Latest Research!

2023 SaaS Management Index Report

In the 2023 Zylo SaaS Management Index Report, researchers provide data, trends and actionable insights from their database of SaaS spend, license and usage data. The most notable of these findings–a staggering 69% of SaaS spend and 82% of SaaS apps by number are adopted and managed by individuals or business units, not IT.

3 out of 4 Employees Sidestep IT, Bring Their Own Tech

According to a Gartner® Press Release, “by 2027, 75% of employees will acquire, modify, or create technology outside IT's visibility, up from 41% in 2022.” Much of this trend is driven by the accelerated adoption of SaaS applications by business owners without the involvement of IT or cybersecurity teams, especially due to the rise of remote work following the COVID pandemic.

Detecting Risky Behavior with Microsoft and Valence

The Microsoft Azure AD team has been busy building identity protection features and making them available via the Microsoft Graph REST API. Valence has been collaborating with the Azure AD team – helping to bring new capabilities to detect Risky Users and Risky Service Principals into our SaaS security platform.

Valence Security ThreatLabs Alert: Salesforce Risk

Valence Security ThreatLabs Alert: Brian Krebs from Krebs on Security has recently posted that numerous organizations, including banks and healthcare providers, are leaking sensitive info from public Salesforce Community websites due to misconfiguration.

Valence Joins Microsoft for Startups Pegasus Program

Valence Security is thrilled to be part of the Microsoft for Startups Pegasus Program! A big thank you to Microsoft for consistently supporting the startup ecosystem with programs like these.

CircleCI says hackers stole encryption keys and customers’ secrets

CircleCI, a vendor specializing in CI/CD and DevOps tools, confirmed that some customer data was stolen in a data breach last month.

Using SSPM to Start Resolving SaaS Security Issues

SaaS security risks go beyond administrative configurations which current SSPMs focus on.

Offboarding: Don't Forget Third-party Non-human Identities

Offboarding of non-human users must become a top priority for CISOs.

The 2022 Shadow SaaS-to-SaaS Integration Report

Valence Threat Labs researchers asked leading CISOs a variety of questions pertaining to the state of security for SaaS-to-SaaS third-party integrations in their organizations, and their current best practices, then compared their responses to aggregated and anonymized cross-tenant data extracted from the Valence SaaS Mesh Security Platform.

Three Security Take-aways From The LAPSUS$ Breach of Okta

The Most Overlooked Element in Most Organizations' Cybersecurity Strategy

Securing the adoption and use of non-human identities is probably the most overlooked element in most organizations' cybersecurity strategy today.

Valence Security Completes SOC 2 Type II Certification

IBM Cost of a Data Breach Report Confirms the Need to Immediately Remediate Supply Chain Risks

Recently, supply chain attacks leveraging the interconnectivity of SaaS applications have become increasingly lucrative for cyber criminals. As the 2022 IBM Cost of a Data Breach report points out, one in five data breaches this year was caused by a supply chain compromise.

Infographic: Major SaaS Security Breaches 2021-2022

Over the past two years, SaaS adoption has exploded, which has led to an increased frequency and magnitude of SaaS breaches and SaaS supply chain attacks. This infographic shows some of the most destructive recent exploits.

Valence Integrates With Azure AD to Reduce SaaS Supply Chain Risks By Enforcing Zero Trust Principles

Valence Security has integrated with Azure Active Directory to give customers increased visibility and control over their SaaS supply chain risks.

Democratizing SaaS Security Remediation

Democratizing SaaS security remediation workflows is increasingly necessary for modern business needs, and security teams must find ways to adapt - not obstruct - such progress.

The Mailchimp Breach Is Just The Latest Supply Chain Attack

Verizon 2022 DBIR Report: Supply Chain Attacks at Record High

The Verizon 2022 Data Breach Investigation Report (DBIR) noted explosive growth in incidents related to partners and the supply chain.

GitHub and their Customers are the Latest Victims of Supply Chain Attacks 

GitHub announces it had discovered that attackers had stolen OAuth user tokens issued to third-party vendors that were used to download private data repositories from dozens of GitHub customers.

Gartner Emerging Tech Impact Radar Reports

Valence Security mentioned as a SaaS Security Posture Management (SSPM) vendor in Gartner’s latest Emerging Tech Impact Radar: Cloud Native and Security reports.

GitHub Accounts Breached…Again

Over the holiday weekend, the popular messaging app vendor Slack was notified of a breach of their GitHub account.

CircleCI, LastPass, Okta, and Slack: Cyberattackers Pivot to Target Core Enterprise Tool

Dark Reading contributing writer Robert Lemos discusses how threat actors are increasingly focusing on exploiting core enterprise services.

Valence Security is an Innovation Sandbox Finalist

Valence will present its SaaS security solution, which unlocks employee productivity and accelerates safe SaaS adoption, on the first day of this year’s RSA Conference in the annual Innovation Sandbox competition

The Valence 2023 RSA Conference Survival Guide

The RSA Conference is one of the largest and oldest cybersecurity conferences and its easy to get disoriented. Valence provides its 2023 RSA Conference Survival Guide to help you get the most of this awesome event.