New Features Introduced in December 2024

SaaS Security Posture Management (SSPM) includes an Identity Security component to help you identify risks in your identity posture. Now, the Identity Security component gives you visibility into Office 365 account risks for human and non-human accounts. Human accounts are accounts that are associated with an individual who accesses Office 365 through a web interface with ID and password credentials. Nonhuman accounts are typically services that authenticate to an Office 365 API by using a token or an API key.

By connecting to your Office 365 instance, the Identity Security component helps you identify the following account risks so you can take action:

• Human accounts that have not been accessed for a specified period.
• Accounts that have not had their credentials rotated for a specified period.
• Human accounts that have excessive permissions.
• Guest accounts, which can represent a risk if their access is not properly restricted.

By connecting to your identity provider, the Identity Security component also helps you identity local Office 365 accounts, which are accounts that were not created through your identity provider.

SaaS Security Posture Management (SSPM) now gives you greater visibility and control over the third-party plugins that are connected to marketplace apps, such as Google Workspace and Salesforce. By navigating to the new 3rd Party Plugins page in SSPM (Posture Security 3rd Party Plugins) you can now examine all third-party plugins from this one location. The 3rd Party Plugins page displays information for the following marketplace apps:

The 3rd Party Plugins page displays a variety of details about the third-party plugins. You can view each plugin's severity, which is based on the access scopes that users granted to the plugin, and a risk score. The risk score is between 1 (low risk) and 5 (high risk) and is calculated from over 55 application attributes including compliance attributes, security and privacy attributes, and identity access management attributes. By examining a plugin's severity and risk score, you can quickly identify the riskiest plugins. For each plugin, you can navigate to more details, such as the exact scopes that it can access. Depending on the marketplace app, you can view the users who have installed the plugin.

Because the recent and rapid proliferation of generative artificial intelligence (GenAI) apps has introduced new vulnerabilities for data leakage or deliberate attacks, the 3rd Party Plugins page also highlights GenAI apps. You can view the total number of GenAI plugins that were accessed, and apply a built-in filter to show the GenAI plugins that have not been reviewed. For GenAI apps, the risk score calculation also considers attributes unique to GenAI apps and gives extra weight to these attributes.

Based on plugin information on the 3rd Party Plugins page and the plugin details page, you can decide whether you want to allow a third-party plugin in your environment. Depending on the level of permission that SSPM has to the marketplace app, and on the capabilities that the marketplace app's API provides, you can revoke user access to a third-party plugin directly from SSPM. When this is not possible, you can go to the SaaS app's administration console to revoke a plugin's access. If you linked SSPM to an issue tracking system, you can create a ticket to revoke user access and assign it to an administrator of the marketplace app.