SaaS Attack Surface

Nudge Security has released new API endpoints to help you search and retrieve security posture findings for Google Workspace and Microsoft 365. Now, you can use Nudge Security’s API to report on findings or ingest security posture data into your SIEM or SOAR tool to correlate events and accelerate incident response. 

‍

See our API documentation for more information on the new endpoints

‍

Nudge Security delivers a risk score for each OAuth grant in your environment to help you prioritize and manage OAuth risks at scale. Previously, risk scores were based on the permissiveness of each grant’s scopes. 

‍

Now, Nudge Security has updated these risk scores to account for our recently-added OAuth risk insights, which highlight signals such as popularity, trust signals from vendors, and indicators of potential phishing. For example, a grant with an unusually high level of access may have a lower risk score if the grant was created by Google or Microsoft or has passed a security review. In contrast, a grant may have a high risk score despite more limited access if Nudge Security detects malicious domains or potentially deceptive practices within an app’s registration information.

‍

Today, we’ve expanded our SaaS security and governance capabilities with SaaS security posture management (SSPM) for Google Workspace and Microsoft 356, enabling you to remediate risks and misconfigurations in your identity infrastructure. 

‍

Now, Nudge Security regularly checks your Google Workspace or Microsoft 365 environment against technical benchmarks to detect:

‍

• Misconfigurations such as missing SSO or MFA and suspicious email audit rules
• Identity risks like delegated email access and inactive privileged accounts
• SaaS-to-SaaS integration risks, including unused OAuth grants with privileged access and unapproved grants with risky scopes

‍

You can see an overview of findings from those checks in the new Posture dashboard, which highlights top findings, riskiest users, and remediation activities. See a full list of issues under Findings and resolve risks quickly with remediation workflows, including nudges to engage the right stakeholders and track resolution outcomes. Learn more in today’s blog.

‍

We recently revamped our SaaS events record to provide additional context, including associated resources, and to make it even easier to search and filter events by event type, time range, or user. This applies to the Events tab for SaaS apps and SaaS accounts.

‍

Each SaaS app has its own events record where you can search and filter activities for all users of that app. For example, you could review a timeline of user account creation events within an app.  Additionally, each SaaS account has its own event record, so you can review activities associated with an individual user account, such as password reset or MFA disablement events.

‍

Now that SaaS resources are associated with their relevant events and searchable, we’ve also retired the all-purpose Resources tab from the primary navigation.

‍

The social media tab within our attack surface dashboard is now generally available. Nudge Security discovers all the social media accounts tied to your corporate email domains and helps you understand who owns them.

‍

With this functionality, all customers and trial users can now:

• Quickly see all social media accounts associated with your organization
• Discover employees who have created personal social media accounts using corporate emails 
• Easily identify who to contact in case of security issues with your organization’s social media accounts

‍

Check it out in the screenshot below, and learn how this fits into our overall SaaS attack surface management capabilities in our recent blog post.

‍

‍

We recently added a new attack surface dashboard, so you can readily monitor your cloud and SaaS attack surface as it changes. 

‍

Leaning on our security expertise and experience, we organize the data we discover about your SaaS estate and supply chain into key focus areas, including:

‍

• External-facing SaaS apps and domains (what attackers can see)
• SaaS apps that commonly store corporate IP and sensitive data
• Critical cloud and software supply chain infrastructure
• Corporate social media accounts
• And, well, much more…

‍

Here’s an interactive tour of the new feature:

‍

To learn more about how it works and how you can modernize your attack surface management strategy with Nudge Security, check out our blog.

Today, we released a new OAuth risk scoring feature and improved the way we visualize and classify OAuth grants for easier management and risk prioritization. Additionally, you can now build custom notification rules based on flexible OAuth criteria, including setting an OAuth risk score threshold.

‍

Here’s an interactive tour of the new and improved features:

‍

‍

For more information about these new capabilities, read our release blog post here.

‍

As always, we encourage your feedback!

Nudge Security customers can now subscribe to SaaS breach notifications. 

‍

When a data breach disclosure is discovered for a third- or fourth-party SaaS provider in your SaaS supply chain, Nudge Security will send you an email notification, alerting you to the potential impact of the breach. Here’s a recent example we sent to customers:

‍

‍

So, now whenever a SaaS data breach hits the headlines, you can quickly determine if your organization is in the blast radius.

‍

To subscribe to breach notifications in the product, go to Settings and check “Receive breach notifications.”

‍

‍