By Kevin Hanes, CEO of Reveal Security When I reflect on the years I spent leading one of the world’s largest Security Operations Centers (SOCs) and incident response teams, the lessons learned aren’t just war stories…they’re a playbook for how we should rethink our responsibilities in the face of today’s fast-evolving attack surfaces. Back then, we were managing massive volumes of alerts, hunting nation-state actors, and responding to zero-days on behalf of our clients that “outsourced” their security to us. But the reality is, even with the best people and tools in the world, the hardest lesson always circled back to this: You can’t outsource responsibility. Sure, you can outsource security services. You can hire MSSPs, employ managed detection and response, push workloads to the cloud, and sign SaaS contracts that include the phrase “shared responsibility model.” But at the end of the day, when the breach hits the front page or the regulators come knocking, it’s you. It’s your logo, your customers, your board, and your job. That’s why the SaaS security challenge feels deeply personal to me. I’ve been on the frontlines of the security response when systems get encrypted, stolen credentials are exploited, or anomalous activity gets missed. And I’ve seen what happens when we, as security leaders, let gaps stay open because they’re hard, unfamiliar, or not fully understood. What You’re Not Thinking About Will Hurt You Let me be blunt: most security programs today aren’t truly thinking about their SaaS attack surface. And not because they don’t care, but because it’s sprawling, dynamic, and in many cases, invisible to their current security stack. When you use Salesforce, Workday, Microsoft 365, Google Workspace or hundreds of other SaaS applications, you’re trusting platforms you don’t control, running on infrastructure you don’t own, accessed by users you may barely manage. You might have some visibility at authentication but what about after that? Your SIEM might capture logs if you integrate it all. But real post-login visibility – actual behavioral understanding of human and non human identities inside the SaaS app? Across multiple SaaS apps? That’s not something traditional tools were built to handle. Let me ask you this: Can your current tooling detect if a privileged contractor logs in and starts extracting sensitive records from a CRM they rarely use? Can it distinguish a credentialed user doing legitimate business activity in a sanctioned a
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
Read the original article: