Security Teams Need Better Insights Into SaaS Supply Chain Risks
Valence Threat Labs Delivers Them
SaaS Breach Analysis
SaaS Threat Reports
Webcasts & Events
Technical Blog Posts
With original research and in-depth analysis of SaaS threats, the labs helps protect organization from risky or overprivileged integrations and contributes to the SaaS security community with original research, advice, and best practices.
In the 2023 Zylo SaaS Management Index Report, researchers provide data, trends and actionable insights from their database of SaaS spend, license and usage data. The most notable of these findings–a staggering 69% of SaaS spend and 82% of SaaS apps by number are adopted and managed by individuals or business units, not IT.
According to a Gartner® Press Release, “by 2027, 75% of employees will acquire, modify, or create technology outside IT's visibility, up from 41% in 2022.” Much of this trend is driven by the accelerated adoption of SaaS applications by business owners without the involvement of IT or cybersecurity teams, especially due to the rise of remote work following the COVID pandemic.
The Microsoft Azure AD team has been busy building identity protection features and making them available via the Microsoft Graph REST API. Valence has been collaborating with the Azure AD team – helping to bring new capabilities to detect Risky Users and Risky Service Principals into our SaaS security platform.
Valence Security ThreatLabs Alert: Brian Krebs from Krebs on Security has recently posted that numerous organizations, including banks and healthcare providers, are leaking sensitive info from public Salesforce Community websites due to misconfiguration.
Valence Threat Labs researchers asked leading CISOs a variety of questions pertaining to the state of security for SaaS-to-SaaS third-party integrations in their organizations, and their current best practices, then compared their responses to aggregated and anonymized cross-tenant data extracted from the Valence SaaS Mesh Security Platform.
Recently, supply chain attacks leveraging the interconnectivity of SaaS applications have become increasingly lucrative for cyber criminals. As the 2022 IBM Cost of a Data Breach report points out, one in five data breaches this year was caused by a supply chain compromise.
Yoni Shohet, Valence Security CEO and co-founder, discusses the results of their recent survey of CISOs on the state of SaaS-to-SaaS third-party integrations and current security best practices and the resulting 2022 Shadow SaaS-to-SaaS Integration Report.
In this 40 minute on-demand webcast, Ryan Gurney (YL Ventures), Demi Ben-Ari (Panorays), Sounil Yu (JupiterOne) and Yoni Shohet (Valence Security) discuss Valence's latest Shadow SaaS-to-SaaS Integration Report and its repercussions for CISOs' SaaS security strategies.
Digital transformation and the democratization of IT has resulted in the rapid proliferation of unsanctioned integrations that place business critical SaaS apps at risk. This paper provides insights into what security teams should know about this challenge.
Valence Security is now a member of the Microsoft Intelligent Security Association (MISA), an ecosystem of independent software vendors and managed security service providers that have integrated their solutions with Microsoft's security technology to better defend against a world of increasing threats.