SaaS Security
What’s SaaS Security?
Table of Contents
Expand All
|
Collapse All
SaaS Security Docs
-
-
- Begin Scanning an Amazon S3 App
- Begin Scanning a Bitbucket App
- Begin Scanning a Box App
- Begin Scanning ChatGPT Enterprise App
- Begin Scanning a Cisco Webex Teams App
- Begin Scanning a Confluence App
- Begin Scanning a Confluence Data Center App
- Begin Scanning a Dropbox App
- Begin Scanning a GitHub App
- Begin Scanning a Gmail App
- Begin Scanning a Google Cloud Storage App
- Begin Scanning a Google Drive App
- Begin Scanning a Jira App
- Begin Scanning a Jira Data Center App
- Begin Scanning a Microsoft Azure Storage App
- Begin Scanning a Microsoft Exchange App
- Begin Scanning a Microsoft Teams App
- Begin Scanning Office 365 Apps
- Begin Scanning a Salesforce App
- Begin Scanning a ServiceNow App
- Begin Scanning a ShareFile App
- Begin Scanning a Slack Enterprise App
- Begin Scanning a Slack for Pro and Business App
- Begin Scanning a Workday App
- Begin Scanning a Zendesk App
- Begin Scanning a Zoom App
- Perform Actions on Sanctioned Apps
- API Throttling
- Configure Classification Labels
- Microsoft Labeling for Office 365
- Google Drive Labeling
- Configure Phishing Analysis
- Configure WildFire Analysis
- Fine-Tune Policy
-
- What is an Incident?
- Filter Incidents
- Configure Slack Notification Alerts on Data Security
- Security Controls Incident Details
- Track Down Threats with WildFire Report
- Customize the Incident Categories
- Close Incidents
- Download Assets for Incidents
- View Asset Snippets for Incidents
- Modify Incident Status
- Email Asset Owners
- Generate Reports on Data Security
- Integrate CIE with Data Security
- Search in Data Security
-
-
- View Usage Data for Unsanctioned SaaS Apps
- SaaS Visibility Application Attributes
- How SaaS Security Inline Determines an App's Risk Score
- Identify Risky Unsanctioned SaaS Apps and Users
- Generate the SaaS Security Report
- Filter Unsanctioned SaaS Apps
-
- SaaS Policy Rule Recommendations
- App-ID Cloud Engine
- Guidelines for SaaS Policy Rule Recommendations
- Apply Predefined SaaS Policy Rule Recommendations
- Create SaaS Policy Rule Recommendations
- Enable SaaS Policy Rule Recommendations
- Monitor SaaS Policy Rule Recommendations
- Delete SaaS Policy Rule Recommendations
- Modify Active SaaS Policy Rule Recommendations
- Manage Enforcement of Rule Recommendations on Strata Cloud Manager
- Manage Enforcement of Rule Recommendations on Panorama
- Tag Discovered SaaS Apps
- Apply Tag Recommendations to Sanctioned Apps
- Change Risk Score for Discovered SaaS Apps
- Troubleshoot Issues on SaaS Security Inline
-
-
- Onboarding Overview for Supported SaaS Apps
- Onboard an Aha.io App to SSPM
- Onboard an Alteryx Designer Cloud App to SSPM
- Onboard an Aptible App to SSPM
- Onboard an ArcGIS App to SSPM
- Onboard an Articulate Global App to SSPM
- Onboard an Atlassian App to SSPM
- Onboard a BambooHR App to SSPM
- Onboard a Basecamp App to SSPM
- Onboard a Bitbucket App to SSPM
- Onboard a Bito AI App to SSPM
- Onboard a BlueJeans App to SSPM
- Onboard a Box App to SSPM
- Onboard a Bright Security App to SSPM
- Onboard a Celonis App to SSPM
- Onboard a Cisco Meraki App to SSPM
- Onboard a Claude App to SSPM
- Onboard a ClickUp App to SSPM
- Onboard a Codeium App to SSPM
- Onboard a Cody App to SSPM
- Onboard a Confluence App to SSPM
- Onboard a Contentful App to SSPM
- Onboard a Convo App to SSPM
- Onboard a Couchbase App to SSPM
- Onboard a Coveo App to SSPM
- Onboard a Crowdin Enterprise App to SSPM
- Onboard a Customer.io App to SSPM
- Onboard a Databricks App to SSPM
- Onboard a Datadog App to SSPM
- Onboard a DocHub App to SSPM
- Onboard a DocuSign App to SSPM
- Onboard a Dropbox Business App to SSPM
- Onboard an Envoy App to SSPM
- Onboard an Expiration Reminder App to SSPM
- Onboard a Gainsight PX App to SSPM
- Onboard a GitHub Enterprise App to SSPM
- Onboard a GitLab App to SSPM
- Onboard a Google Analytics App to SSPM
- Onboard a Google Workspace App to SSPM
- Onboard a GoTo Meeting App to SSPM
- Onboard a Grammarly App to SSPM
- Onboard a Harness App to SSPM
- Onboard a Hellonext App to SSPM
- Onboard a Hugging Face App to SSPM
- Onboard an IDrive App to SSPM
- Onboard an Intercom App to SSPM
- Onboard a Jira App to SSPM
- Onboard a Kanbanize App to SSPM
- Onboard a Kanban Tool App to SSPM
- Onboard a Krisp App to SSPM
- Onboard a Kustomer App to SSPM
- Onboard a Lokalise App to SSPM
- Onboard a Microsoft 365 Copilot App to SSPM
- Onboard a Microsoft Azure AD App to SSPM
- Onboard a Microsoft Exchange App to SSPM
- Onboard a Microsoft OneDrive App to SSPM
- Onboard a Microsoft Outlook App to SSPM
- Onboard a Microsoft Power BI App to SSPM
- Onboard a Microsoft SharePoint App to SSPM
- Onboard a Microsoft Teams App to SSPM
- Onboard a Miro App to SSPM
- Onboard a monday.com App to SSPM
- Onboard a MongoDB Atlas App to SSPM
- Onboard a MuleSoft App to SSPM
- Onboard a Mural App to SSPM
- Onboard a Notta App to SSPM
- Onboard an Office 365 App to SSPM
- Onboard Office 365 Productivity Apps to SSPM
- Onboard an Okta App to SSPM
- Onboard an OpenAI App to SSPM
- Onboard a PagerDuty App to SSPM
- Onboard a Perplexity App to SSPM
- Onboard a Qodo App to SSPM
- Onboard a RingCentral App to SSPM
- Onboard a Salesforce App to SSPM
- Onboard an SAP Ariba App to SSPM
- Onboard a ServiceNow App to SSPM
- Onboard a Slack Enterprise App to SSPM
- Onboard a Snowflake App to SSPM
- Onboard a SparkPost App to SSPM
- Onboard a Tableau Cloud App to SSPM
- Onboard a Tabnine App to SSPM
- Onboard a Webex App to SSPM
- Onboard a Weights & Biases App to SSPM
- Onboard a Workday App to SSPM
- Onboard a Wrike App to SSPM
- Onboard a YouTrack App to SSPM
- Onboard a Zendesk App to SSPM
- Onboard a Zoom App to SSPM
- Onboarding an App Using Azure AD Credentials
- Onboarding an App Using Okta Credentials
- Register an Azure AD Client Application
- View the Health Status of Application Scans
- Delete SaaS Apps Managed by SSPM
-
-
-
- New Features Introduced in December 2024
- New Features Introduced in November 2024
- New Features Introduced in October 2024
- New Features Introduced in August 2024
- New Features Introduced in July 2024
- New Features Introduced in June 2024
- New Features Introduced in May 2024
- New Features Introduced in April 2024
- New Features Introduced in March 2024
- New Features Introduced in January 2024
-
- New Features Introduced in November 2023
- New Features Introduced in October 2023
- New Features Introduced in September 2023
- New Features Introduced in August 2023
- New Features Introduced in July 2023
- New Features Introduced in June 2023
- New Features Introduced in May 2023
- New Features Introduced in April 2023
- New Features Introduced in March 2023
- New Features Introduced in January 2023
-
- New Features Introduced in December 2021
- New Features Introduced in October 2021
- New Features Introduced in September 2021
- New Features Introduced in August 2021
- New Features Introduced in July 2021
- New Features Introduced in June 2021
- New Features Introduced in May 2021
- New Features Introduced in March 2021
- New Features Introduced in January 2021
What’s SaaS Security?
Learn about the advantages of SaaS Security over legacy CASBs.
| Where Can I Use This? | What Do I Need? |
|---|---|
|
Data Security, SaaS Security Posture Management, and Behavior
Threats:
SaaS Security Inline:
|
One of the following SaaS Security licenses:
Or any of the following licenses that include one of the SaaS Security licenses:
|
NG-CASB Standalone Web Interface Deprecation in November 2024
The standalone console for SaaS Security (accessible at
https://<tenant-name>.aperture.paloaltonetworks.com/) is being
retired as of 30 November 2024. SaaS Security is now available in the new,
unified Strata Cloud Manager platform.
Since April 2023, Strata Cloud Manager has been enhancing how you manage data
security, offering a centralized solution that simplifies your workflows. While you
might be accustomed to the functionality of the previous portal, transitioning to
Strata Cloud Manager brings several significant benefits. Refer to the customer
resources blog for detailed explanations and FAQs
related to this transition.
Security teams like yours are challenged with protecting the growing availability of
sanctioned and unsanctioned SaaS apps and maintaining compliance consistently in the
cloud while stopping threats to sensitive information, users, and resources.
SaaS Security is an integrated CASB (Cloud Access Security Broker) solution
that:
- Provides visibility and control over all your shadow IT risks.
- Secures SaaS apps from known and unknown cloud threats.
- Protects sensitive data and ensures compliance across all SaaS apps.
- Allows access to corporate apps only for legitimate users.
Use SaaS Security Inline to discover and manage risks posed by
unsanctioned SaaS apps while you rely on Data Security to scan
assets in the cloud space for at-rest detection, inspection, and remediation across all
user, folder, and file activity within sanctioned SaaS apps. SaaS Security Posture Management
(SSPM) helps detect and remediate misconfigured security settings in sanctioned SaaS
apps through continuous monitoring.
With SaaS Security—SaaS Security Inline,
Data Security, and SSPM combined—you have an integrated
CASB solution that offers better security outcomes without the complexity of third-party
integrations and the overhead and cost of managing the large number of vendors who exist
with legacy CASBs.
SaaS Security on Strata Cloud Manager
We are in the process of updating the SaaS Security Administrator’s Guide
to include information for new customers and those who are migrating to Strata Cloud Manager. Read the following information carefully to learn more about
the updated terms and feature availability in Strata Cloud Manager. We are updating
this section during this transition.
- SaaS Security API is now Data Security in the Strata Cloud Manager.
- SaaS Security Inline is now Discovered Apps in the Strata Cloud Manager.
- See Common Services for Subscription and add-ons, Tenant management, Identity and Access, and Device Association.
- Navigation in the Strata Cloud Manager is documented wherever applicable.
- We are updating images and screenshots as you migrate to Strata Cloud Manager.
What’s Data Security?
Learn about Data Security capabilities.
Data Security is a security solution that connects to your sanctioned SaaS app using the
SaaS app’s API. This API integration enables the service to discover and scan all assets
retroactively when you first connect the SaaS app. Data Security scans and
analyzes all your assets and applies policy to identify exposures, external
collaborators, risky user behavior, and sensitive documents and identifies the potential
risks associated with each asset.
Data Security also performs deep content inspection and protects both your historical
assets and new assets from malware, data exposure, and data exfiltration. As Data Security identifies incidents, you can assess them and define automated
actions to eliminate or close the incident. After the initial scan of your historical
assets, Data Security continuously monitors each SaaS app and applies policy
against new or modified assets for ongoing incident assessment and protection.
To provide visibility into the security challenges with data classification and governance,
security gaps owing to noncompliance, sharing or permission violations, and malware
propagation within the sanctioned cloud apps on your network, Data Security
focuses on the following key areas:
- Content Security—The content you store in each cloud app is an asset. Data Security provides visibility into your asset inventory to help you uncover accidental or malicious data exposure. Data Security discovers the assets residing in the cloud app, assesses the shared or exposed data within and outside your organization, and identifies the impact or risk to intellectual property and regulatory noncompliance. In addition to creating an incident and alerting the administrator, the service provides autoremediation capabilities, including the option to quarantine, change sharing, or notify the owner.
- User Activity Monitoring—Data Security uses a combination of tools including machine language learning, predefined and user-defined data patterns, security configuration controls, and access to event logs auditing user access and activity on each cloud app. With these tools, it builds context on sensitive data within your environment, identifies thresholds for expected and unexpected behavior, and uses this intelligence to log a violation or alert you to risky user behavior and possible data leaks from accidental or malicious user activity.
- Security Configuration Controls—Data Security provides policies allowing you to manage and restrict privileged user activity, email forwarding, and retention rules, and protects you from misconfigurations such as lack of storage volume encryption, lack of enforcement for securing keys, credentials, and multi-factor authentication. When any of these security issues occur, you can configure the service to generate an alert or log it as a policy violation.
- Third-Party App Integrations—Threats from third-party apps are serious because these apps have access to all or a large part of the data in the related cloud app. Protect your users and network from misconfigurations and known and unknown malware arising from these app integrations with a service that gives you the ability to approve, block, or restrict third-party app installation.
Data Security complements SaaS Security Inline capabilities to
provide an integrated CASB (Cloud Access Security Broker) solution.
What’s SaaS Security Inline?
Learn about SaaS Security Inline capabilities.
SaaS Security Inline natively integrates with your NGFW and Prisma Access tenants managed by Panorama or Strata Cloud Manager to provide granular
SaaS app visibility and control of unsanctioned SaaS apps through advanced analytics,
reporting, visualization, categorizations, and Security policy authoring so that you can
minimize data security risks to your organization. Employees inadvertently use SaaS apps
that violate compliance agreements or that carry risks that exceed your organization’s
tolerance. SaaS Security Inline discovers such risks so that you can understand
them and take action.
SaaS Security Inline provides easy deployment and inline policy enforcement. SaaS Security Inline leverages ACE (App-ID Cloud Engine) technology and SaaS policy rule recommendations to provide
greater and faster SaaS app discovery and a seamless SaaS security workflow between your
organization’s administrators for improved security posture.
SaaS Security Inline provides:
- Shadow IT discovery—Using ACE technology, automatically discovers new SaaS apps to keep pace with the new and emerging SaaS apps. SaaS Security Inline identifies over 71,000 SaaS apps using machine-learning algorithms to achieve a high-level of accuracy and speed.Definition of a SaaS App: For the purpose of discovery, we define a SaaS app as any app delivered as a service over the internet. The app should have the capability to upload, download, or share content. Additionally, the app might have the following capabilities and characteristics:
- The ability to be delivered and managed remotely
- Features such as session login and data transfer
- Pricing or subscription pages
- Shadow IT control—Enables you to author SaaS policy rule recommendations based on a combination of apps, users and groups, categories, activities, device posture (personal vs. corporate) and Enterprise Data Loss Prevention (E-DLP) data profiles and collaborate with your firewall administrator on SaaS security policy rules to control intentional and unintentional risky SaaS apps and user activity, allowing access to corporate SaaS apps only for the legitimate users.
- Shadow IT visibility and reporting—Delivers an up-to-date combined view of both
unsanctioned and sanctioned SaaS app usage across categories and subcategories, including
Content Marketing, Collaboration & Productivity, and ERP:
- Risk assessment—Exposes risky SaaS apps that are being used in your app ecosystem. The risk score is between 1 (low risk) and 5 (high risk) and is based on over 55 attributes. To calculate the risk score, SaaS Security Inline considers the following types of attributes:
- Compliance attributes, including COPPA, CJIS, and GDPR
- Security and privacy attributes, including support for encryption at rest, encryption in transit, and HTTP security headers
- Identity access management attributes, including support for multi-factor authentication (MFA) and role-based access control (RBAC)
You can generate a SaaS Security Report to help you assess risks posed by unsanctioned SaaS apps. The SaaS Security Report summarizes the most risky SaaS apps in your network. After processing completes, the report is automatically emailed to you as a PDF attachment.Risk score customizing tools to enable you to manually change the risk score for individual SaaS apps without changing the underlying calculation method, or adjust the weights for the underlying attributes and allow SaaS Security Inline to recalculate and apply the risk score automatically. - Risk categorization—Identifies safer alternatives to risky SaaS apps with advanced filters with drill-down views for granularity to locate the SaaS app that meets your organization’s risk tolerance; NPS score metric to assess customer satisfaction with SaaS apps; and tagging, both custom and default, to differentiate sanctioned SaaS apps from unsanctioned SaaS apps that are being used by employees in your organization for efficient monitoring and policy enforcement.
SaaS Security Inline complements Data Security
capabilities to provide an integrated CASB (Cloud Access Security Broker)
solution.
What’s SaaS Security Posture Management (SSPM)?
Learn about the benefits of SaaS Security Posture Management.
SaaS Security Posture Management (SSPM) helps detect and remediate misconfigured settings in
sanctioned SaaS apps through continuous monitoring. SSPM provides:
- Detection of Misconfigurations—Finds misconfigurations using built-in best practices, categorizes misconfigurations by severity to help you prioritize risks.
- Comprehensive and effortless remediation—Provides misconfiguration alerts and the ability to remediate issues quickly across apps with one click of a button or manually using straightforward instructions. Enables you to lock a configuration so that the setting does not become a misconfiguration in the future.
Learn More About SSPM
Our website includes a variety of resources that describe SSPM and how it can help
you secure your sanctioned SaaS apps. A short video overview of SSPM is also available on our
YouTube channel.
- Our Cyberpedia article What Is SaaS Security Posture Management? describes what an SSPM tool is and how it provides ancillary support to a cloud access security broker (CASB).
- Our SSPM product page contains links to product briefs, webinars, and videos.
- The following blog posts from the Palo Alto Networks product team give
individual perspectives on SSPM and its benefits.
- Next-Gen CASB with SSPM Secures the SaaS Apps Business Runs On by Lee Klarich, Chief Product Officer.
- 3 Reasons Why SSPM is Expanding the Boundaries for Next Generation CASB by Taylor Ettema, VP of Product Management.
- Preventing SaaS App Misconfigurations with SSPM, by Nico Filip-Sanchez, Product Manager.
What's Behavior Threats?
The Behavior Threats feature uses a machine-learning model and user history to detect
potential threats based on anomalous user behavior.
The Behavior Threats feature of SaaS Security helps you identify
potential threats to your organization from compromised accounts, malicious insiders,
and data breaches. Specifically, Behavior Threats examines how your organization’s users
are interacting with sanctioned SaaS apps to identify suspicious user activities that
might indicate attempts to steal or corrupt data.
Behavior Threats obtains information about user activities from the Data Security
component of SaaS Security, and examines the data to identify suspicious user
activities. Suspicious user activities include actions such as a user uploading or
downloading a large number of files within a short period of time, or a user logging on
to a SaaS app outside of their normal working hours.
Because every organization is different, we designed Behavior Threats to tailor itself to
your particular organization. Behavior Threats uses machine learning to analyze and
model user behavior in your organization. Behavior Threats provides a set of policies rules for detecting suspicious user
actions, but these policies are not based on predefined or manually
configured thresholds. Instead, these policies compare new user actions against past
actions to detect unusual activities. The policies are enabled by default, so no
configuration is necessary. All you require is a tenant with Data Security and
theCloud Identity Engine.
Depending on when you first activated and configured Data Security, up to 90 days of
historical user data is available to Behavior Threats. Behavior Threats examines this
historical user data to determine a baseline for each user in your organization. This
baseline is derived from the user’s past actions and also from the actions of other
users in your organization. Using data-driven machine learning models, Behavior Threats
assigns a risk score to each user based on anomalous behavior.
Behavior Threats displays the most anomalous user actions as threat incidents, and
assigns a Severity level to each threat incident. Behavior Threats is designed to
minimize the number of false positives by only reporting a very small percentage of user
actions as threat incidents.
Each day, Behavior Threats collects data on the most recent user actions to identify the
most risky users and new threats. Behavior Threats also uses this new data to
recalculate user baselines.
The Behavior Threats page on Strata Cloud Manager displays the threat incidents and
risky users. From this page, you can complete the following tasks:
- View the top 3 most risky users.
- View a list of all users organized by user risk score, and navigate to details about a particular user, including a list of the threat incidents associated with the user.
- Put users on a watchlist, so you can monitor future user activities. You can filter the list of all users to view only the users who are on the watchlist.
- View a list of the policy rules that Behavior Threats applies to user activities to identify threat incidents. All policies are enabled by default, but you can disable policy rules.
- View a list of all threat incidents. The list includes up to 90 days of incidents.