SaaS Security is an integrated CASB (Cloud Access Security Broker) solution that helps Security teams like yours meet the challenges of protecting the growing availability of sanctioned and unsanctioned SaaS applications and maintaining compliance consistently in the cloud while stopping threats to sensitive information, users, and resources. SaaS Security options include SaaS Security API (Data Security in the Cloud Management Console), SaaS Security Inline (Discovered Apps in the Cloud Management Console), and SaaS Security Posture Management (SSPM).
Use SaaS Security Inline to discover and manage risks posed by unsanctioned SaaS apps while you rely on SaaS Security API to scan assets in the cloud space for at-rest detection, inspection, and remediation across all user, folder, and file activity within sanctioned SaaS applications. SaaS Security Posture Management (SSPM) helps detect and remediate misconfigured security settings in sanctioned SaaS applications through continuous monitoring.
With all three SaaS Security components, you have an integrated CASB that offers better security outcomes without the complexity of third-party integrations and the overhead and cost of managing the large number of vendors that exist with legacy CASBs.
Review the SaaS Security privacy datasheet for details on the privacy of the data you store in SaaS applications and how SaaS Security handles that data.
Month | Feature | Description | |
---|---|---|---|
April 2024 | Detailed user and group information from Cloud Identity Engine in SaaS Security Inline | If you activated the Cloud Identity Engine on your tenant and configured directory sync in Cloud Identity Engine for Azure Active Directory (Azure AD), SaaS Security Inline can now obtain user information from Azure AD through the Cloud Identity Engine. This additional information is available to you in the Discovered Users view and in the Users & Groups area of the Create New Policy Recommendation page. | |
Behavior Threat detection | Behavior Threats is a new feature in SaaS Security that helps you identify potential threats to your organization from compromised accounts, malicious insiders, and data breaches. Specifically, Behavior Threats examines how your organization’s users are interacting with sanctioned SaaS applications to identify suspicious user activities that might indicate attempts to steal or corrupt data. | ||
Support for Custom Admin Roles in SSPM | You can now create Custom Admin Roles for SSPM in the Strata Cloud Manager. With this launch, you have the extended capability of managing the Role-Based Access Control, leveraging the Identity and Access Management (I&AM) central framework for complete authentication and authorization. | ||
January 2024 | Allowed List of IP Addresses | For a smooth app onboarding experience, an updated region-specific IP address list is now available. Add these IP addresses to the allowed list in your firewalls. | |
Onboarding Validations | You can now check onboarding status that validates if the connector has onboarded successfully. Validations have been launched for the following connectors:
|
||
Improvements to tenant-level policy rule recommendations | When you create policy rule recommendations at the tenant level, several improvements are now available, including increased tenant selection for applying policy rule recommendations and the addition of the Allow action for specific apps. | ||
Tenant-level visibility and control for Salesforce Sales Cloud | For Salesforce Sales Cloud applications, you can now detect the specific application tenants that are being accessed by users and submit policy rule recommendations at the tenant level. | ||
Support for Custom Admin Roles in Data Security |
You can now create Custom Admin Roles for Data Security in the Strata Cloud Manager. |
||
Autotagging recommendations for Sanctioned apps | To help you identify discovered apps that you should tag as Sanctioned, SaaS Security Inline now provides tagging recommendations. Using information from the Cloud Identity Engine, SaaS Security Inline determines if a detected app is an enterprise application accessible through your identity provider. | ||
New security and privacy attributes | When you are viewing an application's attribute values in the Application Detail view in SaaS Security Inline, new security and privacy attributes are available. | ||
Tenant-level visibility and control for Aha! (Aha.io) | For Aha! (Aha.io) applications, you can now detect the specific application tenants that are being accessed by users and submit policy rule recommendations at the tenant level. | ||
Improved application searching in SaaS Security Inline |
The search function in SaaS Security Inline has been improved to yield better results when searching for applications. |
||
November 2023 | Scan support for Workday App (Beta) |
You can connect a Workday instance to Data Security to gain visibility into Workday User Activities. |
|
Interconnected SaaS: Third-party plugin detection in SSPM | SSPM gives you visibility into the third-party plugins that are being used in your organization. You can then take action by approving the plugin or by revoking user access to it. | ||
Tenant-level visibility and control for Azure OpenAI | For Azure OpenAI applications, you can now detect the specific application tenants that are being accessed by users and submit policy rule recommendations at the tenant level. | ||
Onboarding Validations | You can now check onboarding status that validates if the connector has onboarded successfully. Validations have been launched for the Slack Enterprise V2 connector | ||
For features added in earlier releases, see the SaaS Security Release Notes. |
Navigate to the Behavior Threats page to view unusual user activities that might represent threats to your organization from compromised accounts or malicious insiders.
Learn how to identify and remediate risky apps on SaaS Security Inline.
Learn how to generate the SaaS Security Report to share with your SaaS security team and executive management team.