On November 28 2023, Arctic Wolf Labs reported on a new Cactus ransomware campaign which exploits publicly-exposed installations of Qlik Sense, a cloud analytics and business intelligence platform.
With a breach like Qlik, the first question that comes to mind is: "Are we exposed? What is the impact?".
Most security and IT teams can confirm the use of specific apps across an organization.
Applications' usage and security configuration settings are not rigorously tracked after approval.
End-users may bypass security to install freemium apps, often enabling full Read/Write access and integration with business-critical apps such as Hubspot, Salesforce, and M365. Inheritance of refresh tokens or non-expiring access tokens.
Security teams often have to resort to traditional methods to determine who's doing what, where.
They may send blast communications asking colleagues if they use an app, in hopes of fast replies.
SaaS Security Posture Management Tools tools provide the visibility and automation to investigate and prevent SaaS-to-SaaS risk.
Such a solution enhances any cybersecurity team's ability to gain insights and protect every enterprise SaaS application and ensure operational continuity.
SSPM tools enable security teams to identify sanctioned or unsanctioned SaaS-to-SaaS connections, allowing CISOs to detect and identify the impact of a SaaS breach.
By incorporating an SSPM solution, you can take the first step to building a robust SaaS security program and understand how SaaS security threats may impact your business.
From alerts for possible misconfigurations, SaaS-to-SaaS connections, or determining levels of access, SSPM can help you secure the applications to run your business.
Our own cybersecurity and IT teams leveraged the AppOmni platform to get a cursory glance and deeper look at Qlik's potential impact to our business.
In mere seconds, we were able to determine the scope of the potential threat and which SaaS apps Qlik connected to.
The security team identified Qlik connections to Salesforce and Google Workspace.
With an additional pivot, the AppOmni platform also identified the application owners of the applications.
This enabled the team to promptly notify the app owners to disconnect from Qlik, limiting any exposure or impact from the attack.
We can do the same to help your cybersecurity team achieve visibility and control over your SaaS estate.
SaaS applications need a virtual command room where security teams can manage their complex SaaS estate securely and holistically.
Learn what makes a robust SaaS Security Posture Management solution and its key capabilities.
This Cyber News was published on securityboulevard.com. Publication date: Fri, 01 Dec 2023 23:06:57 +0000