Categories
News and Events

SaaS Alerts Releases its Inaugural SASI Report

Reveals SaaS Application Security Insights via Analysis of 15+ Million SMB SaaS Application Events

Report identifies key areas where MSPs should focus SaaS Security efforts by analyzing trends and activities of over 15M SaaS App events and the anonymized application security records for over 750 small-to-mid sized businesses and more than 30,000 end-users.

Wilmington, NC (June 22, 2021) – SaaS Alerts, the cybersecurity company purpose-built for MSPs to protect and monetize their customers’ business SaaS applications, today released the results of its first-ever SASI (SaaS Application Security Insights) Report. The report, scheduled to be released semi-annually, reveals a shocking trend of over 3,000 Brute Force Attacks per day [against the current SMBs being monitored by the platform] and sheds light on risky file-sharing behavior and the top countries where bad actors are originating their attacks on SMBs.

During the period dating January 1st to May 31st, 2021, SaaS Alerts monitored over 15M events and gathered and analyzed anonymized SaaS application security records for over 750 small-to-mid sized businesses and more than 30,000 end-users.

Access and visibility into this unique dataset provides SaaS Alerts a comprehensive and timely view of the current state of SaaS Application Security within the SMB market – and more specifically, within SMBs who are served by MSPs.

Additionally, the report provides insight into how MSPs are currently pricing and marketing their new SaaS Security Monitoring services.

“Overall, the findings in our first-ever SASI report emphasize that MSPs need to reassess their security posture when it comes to protecting their customers’ SaaS Applications. We believe that sharing this data will help MSPs to identify strategies and develop new processes to manage customer security in a data environment now increasingly dominated by off-premise resources,” said Jim Lippie, CEO for SaaS Alerts. “Our goal is to continue to share this critical information in the hopes that together with our MSP Partners, we can better navigate the current cybersecurity threat landscape and enhance our understanding to better combat the risks that lie ahead.”

With this inaugural edition of the report, SaaS Alerts has now made a commitment to release its findings twice a year – and as the platform grows to include more users, these insights will become increasingly more valuable and give MSPs a more comprehensive view of the SMB threat landscape.

Businesses of all sizes are now shifting to SaaS applications and away from locally installed applications. Naturally, at the same time, the data environment is also shifting – from local devices and network servers to Cloud-based data creation and storage.  

This transition requires that technology service providers reconsider the notion of protecting users and networks and reimagine how they think about users and how they follow user behavior. This is accomplished by understanding how user negligence impacts a company’s security posture while also appreciating how bad actors are able to compromise SaaS environments.

In the first half of 2021, SaaS Alerts saw an average of 3,000 brute force attacks per day leveraged against 750+ small businesses while also uncovering a significant attack vector stemming from common user behaviors such as neglectful file-sharing practices and using M365 and Google Workspace credentials for authenticating third-party integrated applications.

These threats will not just go away, they will continue as the data in SaaS applications is valuable to bad actors and their attacks are successful enough to warrant continued effort. Meanwhile, end users will continue to take shortcuts, share anonymous files and bypass safeguards in the name of convenience and increased productivity. As a community of technology professionals, with the right tools and a commitment to regular hygiene, many of these risks can be mitigated.

The SASI Report analyzes the current threats, trends and activities of SaaS Application users and provides valuable insights to help MSPs protect the companies who they serve.

Report analysis was carried out using proprietary anonymized data gathered via the usage of SaaS Alerts pursuant to its Master Services Agreement. This and other data is used by SaaS Alerts to identify security and access trends in order to further advance its product and offerings and in order to meet the needs of its growing MSP partner community and the end customers who they serve. User and business information is anonymized to protect corporate and individual usage data.

For more details and to download a complimentary version of the report, visit:  https://saasalerts.com/sasi-report/

About Saas Alerts: 

SaaS Alerts is the cyber security company purpose-built for MSPs to protect and monetize customer core SaaS business applications. SaaS Alerts offers a unified, real-time monitoring platform for MSPs to protect against: data theft, data-at-risk and bad actors and integrates with the most popular SaaS Applications. Learn more at www.saasalerts.com.

Media Contact:

Keith Engelbert

VP, Business Development

SaaS Alerts, Inc.

843-810-2983

keith@saasalerts.com 

Categories
Cybersecurity

What the Executive Order for Improving Nation’s Cybersecurity Means for MSPs and Cloud App Security

In May, the Whitehouse issued an Executive Order on Improving the Nation’s Cybersecurity which laid the groundwork for the Nation’s response to the latest security breaches and sought to address the persistent and increasingly sophisticated malicious cyber campaigns threatening the public sector, the private sector, and ultimately the American people. 

The order is aimed at improving the Government’s efforts to identify, deter, protect against, detect, and respond to these actions and actors. Last month, an additional memorandum was released. The July Memorandum, known as the National Security Memorandum on Improving Cybersecurity for Critical Infrastructure Control Systems focused further on protecting the Nation’s critical infrastructure from ransomware and other attacks.

So how will this order, currently directed at Federal Agencies and those IT and OT service providers who contract with the Federal Government impact the Managed Service Providers and Managed Security Service Providers serving the private sector in the weeks and months to come?

The May Executive Order mandates several requirements including that government agencies and departments make bold changes and significant investments in zero-trust architecture, software standards and more. While the memorandum from July sets standards for technology and systems used by private companies in food, energy, power and water.

While the trickle-down impact of this order could take some time to directly impact those providers serving the private sector and non-critical infrastructure (food, energy, power and water) customers, the order set the framework for encouraging the private sector to adopt similar measures – and experts caution that it’s only a matter of time before MSPs and MSSPs will be required to comply.

Impact to MSPs When it Comes to Cloud App Security

The May order states that the Federal Government must modernize its Cybersecurity including by increasing the Federal Government’s visibility into threats and must adopt security best practices; advance toward Zero Trust Architecture and accelerate movement to secure cloud services, including Software as a Service (SaaS), Infrastructure as a Service (IaaS), and Platform as a Service (PaaS) while centralizing and streamlining access to cybersecurity data to drive analytics for identifying and managing cybersecurity risks; and invest in both technology and personnel to match these modernization goals.

CISA (The Cybersecurity & Infrastructure Agency, which is part of the Department of Homeland Security) asserts Alert (AA20-245A) which highlights technical approaches to uncovering malicious activity and includes mitigation steps according to best practices. These are the steps which MSPs should be taking now to both protect their customers and to prepare for future mandates.

Specifically, this Advisory furthers the recommendations covered in the President’s Executive Order on Improving the Nation’s Cybersecurity regarding monitoring operations and alerts and responding to attempted and actual cyber incidents and employing automated tools, or comparable processes, that check for known and potential vulnerabilities and remediate them, which shall operate regularly, or at a minimum prior to product, version, or update release.

What Does this Mean?  

It means that IT departments and IT Service Providers should be monitoring all applications, tools and devices that touch their operation to prevent or mitigate exposures. 

Further, The Cybersecurity and Infrastructure Security Agency (CISA) released insights on Mitigations and Hardening Guidance for MSPs and Small- and Mid-sized Businesses which details specific actions that every MSP should be taking.

CISA recommends the following mitigations and hardening guidance:

• Apply the principle of least privilege to customer environments.

• Ensure that log information is preserved, aggregated, and correlated to maximize detection capabilities.

• Implement robust network- and host-based monitoring solutions.

• Work with customers to ensure hosted infrastructure is monitored and maintained.

• Manage customer data backups.

Why is the Government Making these Recommendations?  

As Cloud and SaaS Application usage continue to dominate today’s IT landscape, it’s important that the user behavior associated with these popular applications be tracked and monitored. In many cases, IT professionals are properly securing traditional IT assets, like local networks, devices and servers, but are not yet keeping up with user behavior and configurations with the most widely used SaaS applications.  

Top motivators for Cloud and SaaS app adoption, such as the ability to increase productivity and reduce costs is increasingly driving businesses to seek attractive alternatives to on-premise solutions.  Moreover, the global pandemic has dramatically shifted how people work and as a result, organizations have scaled up their use of Cloud and SaaS applications to support collaboration and productivity from home. This shift in the landscape has created a breeding ground for hackers and bad actors who will undoubtedly use the opportunity to cripple businesses, both large and small. 

In addition to the governmental recommendations, SaaS Alerts recently released its inaugural SASI (SaaS Application Security Insights) report in June which shares additional recommendations in light of the growing threats:

  • One recommendation for any technology professional is to monitor as many SaaS applications as possible to provide a full scope of security gaps and visibility of user behavior via cross correlation.
  • It’s highly recommended that companies monitor file-sharing activity within SaaS applications and work with end users to ensure they terminate “old” share links, in order to maintain proper security hygiene and mitigate risk. 
  • Security policy changes providing individuals additional access or privileges is also critical to remediate. If a bad actor gains access to any environment, most will change security policies to give themselves a free pass to run wild within the application.

Visit https://saasalerts.com/sasi-report/ to obtain a complimentary copy of the most recent SASI Report.

Categories
News and Events

New Partnership with TAG National

SaaS Alerts is very excited to announce our new partnership with TAG, an organization of leading managed technology services providers representing $700 million in annual sales. The SaaS Alerts team is looking forward to meeting with TAG Members and helping them add SaaS security monitoring to their portfolio of cyber tools to win more deals and add more value to their client relationships.

Categories
News and Events

SaaS Application Security Research: MSP and SMB Findings

Categories
News and Events

Join us for the Auvik Summer Treat Wave

SaaS Alerts is proud to team up with our friends at Auvik along with 17 other amazing co-sponsors to bring you a month of summer prize giveaways! Starting today, you can sign up for the Auvik #TreatWave for a chance to win 22 days of prizes in July.

How it works

  • Auvik is offering one giveaway each day Monday through Friday for the entire month of July.
  • Make sure to sign up early, so you’re eligible for all 22 prize drawings.
  • Auvik will fulfill all the prizes on an as-winner basis.
Categories
Uncategorized

Attention MSPs: Is it time to reprioritize your activities?

When faced with the need to secure their customers’ SaaS Applications, consistent feedback heard from today’s Managed Service Providers (MSP) is, “We don’t have time to do anything else!”.  The truth is MSPs are inundated with a lot of daily activities in their never-ending quest to keep their clients’ employees productive and secure.  Think about it, MSPs are charged with ensuring that end users have access to important infrastructure where applications and data live, backing up all that important data, providing business continuity services in case of operational disruption, locking down the network for perimeter security, hardware/software lifecycle management, virtual CIO consulting, end user security and end user support (helpdesk). All of these activities are important and essential for a every MSP, but when you follow the evolution of the technology being adopted by the SMBs that MSPs serve, where do these activities rank on the list of priorities?

I once heard an executive say, “we need to manage our competing priorities” and while I understand the sentiment, the notion of “competing priorities” is an oxymoron.  By definition, a priority is a thing that is regarded as more important than another.  So, the entire idea of a priority is that it doesn’t compete with another priority, it automatically takes top position of importance.  A good leader’s job is to understand the relative importance of different activities and initiatives for a company and to properly list the priorities for an organization in order of importance. Therefore, MSPs need to understand that certain activities carry more importance for their customers and then adjust to their activity list based the highest level of value to the customer.  However, business professionals in every field, not just MSPs, tend to default to what they have always done – and don’t challenge themselves to reprioritize what is most important for their business or their customers. 

So, this article is meant to challenge MSPs to re-evaluate the activities they perform for their clients and to determine which of those activities add the most value based on the technology transition that is currently underway. What technology transition? The transition to an even more remote workforce and the rapid adoption of SaaS applications.  According to a survey by BetterCloud, 85% of all applications will be consumed via SaaS by 2025.  So MSPs need ask themselves in a world where a vast majority of small businesses are consuming SaaS applications, where can they add the most value to their client relationships? 

Despite, the technology transition, the priority is still to protect and secure the end user experience.  However, the activities associated with securing end users in a SaaS-based world need to change from  the traditional MSP support model. Here are the questions the MSP needs to ask themselves: 

  1. Are people/employees gaining access to applications they shouldn’t? 
  2. Are bad actors logging into a client’s SaaS applications? 
  3. Are SaaS application accounts being attacked or compromised? 
  4. Are employees being careless with their data sharing habits? 
  5. Are employees or bad actors taking sensitive data out of key applications? 
  6. Are policy and permission changes being made in SaaS applications? 
  7. Are their devices being added to access applications without permission? 
  8. Are users using corporate credentials to authenticate to other SaaS applications? 

If a majority of an MSPs clients are using SaaS applications extensively every day and sensitive data resides in those applications, then these questions are key for the MSP to answer on behalf of their client.  Answering these questions can also help MSPs reprioritize how they’re spending their time in protecting their clients in a world where the perimeter has moved, and where applications live has changed. 

At a recent industry event, SaaS Alerts talked to hundreds of MSPs at our tradeshow booth. MSPs would come up and ask me, “What does SaaS Alerts do?”  On the first day of the event, I started by saying, “we help MSPs protect and monetize their customers’ SaaS applications” and I then continued to explain from there.  But, by the end of the event, I started by saying, “we’re helping MSPs stay in business for years to come.”  I added that SMBs have changed their technology habits and the solutions they use to be productive every day, it’s important that MSPs have the tools to manage their clients through this transition.  

The bottom line is that the MSPs that challenge themselves to answer these questions and re-evaluate their usage of time on behalf of their clients will reprioritize their activities and win on the transition. 

Categories
Cybersecurity

How can MSPs help protect Dropbox users?

4 Tips for securing DropBox to eliminate common end user security holes
If you ask any seasoned IT professional at a Managed Service Provider (MSP), “what is your greatest cybersecurity weakness when it comes to protecting your customers?”, the answer will undoubtedly be; the end users they serve.

It’s not because the end users they serve are malicious. It’s because most end users are simply not aware or ignore all the important configuration options and settings that exist in the applications they use every day. Once more, most IT professionals are not aware of the multitude of SaaS applications their end users are leveraging in their quest to make their jobs easier.    

A great example would be Dropbox. Dropbox is used by over 500 million people every year.  Many of these users are from all types of companies, from the smallest of the small to large enterprises (this blog is backed up on Dropbox).  But if we evaluate some of the overlooked end user configurations for a popular application like Dropbox, then we find some troubling security holes. 

For example, here are 4 commonly overlooked issues by end users that can be resolved through proper diligence (the problem is the average end user is not known for their diligence). 

  1. Delist Linked Devices: Often Dropbox users will change their devices (laptops, smart phones, tablets, etc.) multiple times while their Dropbox subscription continues on. But devices can also be passed on to other people and if those devices are not properly wiped, said devices may be used to link back to one’s Dropbox account. To avoid this issue, users should always “delist” their devices when they retire them. Here is a screenshot of the setting in Dropbox to accomplish this:
Dropbox linked devices
  1. Check Web Sessions: One of the great features of Dropbox is the ability to collaborate with other people or groups.  Many times users will engage with another company on a project and they will use Dropbox to share important files.  Once the project is complete, there is no longer a need to share files between the two parties and they often go about their business without the need to collaborate further. But what happens to those “orphaned” Dropbox links? Could someone use an orphaned link to tunnel back into one’s Dropbox account?  The answer is, “yes’. So, it’s important to monitor one’s Dropbox web sessions.  On the same Security page just above the list of linked devices, users can view their current web sessions which shows which browsers are currently logged into your Dropbox account.  This however, requires end user diligence. 
  1. Manage Your Linked Apps: When you sign into Dropbox through a third party app, the company shares your personal information with that app. Over time you may forget which apps you have given permission to access your Dropbox account and may have stopped using those apps altogether.
linked apps

Towards the bottom of Dropbox’s security settings page you can view all the apps you have given permission to over the years and just as with delisting trusted devices, you can easily revoke permission for any given app.

  1. Email Notifications: When changes occur in your Dropbox account such as, logins from new devices or deletion of files, you can set up email alerts within Dropbox that will notify you. Email notifications can be managed from the Profile panels of the Settings menu.

These four measures are not difficult to do, but they do require the right configurations, policy management and ongoing diligence- which as stated before, can be difficult for end users to keep up with and Dropbox is just one app of dozens that someone will leverage daily.  If you’re an MSP looking for a comprehensive product that monitors SaaS applications, creates alerts around unusual end user behavior and takes the responsibility off the end user to constantly keep up with their own SaaS application compliance, please go to www.saasalerts.com for more information. 

Categories
Cybersecurity

What is a Brute Force Attack and what to do when you see them happening?

We live in a world where a vast majority of a company’s sensitive data resides in Software as a Service (SaaS) applications like Office 365, Google Workspace, Salesforce, Dropbox, etc. In the recent 2020 State of SaaSOps report by BetterCloud, their data suggests that 85% of all application usage by 2025 will be via SaaS. If you’re an MSP or IT service provider reading this, you should be thinking, “oh snap!!! What can I be doing to better protect the sensitive data in these applications?”

First, in order to protect the data, you need to understand the methods being used to compromise the data.  One of the methods bad actors are using to gain access to the data living in these SaaS applications is “brute force attacks”.  What is a brute force attack? A brute force attack, also known as an exhaustive search, is a cryptographic hack that relies on guessing possible combinations of a targeted password until the correct password is discovered. 

At SaaS Alerts we are currently processing nearly one million SaaS application events per day and we can see that brute force attacks are on the increase. In fact, in a 7-day period, almost every end user company on the SaaS Alerts platform has seen at least one brute force attack.  Since 2017, it’s estimated that 5% of brute force attempts have been successful at gaining access to SaaS applications. While that percentage might seem low, the absolute number is very large based on the total number of attempts. 

If you are an MSP you might be asking, “is this activity important to be aware of?” If you are interested in protecting yourself and your customers, then the answer is “positively 100% YES!” Ninety two percent of MSPs use and resell Office 365, the most popular SaaS application for business in the world and it happens to be the most vulnerable. In a recent infosecurity article, CrowdStrike CEO, George Kurtz slammed Microsoft in the context of the SolarWinds breach investigation, saying hackers were able to exploit Microsoft’s overly complicated and “antiquated” architecture. 

“The threat actor took advantage of systemic weaknesses in the Windows authentication architecture, allowing it to move laterally within the network and reach the cloud environment while bypassing multifactor authentication.” said Kurtz. 

What can an MSP do to protect themselves and their customers?

Step 1, start monitoring SaaS applications -because you can’t manage what you don’t measure/monitor.

Step 2, actively use the information from a SaaS monitoring tool to remediate critical alerts and start adding more value to your client relationships.

Step 3, start charging an incremental fee for the added protection. 

Now, specifically what can an MSP do if their client is hit with a brute force attack? 

Contact the Customer or User and make them aware of this event. This event indicates a possible account compromise by an unauthorized actor due to repeated login failures within a minimal timeframe. It is recommended to reset the password to a complex password, and enable MFA if not already enabled. If the attack persists, then consider deleting the account and reissue a new user account with new credentials with MFA enabled. Lastly, continue to monitor the SaaS environment on an ongoing basis for unusual user behavior. If you’re interested in a full list of remediation recommendations for SaaS based cybersecurity events, please email marketing@saasalerts.com

Become a Partner

Learn how to differentiate your business, simplify operations and supercharge your sales.

Categories
News and Events

MSP Industry Pioneers Fund SaaS Alerts

by Joe Panettieri • Mar 15, 2021

SaaS Alerts, led by CEO Jim Lippie, raises $1.2 million in early stage funding from Gary Pica, David Bellini & additional MSP industry pioneers.

Categories
News and Events

SaaS Alerts Announces Completion of Funding Round Led by Some of the Biggest Names in the MSP Industry

SaaS Alerts Announces Completion of Funding Round Led by Some of the Biggest Names in the MSP Industry

 Dream-team of MSP veterans validates need for cybersecurity platform purpose-built for MSPs to protect and monetize customer SaaS applications

March 16, 2021 – Wilmington, NC – SaaS Alerts, the cybersecurity company purpose built for MSPs to protect and monetize their customers’ business SaaS applications, announced today that it has closed a round of funding totaling $1.2 Million. Most notably, the round was led by MSP industry veterans including Gary Pica, David Bellini, Adam Slutskin, Paul Cissel, Pete Peterson, Kevin Lancaster, Paul Brady, John Barrows and Michael France.

“The technology landscape has been evolving for a while, but the rate of change has been hastened by the pandemic. Now more than ever, MSPs need to realize the importance of protecting the SaaS applications which they and their customers use daily. Based on this transformation, I feel like SaaS Alerts is the right solution at the right time for the MSP community”, said David Bellini, Co-Founder of Connectwise and CFO for ConnectOn.

“When we started our fundraising efforts, it was important for us to bring in investors who truly understand the MSP industry and how it’s changing. We now feel like we have a dream team of investors who have seen the industry evolve and know exactly where it’s headed. Receiving investment from such an impressive group of MSP veterans is a real endorsement of our vision and mission at SaaS Alerts,” said Jim Lippie, CEO of SaaS Alerts.

SaaS Alerts will use the funding to further its development activities and incorporate many of the additional features being requested by its existing partners, in addition to sales and marketing initiatives. The unified SaaS alerting and monitoring platform is currently processing over two million events per day and growing rapidly to support its expanding list of MSP partners, allowing those MSPs to add more value to their client relationships and to build incremental recurring revenue. 

SaaS Alerts is looking forward to engaging with the nearly 3,000 MSPs anticipated to attend Datto’s upcoming MSP Technology Day on March 18th where the focus is on cyber resiliency.

 About SaaS Alerts:

SaaS Alerts is the cybersecurity company purpose-built for MSPs to protect and monetize customer core SaaS business applications. SaaS Alerts offers a unified, real-time monitoring platform for MSPs to protect against: data theft, data at risk and bad actors and integrates with the most popular SaaS Applications. Learn more at www.saasalerts.com.

Media Contact:

Keith Engelbert

VP, Business Development

SaaS Alerts

910-604-6539

keith@saasalerts.com