Back to the blog

Investigate and remediate OAuth risks with expanded OAuth grant context

Nudge Security delivers key OAuth risk insights to help you detect sensitive scopes, assess trust signals, and flag potential phishing attempts.

Spinning up a new OAuth grant is almost comically easy compared to the effort it takes to understand and evaluate any associated risks that could provide unauthorized access to your corporate data. 

‍

Investigating OAuth grants means tracking down a multitude of disparate risk factors to get a complete picture, many of which aren’t available directly from Google or Microsoft. A complete investigation could call for looking up individual OAuth consent screens, API access logs, Google and Microsoft marketplace listings, domain WHOIS lookups, app documentation, internal app usage data from cloud service APIs, and more. Who has time for that?

‍

Today, we’ve introduced expanded OAuth risk insights which put even more valuable context at our customer’s fingertips so they can: 

  • Accelerate OAuth investigations and make faster decisions about OAuth risks.
  • Flag potential phishing attempts from misleading, suspicious, or known malicious domains.
  • Easily understand trust signals from Google and Microsoft.
  • Understand whether a grant is popular with your workforce or other Nudge Security customers.

‍

Let’s take a look at some of the ways Nudge Security’s new OAuth insights can help you accelerate your OAuth risk investigations. 

‍

‍

Detect risky or overly-permissive access to your corporate data. 

OAuth grant scopes provide essential information about the access a particular app has to your environment. Nudge Security provides a complete list of scopes associated with each of your organization’s OAuth grants, along with OAuth risk scores and information about how many other employees have granted similar scopes. 

‍

With the addition of OAuth risk insights, you can quickly see if an app has an unusually large number of scopes, which could mean an app has excessive access to your environment. You can also see whether Google considers any of the grant’s scopes sensitive or restricted, which can indicate an elevated level of access that a bad actor could potentially exploit. For example, an app using restricted scopes might be able to take actions like:

  • Reading, composing, and sending emails from your employees’ Gmail accounts
  • Managing your sensitive mail settings, including who can manage your mail
  • Viewing, editing, creating, and deleting all of your Google Drive files

‍

And as always, when you see a Google or Microsoft OAuth grant that you determine has risky or excessive access to your environment, you can revoke it directly from Nudge Security. 

‍

‍

Flag potential phishing attempts and known malicious apps. 

Sometimes, bad actors attempt to disguise a malicious app as a familiar one to trick employees into accepting OAuth grants. Nudge Security risk insights provide a quick snapshot of potentially deceptive practices within an app’s registration information, such as “leet speak” or unusual characters within a reply URL or publisher email. 

‍

We’ll also flag evidence that apps or domains have been used by threat actors in the past, such as suspicious or known malicious domains used in publisher emails or reply URLs. 

‍

‍

Identify configuration choices that could pose security risks.

Certain configuration choices may not be malicious, but can still potentially endanger your organization’s resources. 

‍

For example, Nudge Security risk insights will show you if an app creator has used a personal email or Google group as a publisher email, both of which represent potential risks. 

‍

‍

Quickly assess trust signals indicating the vendor’s legitimacy. 

Nudge Security provides a security profile for each app in your environment with information about the app’s security program, data hosting, compliance certifications, breach history, and SaaS supply chain. 

‍

Now, Nudge Security OAuth insights also make it easy to find trust signals at a glance, such as whether or not an app has been verified or listed in Microsoft or Google marketplaces. You can also quickly see if an app is owned by Google, Microsoft, or even your own organization. 

‍

‍

Understand app popularity within your own organization or other environments. 

App popularity can be a useful proxy for app reputation, whether that means usage at your own organization or outside of it. 

‍

Nudge Security’s OAuth insights make this easy to assess by indicating whether the app is widely used within your organization or other environments, without chasing down answers in cloud service dashboards or app reviews. 

‍

‍

Get a more complete picture with informational insights. 

Nudge Security provides informational insights to help you get a broader understanding of how an app may be used or how it was created, which can be useful in combination with other risk indicators. For example, you might see that an app belongs to a Google App Script, meaning a script that runs in Google services such as Spreadsheets or Google Docs. This isn’t necessarily a positive or negative risk indicator on its own, but helps build a more complete picture alongside other insights. 

‍

‍

Ready to learn more? 

Related posts

Report

Debunking the "stupid user" myth
in security

Exploring the influence of employees’ perception
and emotions on security behaviors