Identity-based threats on SaaS applications are a growing concern among security professionals, although few have the capabilities to detect and respond to them. According to the US Cybersecurity and Infrastructure Security Agency (CISA), 90% of all cyberattacks begin with phishing, an identity-based threat. Throw in attacks that use stolen credentials, over-provisioned accounts, and insider threats, and it becomes quite clear that identity is a primary attack vector. To make matters worse, it's not just human accounts that are being targeted. Threat actors are also hijacking non-human identities, including service accounts and OAuth authorizations, and riding them deep into SaaS applications. When threat actors get through the initial defenses, having a robust Identity Threat Detection and Response (ITDR) system in place as an integral part of Identity Security can prevent massive breaches. Last month's Snowflake breach is a perfect example. Threat actors took advantage of single-factor authentication to access the account. Once inside, the company lacked any meaningful threat detection capability, which enabled the threat actors to exfiltrate over 560 million customer records. How ITDR Works ITDR combines several elements to detect SaaS threats. It monitors events from across the SaaS stack, and uses login information, device data, and user behavior to identify behavioral anomalies that indicate a threat. Each anomaly is considered an indicator of compromise (IOC), and…Read More