SaaS (Software as a Service) sprawl refers to a defense evasion tactic where an attacker takes advantage of the lack of visibility and control in a cloud environment to spread the use of unauthorized SaaS applications across an organization.
In this attack, an attacker might use a compromised user account or exploit a vulnerability to gain access to a cloud environment, then begin to sign up for and use various SaaS applications without the knowledge or approval of the organization's IT and security teams.
This can lead to a "sprawl" of unapproved SaaS applications being used throughout the organization, creating security risks and potentially violating compliance regulations.
The use of unauthorized SaaS applications can increase the attack surface and make it more difficult for security teams to monitor and protect the organization's data and systems.
Additionally, the use of these applications may introduce security vulnerabilities that can be exploited by attackers.
ID:T0174
Type:Technique
Tactic:Defense Evasion
Summary:SaaS sprawl
State:Draft
Mitigations
ID
TYPE
SUMMARY
DESCRIPTION
M1550
Mitigation
Mitigation Implement strict access control for clouds Limit access to cloud resources to only authorized users and ensure that proper authentication and authorization mechanisms are in place.
Mitigation Implement strict access control for clouds Limit access to cloud resources to only authorized users and ensure that proper authentication and authorization mechanisms are in place.
M1740
Mitigation
Mitigation Establish guidelines for the use of SaaS application Establish clear policies and guidelines for the use of SaaS applications and enforce them rigorously.
This can include guidelines for which applications are approved for use, who is authorized to sign up for new applications, and how to vet new applications for security risks.
M1741
Mitigation
Mitigation Implement access controls and permissions for SaaS applications Implement access controls and permissions for SaaS applications, such as limiting access to certain users or departments and requiring multi-factor authentication for all users.
Mitigation Implement access controls and permissions for SaaS applications Implement access controls and permissions for SaaS applications, such as limiting access to certain users or departments and requiring multi-factor authentication for all users.
Detections
ID
TYPE
SUMMARY
DESCRIPTION
D1510
Detection
Detection Implement Intrusion Detection System and anti-malware An intrusion detection system (IDS) is a security tool designed to detect and alert on unauthorized access to a computer system or network.
Implementing intrusion detection systems (IDS) and anti-malware software can help to identify and block malicious activity. IDS is a critical security tool that helps organizations to detect and respond to security incidents in a timely manner. By providing real-time monitoring and analysis of network traffic, IDS can help organizations to stay ahead of potential threats and reduce the risk of a security breach.
AppSec teams are overwhelmed by useless alerts, managing numerous applications with vulnerabilities across various kill-chain stages, making them increasingly susceptible to successful attacks.
