Investigation Report (DBIR) noted explosive growth in incidents related to partners and the supply chain.

Read Now

No items found.

Cyber Week 2022 Presentation by Yoni Shohet (5 Minutes)

Yoni Shohet, CEO and Co-founder of Valence Security spoke at Cyber Week at the end of June at Tel Aviv University – one of the largest, international cybersecurity conferences in Israel.

Read Now

No items found.

Democratizing SaaS Security Remediation

Democratizing SaaS security remediation workflows is increasingly necessary for modern business needs, and security teams must find ways to adapt - not obstruct - such progress.

Read Now

No items found.

Offboarding: Don't Forget Third-party Non-human Identities

Offboarding of non-human users must become a top priority for CISOs.

Read Now

No items found.

GitHub and Their Customers are the Latest Victims of Supply Chain Attacks

GitHub announces it had discovered that attackers had stolen OAuth user tokens issued to third-party vendors that were used to download private data repositories from dozens of GitHub customers.

Read Now

No items found.

The Mailchimp Breach Is Just The Latest Supply Chain Attack

MailChimp, a leading email marketing firm, recently discovered that hackers had gained access to internal customer support and account management tools, which could be used to launch phishing attacks to steal customer data.

Read Now

No items found.

Three Security Take-aways From The LAPSUS$ Breach of Okta

Okta has denied that the hacker group LAPSUS$ breached their service and performed malicious exploits, while LAPSUS$ claims it has gathered significant Okta customer data over the past several months—enough for additional exploits.

Read Now

No items found.

Valence Security Completes SOC 2 Type II Certification

We at Valence Security are extremely pleased to announce that we have successfully completed System and Organization Controls (SOC) 2 Type II certification for our first-of-its-kind platform for securing the SaaS mesh.

Read Now

No items found.

Valence: Illuminating and Securing the Business Application Mesh

Valence defines a new category in the cybersecurity landscape. A critical problem space, necessary market education and potential access to the largest network of cybersecurity advisors cemented our decision to partner with YL Ventures, a leading early-stage cybersecurity VC, to fulfill the unique market opportunity we identified

Read Now

No items found.

SaaS and AI Security Resources

The Latest Microsoft Midnight Blizzard Breach is a Wakeup Call for SaaS Security

Combine CrowdStrike Falcon with Valence Security SSPM to Combat Endpoint-to-SaaS Threats

Minimize the Breach Blast Radius with Valence Security and SentinelOne

Valence Security Is a Proud Participant in the Microsoft Security Copilot Partner Private Preview

Five Lessons Learned From the Okta Breach

Cloud Security - from IaaS to SaaS, from CNAPP to SSPM

Validate Cyber Insurance’s Preferred Security Controls in Your Critical SaaS

What Does Zero Trust Mean for SaaS Security?

Racking up Convenience Debt with SaaS Integrations

SaaS Misconfiguration Misconceptions Debunked

SaaS Identity and Employees: the Keys to Productivity and Breaches

Salesforce Security Best Practices When Using Named Credentials

External Data Sharing Is Out Of Control: But Does It Have to Be?

Exploring the Microsoft Storm-0558 SaaS Breach

More SaaS Adoption → More SaaS Breaches

Introducing the Valence 2023 State of SaaS Security Report

How Generative AI Benefits SaaS Security

The Digital Office Moved to SaaS

2023 SaaS Management Index Report

Valence Security ThreatLabs Alert: Salesforce Risk

Valence Joins Microsoft for Startups Pegasus Program

3 out of 4 Employees Sidestep IT, Bring Their Own Tech

Detecting Risky Behavior with Microsoft and Valence

Valence 2023 RSA Conference Survival Guide

Valence Security is an Innovation Sandbox Finalist

Cybersecurity Excellence Awards 2023: Valence Brings Home the Gold, Twice Over

CircleCI Says Hackers Stole Encryption Keys and Customers’ Secrets

CircleCI, LastPass, Okta, and Slack: Cyberattackers Pivot to Target Core Enterprise Tool

GitHub Accounts Breached…Again

Using SSPM to Start Resolving SaaS Security Issues

Gartner Emerging Tech Impact Radar Reports

Announcing Valence’s Series A Round: Introducing Collaborative SaaS Security Risk Mitigation

Valence Integrates With Azure AD to Reduce SaaS Supply Chain Risks By Enforcing Zero Trust Principles

IBM Cost of a Data Breach Report Confirms the Need to Immediately Remediate Supply Chain Risks

Infographic: Major SaaS Security Breaches 2021-2022

The Most Overlooked Element in Most Organizations' Cybersecurity Strategy

Verizon 2022 DBIR Report: Supply Chain Attacks at Record High

Cyber Week 2022 Presentation by Yoni Shohet (5 Minutes)

Democratizing SaaS Security Remediation

Offboarding: Don't Forget Third-party Non-human Identities

GitHub and Their Customers are the Latest Victims of Supply Chain Attacks

The Mailchimp Breach Is Just The Latest Supply Chain Attack

Three Security Take-aways From The LAPSUS$ Breach of Okta

Valence Security Completes SOC 2 Type II Certification

Valence: Illuminating and Securing the Business Application Mesh