Threat Labs: discovers, analyzes, and designs defenses against latest SaaS Security risks

Introducing the Valence 2023 State of SaaS Security Report

The 2023 Valence State of SaaS Security report compiles our perspective on SaaS security, the latest threats, data from dozens of real companies, and finally, our recommendations and predictions for this market.

Secure SaaS to SaaS Supply chain Today | Valence security

More SaaS Adoption → More SaaS Breaches

Despite the frequency of breaches, attackers are fairly predictable. They’re opportunists. They’ll go to where valuable data and useful identities live. Today, more than ever, that leads them to SaaS applications.‍ This blog discusses a number of ways SaaS breaches can occur.

3 out of 4 Employees Sidestep IT, Bring Their Own Tech

According to a Gartner® Press Release, “by 2027, 75% of employees will acquire, modify, or create technology outside IT's visibility, up from 41% in 2022.” Much of this trend is driven by the accelerated adoption of SaaS applications by business owners without the involvement of IT or cybersecurity teams, especially due to the rise of remote work following the COVID pandemic.

How Generative AI Benefits SaaS Security

The Valence AI Assistant can analyze SaaS security risks and help security teams quickly define a remediation plan.

The Digital Office Moved to SaaS

The digital office has moved and it seems like we’re in a constant state of catching up. The modern organization’s files, schedules, communications, concerns, plans, and goals all live in SaaS applications today. It’s easier than ever to collaborate, but it’s also easier than ever for data to leak.

Valence Security ThreatLabs Alert: Salesforce Risk

Valence Security ThreatLabs Alert: Brian Krebs from Krebs on Security has recently posted that numerous organizations, including banks and healthcare providers, are leaking sensitive info from public Salesforce Community websites due to misconfiguration.

Detecting Risky Behavior with Microsoft and Valence

The Microsoft Azure AD team has been busy building identity protection features and making them available via the Microsoft Graph REST API. Valence has been collaborating with the Azure AD team – helping to bring new capabilities to detect Risky Users and Risky Service Principals into our SaaS security platform.

Valence Joins Microsoft for Startups Pegasus Program

Valence Security is thrilled to be part of the Microsoft for Startups Pegasus Program! A big thank you to Microsoft for consistently supporting the startup ecosystem with programs like these.

Exploring the Microsoft Storm-0558 SaaS Breach

On June 16, 2023, a Microsoft 365 customer alerted Microsoft to some anomalous email activity they had detected. Microsoft began investigating and found that an external adversary had compromised the email of 24 other customers as well.

External Data Sharing Is Out Of Control: But Does It Have to Be?

Secure data sharing has historically posed significant challenges for enterprises. This blog delves into the hurdles faced by organizations governing data including legacy methods of data sharing (email attachments, file transfer software and sync & share solutions) as well as modern, cloud-based SaaS methods.

Salesforce Best Practices When Using Named Credentials

Learn SaaS security best practices for implementing named credentials in Salesforce.

SaaS Identity and Employees: the Keys to Productivity and Breaches

‍There’s a lot of focus in cybersecurity on vulnerabilities, exploits, and assets. We focus on the data that was stolen, the device that was hacked, or the malware deployed. At the center of all these incidents, however, are identities. This blog delves into identity challenges that are related to the distributed nature of SaaS applications and platforms.

SaaS Misconfiguration Misconceptions Debunked

We hear a lot about attackers exploiting vulnerabilities, but did you know that misconfigurations are just as common? In this blog, we delve into the realm of common misconfigurations and provide insights on how to proactively prevent them.

Racking up Convenience Debt with SaaS Integrations

SaaS applications and platforms give every user the ability to integrate new third-party vendors. The problem? Most business users don’t understand the level of access they are granting, or if the third-party can be trusted! This blog explores how security teams can get a handle on SaaS integrations.

What does Zero Trust mean for SaaS Security?

You’ve heard a lot about Zero Trust, but did you know that most SaaS applications are well-aligned with Zero Trust Architecture? If you’re planning to start adopting Zero Trust in your organization, SaaS is an ideal place to start. This blog will help you with understand how to apply Zero Trust to SaaS, through the lens of CISA’s Zero Trust Maturity Model.

CircleCI says hackers stole encryption keys and customers’ secrets

CircleCI, a vendor specializing in CI/CD and DevOps tools, confirmed that some customer data was stolen in a data breach last month.

Using SSPM to Start Resolving SaaS Security Issues

SaaS security risks go beyond administrative configurations which current SSPMs focus on.

Offboarding: Don't Forget Third-party Non-human Identities

Offboarding of non-human users must become a top priority for CISOs.

Three Security Take-aways From The LAPSUS$ Breach of Okta

Okta has denied that the hacker group LAPSUS$ breached their service and performed malicious exploits, while LAPSUS$ claims it has gathered significant Okta customer data over the past several months—enough for additional exploits.

The 2022 Shadow SaaS-to-SaaS Integration Report

Valence Threat Labs researchers asked leading CISOs a variety of questions pertaining to the state of security for SaaS-to-SaaS third-party integrations in their organizations, and their current best practices, then compared their responses to aggregated and anonymized cross-tenant data extracted from the Valence SaaS Mesh Security Platform.

Verizon 2022 DBIR Report: Supply Chain Attacks at Record High

The Verizon 2022 Data Breach Investigation Report (DBIR) noted explosive growth in incidents related to partners and the supply chain.

Infographic: Major SaaS Security Breaches 2021-2022

Over the past two years, SaaS adoption has exploded, which has led to an increased frequency and magnitude of SaaS breaches and SaaS supply chain attacks. This infographic shows some of the most destructive recent exploits.

2023 SaaS Management Index Report

In the 2023 Zylo SaaS Management Index Report, researchers provide data, trends and actionable insights from their database of SaaS spend, license and usage data. The most notable of these findings–a staggering 69% of SaaS spend and 82% of SaaS apps by number are adopted and managed by individuals or business units, not IT.

The Most Overlooked Element in Most Organizations' Cybersecurity Strategy

Securing the adoption and use of non-human identities is probably the most overlooked element in most organizations' cybersecurity strategy today.

GitHub Accounts Breached…Again

Over the holiday weekend, the popular messaging app vendor Slack was notified of a breach of their GitHub account.

Valence Security is an Innovation Sandbox Finalist

Valence will present its SaaS security solution, which unlocks employee productivity and accelerates safe SaaS adoption, on the first day of this year’s RSA Conference in the annual Innovation Sandbox competition

Democratizing SaaS Security Remediation

Democratizing SaaS security remediation workflows is increasingly necessary for modern business needs, and security teams must find ways to adapt - not obstruct - such progress.

Valence Security Completes SOC 2 Type II Certification

We at Valence Security are extremely pleased to announce that we have successfully completed System and Organization Controls (SOC) 2 Type II certification for our first-of-its-kind platform for securing the SaaS mesh.

GitHub and their Customers are the Latest Victims of Supply Chain Attacks

GitHub announces it had discovered that attackers had stolen OAuth user tokens issued to third-party vendors that were used to download private data repositories from dozens of GitHub customers.

CircleCI, LastPass, Okta, and Slack: Cyberattackers Pivot to Target Core Enterprise Tool

Dark Reading contributing writer Robert Lemos discusses how threat actors are increasingly focusing on exploiting core enterprise services.

The Mailchimp Breach Is Just The Latest Supply Chain Attack

MailChimp, a leading email marketing firm, recently discovered that hackers had gained access to internal customer support and account management tools, which could be used to launch phishing attacks to steal customer data.

Valence Integrates With Azure AD to Reduce SaaS Supply Chain Risks By Enforcing Zero Trust Principles

Valence Security has integrated with Azure Active Directory to give customers increased visibility and control over their SaaS supply chain risks.

IBM Cost of a Data Breach Report Confirms the Need to Immediately Remediate Supply Chain Risks

Recently, supply chain attacks leveraging the interconnectivity of SaaS applications have become increasingly lucrative for cyber criminals. As the 2022 IBM Cost of a Data Breach report points out, one in five data breaches this year was caused by a supply chain compromise.

The Valence 2023 RSA Conference Survival Guide

The RSA Conference is one of the largest and oldest cybersecurity conferences and its easy to get disoriented. Valence provides its 2023 RSA Conference Survival Guide to help you get the most of this awesome event.

Gartner Emerging Tech Impact Radar Reports

Valence Security mentioned as a SaaS Security Posture Management (SSPM) vendor in Gartner’s latest Emerging Tech Impact Radar: Cloud Native and Security reports.

Two Steps Forward for SaaS Adoption, One Step Back for SaaS Security

Watch Anna Sarnek's GoSec23 session, Two Steps Forward for SaaS Adoption, One Step Back for SaaS Security, on-demand. The presentation covers the complexity of today's SaaS Security landscape and the crucial steps you need to implement to reduce your cyber risk.

Creating a New Category in Security

How did Valence Security get started? Watch the Hub-scale podcast interview with Valence Security founder Yoni Shohet as they discuss how to carve out a new cybersecurity category, why SaaS security is important for customers, and more.

SaaS to SaaS Mesh, Shadow Integrations and Generative AI

Does your SaaS supply chain security awareness include shadow integrations? Learn about the SaaS-to-SaaS mesh and SaaS security posture management.

SaaS Security Challenges

Evgeniy Kharam, host of the Cyber Inspiration podcast, interviews Valence Security CEO and Co-founder Yoni Shohet on Valence and the challenges of SaaS security.

Leveraging Big Data to Measure Cyber Risk

5 cybersecurity professionals discuss how to apply big data solutions to help companies understand their risk, procure the right cyber insurance and minimize financial risk.

Remediate 3rd Party SaaS Risks

In this latest episode of Sales Bluebird, Yoni Shohet, our co-founder and CEO he goes into SaaS security concerns for organizations and sales challenges faced by salespeople

On-Demand Webcast: Collaborative SaaS Security Remediation

Yoni Shohet, CEO of Valence Security and Doug Graham, Chief Trust Officer of Lionbridge discuss the launch of the expanded Valence Collaborative SaaS Security Remediation Platform.

On-Demand Webcast – SaaS Security Insights for CISOs

In this 40 minute on-demand webcast, Ryan Gurney (YL Ventures), Demi Ben-Ari (Panorays), Sounil Yu (JupiterOne) and Yoni Shohet (Valence Security) discuss Valence's latest Shadow SaaS-to-SaaS Integration Report and its repercussions for CISOs' SaaS security strategies.

Valence Security in 3-Minutes: RSAC 2023 Innovation Sandbox Pitch

At the RSA Conference 2023 Innovation Sandbox competition, Valence Security CEO and CO-Founder Yoni Shohet presented a 3-minute overview of Valence Security entitled: "Removing the Mess From Your SaaS Mesh"

Remediating the Risks That Enable SaaS Supply Chain Attacks

Ron Gerber, CEO of Angelbeat, Interviews Yoni Shohet, CEO and Co-founder of Valence Security on the need to mitigate the risks that enable SaaS supply chain attacks during this 17 minute fireside chat.

TechStrongTV: API Integration Security

Yoni Shohet, Valence Security CEO and co-founder, discusses the results of their recent survey of CISOs on the state of SaaS-to-SaaS third-party integrations and current security best practices and the resulting 2022 Shadow SaaS-to-SaaS Integration Report.

Securing the Modern Mesh of Third-Party API Integrations

Our CEO, Yoni Shohet, gave a virtual presentation on ‘Securing the Modern Mesh of Third-Party API Integrations’ at the SANS Institute CloudSecNext Summit 2022!

Supply Chain API Attacks and the Origins of Valence Security

Yoni Shohet, CEO and Co-founder of Valence Security speaks with Andy Ellis, a highly respected security professional and currently Operating Partner at YL Ventures, on the main stage at the Cybertech 2022 event in Tel Aviv

Redefining Cybersecurity - Cybertech 2022 Panel

Yoni Shohet, CEO of Valence, participated in a panel discussion with two fellow Israeli cybersecurity entrepreneurs, Lior Yaari - CEO and Co-founder of Grip Security, and Liat Hayun - CEO and Co-founder of Eureka Security, where they each discussed our unique approaches to addressing urgent security challenges arising from the decentralization of the workplace.

On-Demand Webcast–Mitigating Third-party Integration Risks

Yoni Shohet, CEO of Valence, co-hosted a fascinating online discussion entitled, Managing SaaS-to-SaaS: How CISOs Can Mitigate Third-party Integration Risks, with two close colleagues and highly experienced CISOs

Interview With Sounil Yu, CISO & Head of Research at JupiterOne

At Cybertech Tel Aviv 2022 I chatted with Sounil Yu, CISO and Head of Research at JupiterOne, and author of the recently published “Cyber Defense Matrix: The Essential Guide to Navigating the Cybersecurity Landscape.”

Whitepaper: Contextualizing Supply Chain Risks in a SaaS Environment

This whitepaper provides insights into how security teams can contextualize SaaS supply chain risks.

Whitepaper: Contextualizing Supply Chain Risks in a SaaS Environment

This whitepaper provides insights into how security teams can contextualize SaaS supply chain risks.

2023 SaaS Security Trends & Insights

The 2023 SaaS Security Trends & Insights infographic details some of the more notable trends and challenges related to third-party SaaS applications, OAuth integrations, external data sharing and unmanaged identities.

2023 SaaS Security Trends & Insights

The 2023 Valence State of SaaS Security Report

The 2023 State of SaaS Security Report takes us through the rise of SaaS, to SaaS-based attacks, our own insights from our customers, and finally to our recommendations and predictions about where SaaS security is going.

The 2023 Valence State of SaaS Security Report

2022 Shadow SaaS-to-SaaS Integration Report

This 2022 SaaS security rreport covers key trends and challenges organizations face when trying to gain visibility and control over the growing and fast-changing world of SaaS-to-SaaS third-party integrations – known as the SaaS mesh.

2022 Shadow SaaS-to-SaaS Integration Report

The SaaS-to-SaaS Supply Chain Threat Landscape

Digital transformation and the democratization of IT has resulted in the rapid proliferation of unsanctioned integrations that place business critical SaaS apps at risk. This paper provides insights into what security teams should know about this challenge.

The SaaS-to-SaaS Supply Chain Threat Landscape

Valence Announces MISA Membership

Valence Security is now a member of the Microsoft Intelligent Security Association (MISA), an ecosystem of independent software vendors and managed security service providers that have integrated their solutions with Microsoft's security technology to better defend against a world of increasing threats.

Valence Selected as 2023 SC Awards Finalists

SC Media announces that Valence Security is one of the 5 2023 SC Award Finalists for Most Promising Early-Stage Start Up.

The SaaS-to-SaaS supply chain is a wild, wild mess

Security teams cannot continue to ignore the pitfalls and challenges of this wild, wild mess of SaaS-to-SaaS supply chains

Quantifying the SaaS Supply Chain and Its Risks

Organizations do not have good visibility into all the software-as-a-service applications that connect to and access data stored in core business.

VentureBeat–With threats like Lapsus, security playbooks ‘go out the window’

VentureBeat Article: Lapsus$ has been responsible for a string of confirmed breaches over the past month, including against Nvidia, Samsung, Microsoft and a third-party Okta support provider.

Latest Research!

2023 State of SaaS Security ReportUnderstanding SaaS Risks

Valence Threat Labs discovers, analyzes, and designs defenses against the latest SaaS security risks from misconfigurations, data sharing, identities and integrations.

Introducing the Valence 2023 State of SaaS Security Report

More SaaS Adoption → More SaaS Breaches

3 out of 4 Employees Sidestep IT, Bring Their Own Tech

How Generative AI Benefits SaaS Security

The Digital Office Moved to SaaS

Valence Security ThreatLabs Alert: Salesforce Risk

Detecting Risky Behavior with Microsoft and Valence

Valence Joins Microsoft for Startups Pegasus Program

Exploring the Microsoft Storm-0558 SaaS Breach

External Data Sharing Is Out Of Control: But Does It Have to Be?

Salesforce Best Practices When Using Named Credentials

SaaS Identity and Employees: the Keys to Productivity and Breaches

SaaS Misconfiguration Misconceptions Debunked

Racking up Convenience Debt with SaaS Integrations

What does Zero Trust mean for SaaS Security?

CircleCI says hackers stole encryption keys and customers’ secrets

Using SSPM to Start Resolving SaaS Security Issues

Offboarding: Don't Forget Third-party Non-human Identities

Three Security Take-aways From The LAPSUS$ Breach of Okta

The 2022 Shadow SaaS-to-SaaS Integration Report

Verizon 2022 DBIR Report: Supply Chain Attacks at Record High

Infographic: Major SaaS Security Breaches 2021-2022

2023 SaaS Management Index Report

The Most Overlooked Element in Most Organizations' Cybersecurity Strategy

GitHub Accounts Breached…Again

Valence Security is an Innovation Sandbox Finalist

Democratizing SaaS Security Remediation

Valence Security Completes SOC 2 Type II Certification

GitHub and their Customers are the Latest Victims of Supply Chain Attacks

CircleCI, LastPass, Okta, and Slack: Cyberattackers Pivot to Target Core Enterprise Tool

The Mailchimp Breach Is Just The Latest Supply Chain Attack

Valence Integrates With Azure AD to Reduce SaaS Supply Chain Risks By Enforcing Zero Trust Principles

IBM Cost of a Data Breach Report Confirms the Need to Immediately Remediate Supply Chain Risks

The Valence 2023 RSA Conference Survival Guide

Gartner Emerging Tech Impact Radar Reports

Two Steps Forward for SaaS Adoption, One Step Back for SaaS Security

Creating a New Category in Security

SaaS to SaaS Mesh, Shadow Integrations and Generative AI

SaaS Security Challenges

Leveraging Big Data to Measure Cyber Risk

Remediate 3rd Party SaaS Risks

On-Demand Webcast: Collaborative SaaS Security Remediation

On-Demand Webcast – SaaS Security Insights for CISOs

Valence Security in 3-Minutes: RSAC 2023 Innovation Sandbox Pitch

Remediating the Risks That Enable SaaS Supply Chain Attacks

TechStrongTV: API Integration Security

Securing the Modern Mesh of Third-Party API Integrations

Supply Chain API Attacks and the Origins of Valence Security

Redefining Cybersecurity - Cybertech 2022 Panel

On-Demand Webcast–Mitigating Third-party Integration Risks

Interview With Sounil Yu, CISO & Head of Research at JupiterOne

Whitepaper: Contextualizing Supply Chain Risks in a SaaS Environment

Whitepaper: Contextualizing Supply Chain Risks in a SaaS Environment

2023 SaaS Security Trends & Insights

2023 SaaS Security Trends & Insights

The 2023 Valence State of SaaS Security Report

The 2023 Valence State of SaaS Security Report

2022 Shadow SaaS-to-SaaS Integration Report

2022 Shadow SaaS-to-SaaS Integration Report

The SaaS-to-SaaS Supply Chain Threat Landscape

The SaaS-to-SaaS Supply Chain Threat Landscape

Valence Announces MISA Membership

Valence Selected as 2023 SC Awards Finalists

The SaaS-to-SaaS supply chain is a wild, wild mess

Quantifying the SaaS Supply Chain and Its Risks

VentureBeat–With threats like Lapsus, security playbooks ‘go out the window’

Sign up to get our latest news and updates

Assess Your SaaS Security Risks

2023 State of SaaS Security Report
Understanding SaaS Risks