Feature Update

Subscribe to all Changelog posts via RSS to stay updated on everything we ship at Nudge Security.

Nudge Security enables you to scale your SaaS security and governance efforts by nudging users through Slack or email. We’ve made several improvements to make it easier for you to re-nudge users who haven’t responded yet. Now, you can:

‍

  • Re-nudge manually from the Nudge History page
  • Customize automated re-nudging settings, including how many times to re-nudge and how long to wait between nudges
  • Re-nudge directly from playbooks, either in bulk or to individual users

‍

Nudge Security enables you to engage your workforce at scale by nudging users through Slack or email with just-in-time interventions that can be sent through playbooks, automated rules, or manually. Now, Nudge Security will automatically send a second nudge if a user doesn’t respond within three days. Users have 30 days to respond before the nudge expires.

‍

You can keep track of nudges, follow-up nudges, and responses within Nudge History, where you can filter apps by nudge type, response status, date range, app, or user. You can see each app’s Nudge History within its App Overview, or check out your global Nudge History under Notifications > Nudge History within the lefthand navigation.

‍

Nudge Security has released new API endpoints to help you search and retrieve security posture findings for Google Workspace and Microsoft 365. Now, you can use Nudge Security’s API to report on findings or ingest security posture data into your SIEM or SOAR tool to correlate events and accelerate incident response. 

‍

See our API documentation for more information on the new endpoints

‍

Nudge Security delivers a risk score for each OAuth grant in your environment to help you prioritize and manage OAuth risks at scale. Previously, risk scores were based on the permissiveness of each grant’s scopes. 

‍

Now, Nudge Security has updated these risk scores to account for our recently-added OAuth risk insights, which highlight signals such as popularity, trust signals from vendors, and indicators of potential phishing. For example, a grant with an unusually high level of access may have a lower risk score if the grant was created by Google or Microsoft or has passed a security review. In contrast, a grant may have a high risk score despite more limited access if Nudge Security detects malicious domains or potentially deceptive practices within an app’s registration information.

‍

Nudge Security provides an AI Usage dashboard summarizing AI apps and usage trends across your organization, which includes AI tools users sign up for using SSO, username and password, and OAuth. 

‍

Now, we’ve added a list of integrations associated with AI tools to the AI Usage dashboard, making it easier to surface OAuth risk insights for these integrations and discover opportunities to revoke OAuth grants for AI tools automatically.

‍

For each app in Nudge Security, customers are able to set an Approval Status of In Review, Approved, Acceptable, or Not Permitted. These statuses can be used to determine which apps appear in an employee-facing App Directory. 

‍

Now, Nudge Security has added Approval Status as an available trigger for notification rules. For example, customers can create a rule to alert them if an employee creates an account with an Unapproved app, or automatically nudge the user to delete their account. New notification rules can be created by going to Notifications > Rules from the left menu bar and clicking “Create new rule.”

‍

We’ve released new filters to help you view and prioritize OAuth grants based on OAuth risk insights from Nudge Security. You can sort and filter your organization’s OAuth grants based on insight into an app’s popularity, configuration choices, vendor trust signals, use of restricted or sensitive scopes, and indicators of deceptive practices. 

‍

We’ve added new filtering options for accounts and OAuth grants within Nudge Security to help you manage your organization's SaaS estate.

‍

Now, you can filter accounts by MFA status to surface and prioritize enrollment gaps. You can also filter accounts and OAuth grants based on categories such as organizational unit, department, division, location, and cost center, which are fields set within Google Workspace or Microsoft 365.

‍

Nudge Security has released new SaaS spend data and cost optimization insights to help security and IT teams drive smarter, more efficient SaaS investment decisions and surface opportunities to optimize SaaS spend.

‍

To help organizations take advantage of new spend data, Nudge Security has released a Spend dashboard highlighting SaaS expenses that may be unnecessary or redundant. With this new dashboard, customers can:

‍

  • Spot inactive or abandoned accounts associated with paid apps.
  • Discover similar apps that may be redundant and assessing overlapping usage.
  • Track upcoming renewal dates alongside up-to-date app usage information.
  • Flag spend associated with AWS accounts that fall outside of your central AWS Organization.
  • Identify and rationalize paid apps with single users that may have slipped under the radar in credit card statements.
  • Detect paid accounts associated with unapproved apps.

‍

We’ve enhanced Nudge Security’s ability to detect and assess potential security risks associated with OAuth grants with new OAuth risk insights to help accelerate OAuth investigations into suspicious, misleading, or malicious grants.

‍

Now, customers can quickly and easily identify the use of restricted or sensitive scopes, detect suspicious domains and email activities, assess vendor trust signals, and understand an app’s popularity both within their own organization and across other environments.

‍

From food delivery to media apps, not every tool your employees use at work requires the same level of oversight. Now, Nudge Security admins can choose to ignore any app and its associated accounts from view as they work in Nudge Security.

‍

Nudge Security will exclude ignored apps from your Progress dashboard results, your total counts of apps and accounts on the Overview dashboard, and total counts on your Apps and Accounts pages. These changes will make it easier to focus on your most important apps. 

‍

Ignored apps will still trigger notification rules, including breach alerts, and you’ll still be able to view the app’s health status and breach notifications on the Overview dashboard. They will also remain included in your Attack Surface overview, App Directory, and all playbooks. 

‍

Nudge Security has updated our filters to make them more intuitive and user-friendly. As part of that effort, we’ve added a new filter that makes it possible to view your organization’s apps by the number of accounts. Now, you can use the new filter to see all apps with more accounts than a number you choose, or fewer.

‍

For example, let’s say you’ve offboarded all users associated with an app and have zero remaining accounts. You can use the new filter to view only apps with greater than zero accounts. Alternatively, you can prioritize low-adoption apps by filtering to see only apps with fewer than 5 associated accounts.

‍

We’ve enhanced our search results to make it easier to find and interpret information about the SaaS apps your employees are using. Now, search results from Nudge Security’s main dashboard are clearly organized by type, including apps, accounts, resources, and OAuth grants.

‍

We recently revamped our SaaS events record to provide additional context, including associated resources, and to make it even easier to search and filter events by event type, time range, or user. This applies to the Events tab for SaaS apps and SaaS accounts.

‍

Each SaaS app has its own events record where you can search and filter activities for all users of that app. For example, you could review a timeline of user account creation events within an app.  Additionally, each SaaS account has its own event record, so you can review activities associated with an individual user account, such as password reset or MFA disablement events.

‍

Now that SaaS resources are associated with their relevant events and searchable, we’ve also retired the all-purpose Resources tab from the primary navigation.

‍

We’ve enhanced our ability to collect information about app usage from employees by updating an existing nudge. We’ve added more relevant response options to the “Request clarification of use” nudge, and we’re storing employees’ answers in a more actionable format. 

‍

Now, you can send a nudge to the technical owner of an app asking them to specify whether an application is fully adopted, under evaluation, just an experiment, or for personal use only. Optionally, the employee can also add a text response and select whether the application will handle corporate, customer, employee, or financial data. These responses populate fields labeled “Lifecycle stage” and “Data type,” which can be used to filter the Apps view. 

‍

Nudge Security streamlines the process of onboarding applications to SSO through playbooks for Azure AD and Okta onboarding. Within both playbooks, we’ve added filters to help you prioritize applications that support SSO. 

‍

We’ve also made it easier to target applications for Okta onboarding based on the specific authentication types they support. You can filter by supported authentication types, including SAML, SCIM, SWA, and OIDC.

‍

Nudge Security has enhanced our SaaS discovery engine with support for Google Single Sign-On (SSO). This update enables our system to recognize and analyze the use of Google SSO in authenticating user accounts. Now we can provide deeper insights into authentication patterns, improving security and compliance across your SaaS applications by offering detailed visibility into how Google SSO is employed in your environment. 

‍

Nudge Security has introduced the ability to multi-select filter options. Now, you can choose more than one option in each filter category, making it easier to find what you need with filters. For example, you can use filters to see all apps with approval statuses of Approved, Acceptable, and In Review, rather than looking at one of these approval statuses at a time. 

‍

‍

Nudge Security offers a variety of nudges to help you communicate with your employees. For example, you can send nudges prompting users to enable MFA, accept your generative AI usage policy, or delete an account, among other options.

‍

Now, you can customize the language in these nudges to suit your organization. You can edit the subject line and body copy for each nudge template and use variables to insert context-specific copy. Nudge customization options can be found within Settings. 

‍

Nudge Security designates a technical contact for every app in your environment. This should be someone with administrative privileges within the app who can serve as the point-person for all questions and requests related to the technical aspects of managing that app, including access controls. While the first user of an app can often fill that role, employee turnover and team changes can sometimes make it challenging to figure out who to turn to for help with tasks like onboarding or offboarding users.

‍

Now, we’ve introduced a new nudge to help you find and validate the right technical contact for an app. With this nudge, you can send an email or Slack message to the person currently designated as an app's technical contact asking them to confirm whether or not they’re the right person for that role. If they aren’t the right contact, they’ll have the opportunity to identify the right contact, helping you keep this information up to date.

‍

We’ve enhanced Nudge Security’s OAuth management functionality with the ability to take bulk actions to audit and revoke OAuth grants. Now, you can multi-select any Google and Microsoft OAuth grants and choose to either auto-revoke them or send a nudge to the employees who created the OAuth grants asking them to review whether or not they are still needed.

‍

If a user selects the nudge response indicating that they’re still using the application, Nudge Security will simply record their response under Nudge History. If a user replies that the grant is no longer needed, the grant will be revoked automatically.

‍

We've added a new filter to help you view your employees' accounts by authentication type to see how they're accessing different apps. For example, you might want to look at all accounts created with a username and password, meaning the logins aren't unmanaged by your organization. You can also filter by authentication methods such as Okta, Azure, Google Workspace, Slack, Office, and Github.

‍

We’ve added new filters to help you navigate the OAuth grants in use at your organization. Now, you can filter grants by authorizing application, type, risk, permissions, user account status, admin privileges, or OAuth grant status. For example, you can use filters to quickly find high-risk OAuth grants, or OAuth grants from suspended or disabled users.

‍

‍

We’ve added a custom field to nudges, allowing you to send a note to your employees any time you send a nudge. This allows you to add any contextual information that might help your users with a specific nudge.

‍

You may have specific employees who you want to opt out of receiving nudges, such as senior executives or contractors. 

‍

We’ve introduced a way to make sure these users won’t receive nudges going forward. Under Organization Settings, you can create a list of users to opt out of nudges. Take a look in the interactive demo below.

‍

‍

Certain playbooks in Nudge Security may send more than one nudge to the same employee. For example, when you run the playbook to remove abandoned accounts, some employees might have accounts with several of the apps you choose to audit. Previously, they would receive a nudge for each application. 

‍

Now, when the same nudge applies to multiple apps, we’ll consolidate them into one Slack message or email to help cut down on notifications for your employees. The interactive demo below will show you what your users will see in either situation.

‍

We've improved the information we provide for each application account by adding more detail around the authentication methods used by the application. For each account, we are adding insights about which authentication methods are used, the last activity, and the MFA status for each of them. The authentication methods include accounts being accessed via SSO providers like Okta or Azure AD, and Oauth (such as sign-on with Google or Microsoft), as well as accounts created via username and password. We’ve also added the ability to filter accounts by authentication type.

‍

We’ve added three new ways for you to customize the nudges you send to your employees. Now, you have the option to:

  1. Add your company’s logo to the header of nudges sent through email.
  2. Specify the nudge sender for Slack and email nudges.
  3. Add a custom footer to nudges sent through email or Slack.

‍

Nudge Security has added a new filter enabling you to filter apps by technical contact. Now, you can see a list of all applications assigned to a particular technical contact and, if needed, edit them in bulk to reassign them.

‍

‍

We’ve enhanced our playbook for employee offboarding with the ability to have multiple active playbooks in progress at the same time. Now, you can start the playbook for one departing employee, save your progress, start one or more others, and go back and forth between them.

‍

‍

Now, you can more easily update statuses or add context to your applications within Nudge Security by selecting and editing multiple apps at once. From the App view, you can bulk edit fields like an application’s labels, category, technical contact, approval status, and compliance scope, among others.

‍

Nudge Security provides a variety of editable fields for each application and account in your environment, such as approval status, compliance scope, and SSO provider. Now, we’ve made it easier for you to understand how and when these fields are modified over time. 

‍

Any time a field update occurs, Nudge Security tracks when it happened and which user or automated process initiated it. You can view a timestamped list of each field’s history to understand when changes have occurred and who made them.

‍

We’ve added a new chart showing the rate of adoption for each of your organization’s applications, helping you understand how and when an app has gained traction among your employees. Visualize how your users have adopted an app over time by filtering the chart to see how many users have been added in the last day, week, month, year, or all-time.

‍

We’ve added the ability to export user group data with the addition of an “Export CSV” button on the Groups page. Now, you can download a CSV file containing all of your organization’s groups and each one’s primary email, number of members, number of accounts, and risk score, as well as permissions to join, read messages, and manage members.

‍

We’ve added a new nudge to help you verify whether OAuth grants for Google Workspace or Microsoft 365 are still in use before revoking them, so you can avoid any potential business disruption. When you nudge a user about an OAuth grant you hope to revoke, your user will receive an email or Slack message asking them to confirm whether they’re still using the integration. Once the user confirms that the integration is no longer in use, the OAuth grant will be revoked automatically.

‍

To provide customers with more granular access controls, Nudge Security has added a new user role that enables use of the employee offboarding playbook without requiring administrative access. Now, Nudge Security provides the following user roles:

  • Personal View - Visibility limited to the user’s individual SaaS accounts
  • Organizational View - Visibility of all SaaS across the organization and the ability to run playbooks, with the exception of Employee Offboarding
  • (new) Organizational View plus Employee Offboarding - Visibility of all SaaS across the organization and the ability to run all playbooks, including Employee Offboarding
  • Administrator - All of the access listed above as well as administrative controls, such as the ability to invite new users, manage user roles, and change organizational settings

‍

For each application your employees are using, Nudge Security provides contextual information that you can use to accelerate security reviews.

‍

We've enhanced this security context by adding a summary of the forms of multi-factor authentication each application offers. Now, you can easily assess which options are most appropriate for your workforce, or determine if an application doesn’t meet corporate security guidelines if the available options aren’t sufficient.

‍

We’ve made it easier to focus on your most relevant accounts by introducing better default filters. Now, we’re filtering deleted accounts and suspended Google Workspace users out of account lists by default. If you want to see the accounts that have been excluded, all you need to do is modify the filter settings at the top of the page.  

‍

‍

We’ve made it easier to manage your company’s AWS footprint by adding two new dashboard views to the Amazon Web Services app overview. Now, you can see your AWS Organizations and the accounts associated with them, as well as your unmanaged accounts. You can search, filter, and export the data.

‍

You can see a full list of your AWS Organizations, with the accounts associated with each AWS Organization nested underneath for easy navigation.

‍

You can also see a list of the unmanaged AWS accounts that aren’t currently associated with an AWS Organization, helping you catch rogue or abandoned accounts before they introduce unnecessary costs or risks.

Together, these two new views make it easier for organizations with large numbers of AWS accounts to explore and manage their AWS infrastructure.

We’ve enhanced the data we display for Google Workspace users, giving you a better snapshot of each employee’s profile at your organization. Now, you can see an employee’s department, division, cost center, location, organization name, and title from directly within the user summary view. We’re updating these fields automatically using metadata from Google Workspace and displaying it in the UI at the user level.

‍

‍

We’ve simplified the process for customers to export data from Nudge Security.

‍

Now, all you need to do to export data is click the “Export CSV” button in the upper right hand corner of each screen. 

‍

Check it out in the screenshot below. In this example, exporting data from the Apps view will give you a CSV file of all of your organization’s applications, including each app’s name, labels, category, number of accounts, first user, and date first seen in your environment. 

‍

The social media tab within our attack surface dashboard is now generally available. Nudge Security discovers all the social media accounts tied to your corporate email domains and helps you understand who owns them.

‍

With this functionality, all customers and trial users can now:

  • Quickly see all social media accounts associated with your organization
  • Discover employees who have created personal social media accounts using corporate emails 
  • Easily identify who to contact in case of security issues with your organization’s social media accounts

‍

Check it out in the screenshot below, and learn how this fits into our overall SaaS attack surface management capabilities in our recent blog post.

‍

‍

See what you've been missing.