RealTime Information Technology

View Original

How to Protect your SaaS Based Applications

NEW ADVICE FROM REALTIME CYBERSECURITY

One of our vendors has released a security trends report using the monitoring data of SaaS (Software as a Service) application usage across ~7500 Small Businesses (SMBs) who use their cloud security service. About 70% of the businesses monitored use Microsoft 365. These insights are the summation of the data collected from monitoring almost 1 million accounts across ~7500 small businesses whose SaaS environments were monitored from Jan 1, 2022 – Dec 31, 2022:

  • 7500 Small Businesses’ SaaS environments monitored

  • 980,000 end user accounts

  • 1 Billion events logged

  • 701,000,000 of these events came from Microsoft Office 365

Where ARE the attacks originating?

Most of the attempts come from outside of the United States. More than 53% of attempted unauthorized logons originated from just these five countries: China, Vietnam, India, Brazil, and South Korea. Interestingly, Russia isn’t in this top five this year, most likely due to cyber-attacks from Russia focusing on Ukraine in 2022. Have you ever heard of a Brute Force Attack? This is a common tactic where bad actors will target known cloud-based accounts and try multiple credentials (usually derived from data thefts) in hopes that one works. 

Just this week, this service alerted me that my own account was being subjected to a brute force attack! The system alerted me to the event, it blocked the attackers from further attempts, and the alerts showed me they were unsuccessful. Whew! 

What this event also showed me is that there was something we could do better to prevent this specific attack vector in the future, which will help us all be more protected in the future.

Top recommendations on
how to protect your SaaS based applications

…and really almost all of this applies to any technology environment.

  1. Enable and enforce Multi Factor Authentication.

  2. Monitor all of your SaaS applications for unusual or unauthorized activity.

  3. Enforce proper configuration of your SaaS applications and monitor for changes.

  4. Monitor unauthorized file sharing activity.

  5. Delete unnecessary guest accounts on a regular basis.


-by Todd Swartzman, RealTime CISO