Spinning up a new OAuth grant is almost comically easy compared to the effort it takes to understand and evaluate any associated risks that could provide unauthorized access to your corporate data.Â
‍
Investigating OAuth grants means tracking down a multitude of disparate risk factors to get a complete picture, many of which aren’t available directly from Google or Microsoft. A complete investigation could call for looking up individual OAuth consent screens, API access logs, Google and Microsoft marketplace listings, domain WHOIS lookups, app documentation, internal app usage data from cloud service APIs, and more. Who has time for that?
‍
Today, we’ve introduced expanded OAuth risk insights which put even more valuable context at our customer’s fingertips so they can:Â
‍
Let’s take a look at some of the ways Nudge Security’s new OAuth insights can help you accelerate your OAuth risk investigations.Â
‍
‍
OAuth grant scopes provide essential information about the access a particular app has to your environment. Nudge Security provides a complete list of scopes associated with each of your organization’s OAuth grants, along with OAuth risk scores and information about how many other employees have granted similar scopes.Â
‍
With the addition of OAuth risk insights, you can quickly see if an app has an unusually large number of scopes, which could mean an app has excessive access to your environment. You can also see whether Google considers any of the grant’s scopes sensitive or restricted, which can indicate an elevated level of access that a bad actor could potentially exploit. For example, an app using restricted scopes might be able to take actions like:
‍
And as always, when you see a Google or Microsoft OAuth grant that you determine has risky or excessive access to your environment, you can revoke it directly from Nudge Security.Â
‍
‍
Sometimes, bad actors attempt to disguise a malicious app as a familiar one to trick employees into accepting OAuth grants. Nudge Security risk insights provide a quick snapshot of potentially deceptive practices within an app’s registration information, such as “leet speak” or unusual characters within a reply URL or publisher email.Â
‍
We’ll also flag evidence that apps or domains have been used by threat actors in the past, such as suspicious or known malicious domains used in publisher emails or reply URLs.Â
‍
‍
Certain configuration choices may not be malicious, but can still potentially endanger your organization’s resources.Â
‍
For example, Nudge Security risk insights will show you if an app creator has used a personal email or Google group as a publisher email, both of which represent potential risks.Â
‍
‍
Nudge Security provides a security profile for each app in your environment with information about the app’s security program, data hosting, compliance certifications, breach history, and SaaS supply chain.Â
‍
Now, Nudge Security OAuth insights also make it easy to find trust signals at a glance, such as whether or not an app has been verified or listed in Microsoft or Google marketplaces. You can also quickly see if an app is owned by Google, Microsoft, or even your own organization.Â
‍
‍
App popularity can be a useful proxy for app reputation, whether that means usage at your own organization or outside of it.Â
‍
Nudge Security’s OAuth insights make this easy to assess by indicating whether the app is widely used within your organization or other environments, without chasing down answers in cloud service dashboards or app reviews.Â
‍
‍
Nudge Security provides informational insights to help you get a broader understanding of how an app may be used or how it was created, which can be useful in combination with other risk indicators. For example, you might see that an app belongs to a Google App Script, meaning a script that runs in Google services such as Spreadsheets or Google Docs. This isn’t necessarily a positive or negative risk indicator on its own, but helps build a more complete picture alongside other insights.Â
‍
‍