Our State of SaaS Security 2024 Report Covers the Bold Moves Required to Secure SaaS in 2024 and Beyond. Get Your Copy!
Solutions
Solutions By Use Case
Posture Management
Improve SaaS security posture
Data Exposure Management
Reduce SaaS attack surface
App Discovery & Governance
Discover & manage all apps
Shadow App Discovery
Identify unauthorized SaaS apps
Identity & Access Governance
Ensure appropriate access
Generative AI Discovery
Visibility into connected GenAI apps
Threat Detection & Response
Prioritize alerts of threats
Integrations
Integrations By App
All Supported Applications
Connect Reco to your SaaS apps
ServiceNow
Prevent unauthorized access
Salesforce
Protect your business-critical data
Workday
Secure employee data
Microsoft 365
Securely create & collaborate
Slack
Ensure authorized user access
Google Workspace
Identify content at risk of exposure
Okta
Monitor access & unusual activity
Resources
Resources
Blog
Thoughts from our experts
Learn
Self-service security education
IT Hub
The go-to hub for IT security
Customer Stories
How Reco helped customers
Webinars
On demand video content
SSPM Market Insight Report
Analysis of SaaS security market
The State of SaaS Security Report
Essential insights for your SaaS program
CISO Guide to SaaS Security
Guidelines for SaaS security program
CISO Guide for Financial Services
SaaS security guidelines for finserv
CISO Guide for Healthcare
SaaS security guidelines for healthcare
CISO Guide for Salesforce
SaaS security guidelines for Salesforce
CISO Guide for Microsoft
SaaS security guidelines for Microsoft
CISO Guide to AI Security
SaaS security guidelines for AI
Featured Articles
The State of SaaS Security 2024
November 1, 2024
Reco Surpasses 120 SaaS Application Integrations, Setting a New Standard for SaaS Security
October 20, 2024
Reco Security Labs: How Zendesk Left a Backdoor Open
October 21, 2024
Company
Company
About Reco
Identity-centric SaaS security
Careers
Hiring
View our open positions
Newsroom
Latest Reco updates & news
Contact Us
Connect with a SaaS security expert
Contact
Schedule a meeting
Get in touch
Email us
info@reco.ai
Twitter
LinkedIn
Partners
Request a demo
Reco Blog
Find the latest news on SaaS data breaches and cyber attacks, security innovations and insights from Reco's thought leaders.
Featured
Reco Security Labs: How Zendesk Left a Backdoor Open
Learn how Zendesk vulnerability allowed unauthorized access through email manipulation. Discover how the flaw was discovered and how to stay safe with Reco.
Dvir Sasson
October 21, 2024
5 min read
All
SaaS Security
SSPM
Cyber Attack
Cyber Attack
5 min read
Reco Security Labs: How Zendesk Left a Backdoor Open
Dvir Sasson
October 21, 2024
An ethical hacker exposed a security flaw in Zendesk’s systems. This exploit allows anyone to impersonate a Zendesk agent, and gain access to connected platforms (such as Slack) with two emails. The flaw also enabled access to private Slack channels. The ethical hacker found a significant weakness in Zendesk that let anyone view customer service tickets from any business that used the platform. All they needed to do was to send a carefully worded email to a Zendesk-managed support email.
SaaS Security
5 min read
Forbes Tech Council: Most Companies Underestimate their SaaS Exposure—Don't Be One of Them
Ofer Klein
October 9, 2024
Read our latest thought leadership piece for Forbes Technology Council on the importance of knowing your data exposure. Reco CEO & Cofounder Ofer Klein shares ways to prevent this risk and help organizations stay ahead of regulators and bad actors by gaining visibility into all connected SaaS apps and avoiding giving apps permissions when prompted.
SaaS Security
5 mins
Ghost Logins in Zapier: The Hidden Risk in Automation Platforms
Dr. Tal Shapira
September 26, 2024
Regular password changes and secure authentication methods are not enough to protect SaaS applications. Hackers can bypass these defenses without needing your password using ghost logins. This blog post by Reco covers how cyber attackers exploit ghost logins in platforms like Zapier using connected apps like Dropbox to maintain unauthorized access without detection.
SSPM
5 min
How Reco Leverages Advanced Analytics to Detect Sophisticated SaaS Threats
Nir Barak
September 10, 2024
Sophisticated cyber threats demand a new perspective—one that centers around the behavior of identities across the entire SaaS ecosystem. At Reco, we've developed an advanced analytics platform that leverages ClickHouse to detect and respond to threats like impossible travel, while reducing false positives and adapting to emerging attack vectors.
Cyber Attack
7 min
5 Takeaways from Darknet Diaries – Explaining the Intricate Web of SaaS Security
Andrea Bailiff-Gush
August 27, 2024
Darknet Diaries podcast provides true stories of hacking, cybercrime, and the dark web. A recent episode delves into how easily SaaS applications can be compromised, using dubstep music to highlight security vulnerabilities. This episode underscores the importance of SaaS security to protect against increasingly sophisticated web-based threats. We provide our top takeaways.
SaaS Security
7 mins
Why Attackers Love Your SaaS
Darwin Salazar
July 8, 2024
Explore a few widely used SaaS apps that fall outside what is normally characterized as a ‘crown jewel’ app, how attackers normally gain access to them, and perform reconnaissance to launch the next phases of their attack. We provide best practices that could help prevent these risks and limit the blast radius.
SaaS Security
7 mins
Forbes Tech Council - Zero Trust For SaaS Security: How To Get Started
Ofer Klein
June 18, 2024
Read our latest thought leadership piece for Forbes Technology Council on zero trust and how it is critical for enterprises to secure their SaaS environment. Reco CEO & Cofounder Ofer Klein shares how in order for a zero-trust framework to be effective, organizations, first and foremost, must be aware of all of the applications that exist in their SaaS environment.
SaaS Security
7 mins
Microsoft Copilot Privacy Concerns: Is Your Data Safe?
Dvir Sasson
June 12, 2024
Explore Microsoft Copilot privacy concerns. Learn how Copilot manages user data, complies with regulations, and ensures data protection through encryption and pseudonymization. Find out how Microsoft aims to address evolving privacy challenges, maintaining user trust and data security.
SaaS Security
6 mins
The Security Risks of Microsoft 365 Copilot
Dvir Sasson
June 11, 2024
Learn about the security risk connected with Microsoft 365 Copilot to avoid data leakage or unauthorized access while boosting productivity via AI-driven automation. Explore the best practices and strategies for secure Microsoft 365 Copilot deployment in our article.
Cyber Attack
5 min
What We Can Learn from the Snowflake Breach
Merritt Baer
June 6, 2024
Learn about the chain of events behind the recent Snowflake data breach from the perspective of a CISO, and gain step-by-step guidance from Reco on how you can secure your SaaS applications including Snowflake proactively.
Other
7 mins
Reco Security Labs: OpenAI Leaks Cloud Storage
Dvir Sasson
May 23, 2024
OpenAI recently released a connector in ChatGPT that requires access to shared drives where personal and organizational environments are located. Preventing potential data exposure is crucial. Learn our recommendations to prevent threat surface from widening.
SaaS Security
5 mins
Microsoft 365 Security Best Practices for 2024: Essential Guide
Gal Nakash
May 20, 2024
Explore key pillars of Microsoft 365’s security infrastructure and learn about 21 best practices for securing Microsoft 365. Find out which activities to monitor and how to protect your organization’s data and minimize exposure risk across different devices and applications.
SaaS Security
6 mins
Comparing SaaS Copilots for Enterprise: GenAI Security Risks
Gal Nakash
May 16, 2024
AI-powered assistants, known as Copilots, are becoming more and more popular as they automate routine activities and provide useful insights. However, they also introduce security challenges, such as data leaks and privacy breaches. Ensuring their security is crucial, particularly with laws like GDPR and CCPA. This article explores how various SaaS Copilots handle security, helping businesses understand how to safely integrate these tools into their operations.
Cyber Attack
5 min
Verizon 2024 DBIR: Three Takeaways for SaaS Security
Andrea Bailiff-Gush
May 13, 2024
Learn our key takeaways for SaaS security from Verizon’s 2024 Data Breach Investigations Report (DBIR). This annual report provides an in-depth analysis of breaches from organizations of all sizes and industries, giving insights into trends and changes in the threat and security landscapes.
SSPM
7 mins
Forbes Tech Council: The Importance Of SaaS Security Posture Management
Ofer Klein
May 1, 2024
Read our latest thought leadership piece for Forbes Technology Council on the importance of SaaS Security Posture Management. Reco CEO & Cofounder Ofer Klein shares how by focusing on the unique security issues of SaaS alone, SSPM solutions help organizations stay ahead of regulators and bad actors.
SaaS Security
5 min
Microsoft Copilot Pricing: Plans, Hidden Costs & Management Tips
Gal Nakash
May 1, 2024
Microsoft Copilot is transforming the way businesses interact with data and applications through its integration with Microsoft 365, offering a range of tools powered by advanced AI. Getting full visibility on the cost of using Microsoft Copilot is essential, as there can be unexpected charges beyond the basic price.
SaaS Security
6 mins
Evaluating Security Tools with LLM Capabilities
Gal Nakash
April 30, 2024
From antivirus basics to AI-driven solutions, cybersecurity tools have evolved to address increasingly complex threats. Advances in AI, especially Large Language Models (LLMs), have significantly enhanced threat detection and incident response, enabling better protection of digital assets. Explore the list of security tools with LLM capabilities.
SaaS Security
5 min
UiPath Leverages Reco for Data Exposure Management and Automation
Andrea Bailiff-Gush
April 25, 2024
Global software automation leader UiPath simplified SaaS data exposure and access management by sending alerts to Microsoft Sentinel of publicly exposed data located in shared Drives with the help of Reco.
SaaS Security
5 mins
How to Prepare Your Business for Microsoft Copilot
Dr. Tal Shapira
April 22, 2024
Learn how to prepare your business for Microsoft Copilot. Discover Copilot’s functionalities and capabilities but also its potential risks and challenges. Learn about the advantages of using Microsoft Copilot for your business and follow the best practices for secure deployment.
SSPM
5 mins
Navigating the New Frontier of AI Governance: Insights from Digital World Conference Summit
Dr. Tal Shapira
April 18, 2024
Organizations are looking to generative AI (GenAI) governance as the technology's risks and opportunities continue to emerge. Learn from the world's leading AI experts about security industry priorities around AI safety and governance in our recap of the Digital World Conference Summit.
SaaS Security
6 mins
Microsoft Copilot for Security: Everything You Need to Know
Gal Nakash
April 8, 2024
Microsoft Copilot for Security is an AI-driven platform enhancing cybersecurity across organizations by automating threat detection, analysis, and response, and ensuring data privacy and compliance with advanced encryption and strict regulations. Learn how Microsoft Copilot handles data and discover the best practices for its implementation.
SaaS Security
5 mins
Are You Ready for Microsoft Copilot?
Dvir Sasson
April 2, 2024
Learn about Microsoft Copilot, an AI chatbot launched earlier this year and its insecurities including potential data leakage from account takeover. Gain an understanding of how easy it is for a threat actor to gain elevated access to organizational data from executing a simple GenAI prompt in Copilot, and learn best practices to secure your Copilot instance.
SaaS Security
5 mins
Introducing the SaaS App Factory™: Secure Any SaaS Application
Gal Nakash
March 26, 2024
Learn about the SaaS App Factory from Reco, which extends SaaS security expertise, insights, and continuous monitoring from Reco to any SaaS application. Enterprises can implement a common security framework to ensure universal coverage of all SaaS applications in their tech stack.
SaaS Security
4 mins
Why SaaS Security Is No Longer an Option
Andrea Bailiff-Gush
March 20, 2024
Reco CEO and Cofounder Ofer Klein sat down with Chief Digital Evangelist of eViRa Health, Evan Kirstel as part of the podcast What's Up in Tech? to discuss the cybersecurity landscape, the explosion in adoption of SaaS applications, and why SaaS security is no longer an option.
SaaS Security
5 mins
Cybersecurity National Strategy: One Year Later
Andrea Bailiff-Gush
February 28, 2024
Hear from SaaS security experts on the effectiveness of the National Cybersecurity Strategy to help organizations secure their SaaS applications as we approach the one-year anniversary.
Cyber Attack
9 mins
Securing Microsoft After the Midnight Blizzard Attack
Oz Wasserman
February 14, 2024
Gain an understanding of the recent Midnight Blizzard cyber attack: how the threat actors were successful, techniques used, and actionable recommendations to protect your Microsoft environment.
Cyber Attack
7 mins
A Hacker’s Guide to a SaaS Application Breach
Gal Nakash
January 31, 2024
Our SaaS security experts use the cyber kill chain to walk through the phases of a SaaS application cyberattack, told from the perspective of a threat actor.
SaaS Security
5 mins
Automate SaaS Security & Data Exposure Risk with Palo Alto Networks & Reco
Gal Nakash
January 17, 2024
Discover how to leverage Reco AI with Cortex XSOAR for automated SaaS security. Streamline threat detection, automate remediation workflows, and fortify your organization's security posture.
SSPM
5 min
Zero Trust in the Cloud: Why Total Context Matters
Dr. Chase Cunningham
January 2, 2024
Learn about the importance of Zero Trust and SaaS security for continuous verification of identities, strict access control, and total context across infrastructure.
SaaS Security
5 mins
5 Key Takeaways on Hacking the SaaS Security Journey
Andrea Bailiff-Gush
December 20, 2023
Reco joins CISO Series, Super Cyber Friday to discuss hacking the SaaS security journey, the evolution of SaaS and security priorities, and the best methods for aligning SaaS security with business goals.
Company News
3 mins
Reco Is Changing the Game of SaaS Security with Its Identity-First Approach to SaaS Security Posture Management
Andrea Bailiff-Gush
December 12, 2023
Connecting in Minutes, Reco Discovers Every App, Its Users, and Actions to Seamlessly Prioritize and Control the Risks in the SaaS Ecosystem
Awards
3 mins
Reco Earns Spot on the Intellyx 2023 Digital Innovator List
Andrea Bailiff-Gush
December 7, 2023
Intellyx, an industry analyst firm, named Reco to its 2023 Digital Innovator list. This annual list recognizes fast-rising technology companies committed to delivering enterprise digital transformation.
Blog
5 mins
Navigating the Risks of Generative AI in SaaS Platforms
Gal Nakash
November 28, 2023
While GenAI provides efficiency at scale, it also poses risks that Security leaders can't ignore. Learn about the most common security risks associated with GenAI integrations and tactics to protect your data.
SaaS Security
7 mins
Microsoft 365 and Azure AD: Addressing Misconfigurations and Assessing Risks
Gal Nakash
November 15, 2023
Learn about a real-world use case involving the Reco SaaS Threat Detection module and its revelation of a common threat within Office 365: disabled users retaining access to company data,
SSPM
4 mins
Securing Your Okta Environment After the HAR Breach: How SSPM Can Help
Gal Nakash
November 8, 2023
Learn about the recent cyberattack on Okta that led to the theft of HAR files from their customer support system. Reco shares how SaaS security (SSPM) solutions can be used to prevent techniques used in the Okta attack, detect session hijacking, and protect valuable data.
Cyber Attack
3 mins
MOVEit Exploit & Ransomware Attack: Why SaaS Security Is Critical During a Cyberattack
Gal Nakash
November 1, 2023
Learn about the recent exploit and ransomware attack with MOVEit. Reco shares how their SaaS security (SSPM) solution can be used to prevent techniques used by Clop to infiltrate data, exfiltrate data, and encrypt data.
Cyber Attack
5 mins
A Closer Look at the Hacking Techniques Used by the Lapsus$ Data Extortion Group
Gal Nakash
October 10, 2023
Learn about Lapsus$, a data extortion group and their recent cyberattacks against Okta, Uber, and Microsoft. Reco shares how their SaaS security (SSPM) solution can be used to prevent techniques used by Lapsus$ including privilege escalation, and user execution.
SaaS Security
4 mins
Configuration Management Isn’t Enough: The Crucial Role of Event Monitoring in SaaS Security
Gal Nakash
October 4, 2023
Learn how a misconfigured SaaS token in Microsoft led to 38TB of data being exposed, and how to prevent misconfigurations using configuration management and event monitoring.
SaaS Security
3 mins
SECtember AI Think Tank Reflections: Shaping the Future of AI Security & Governance
Tal Shapira
September 28, 2023
Reco CTO and Cofounder Tal Shapira shares insights on the transformative power of GenAI and its implications on cybersecurity from the SECtember AI Think Tank Day. Learn how AI innovators and experts came together to discuss the industry priorities for AI research and soft launch the Cloud Security Alliance’s AI Safety Initiative.
Cyber Attack
4 mins
The MGM Resorts Cyber Attack: How Attackers Gained Highly Privileged Access Through Social Engineering
Gal Nakash
September 21, 2023
Learn how SaaS super admins targeted Okta in a social engineering campaign, and how to keep your Okta tenant and highly privileged SaaS accounts secure using Reco’s AI-driven approach and comprehensive mapping of data, apps, and identities.
SaaS Security
5 mins
9 Benefits of Multi-Factor Authentication (MFA) for SaaS App Security
Gal Nakash
September 8, 2023
Discover the benefits of Multi-Factor Authentication (MFA) for SaaS app security, and learn how MFA enhances protection against cyber threats and improves compliance.
SSPM
10 mins
Video: Salesforce Risks and How to Secure the Wild West of the Modern Enterprise
Andrea Bailiff-Gush
August 23, 2023
See how organizations are underestimating the extent of their SaaS attack surface risk due to a lack of unified risk visibility.
SaaS Security
3 mins
Reimagining Contextualized SaaS Security with Generative AI
Dr.Tal Shapira
July 12, 2023
Learn how Reco is transforming application governance and tackling the challenges of shadow applications using Generative AI. By leveraging Large Language Models and Google search, Reco's unique 'application consolidation' process brings clarity to complex landscapes, enhances app governance, and shadow app discovery. Join us on the forefront of security innovation with Reco.
SaaS Security
2 min read
Empowering Cloud Security with the Combined Strength of Wiz & Reco
Gal Nakash
June 9, 2023
Reco and Wiz have joined forces to create a comprehensive cloud security solution. Reco's contextual AI enhances Wiz's understanding of user privileges and activity in SaaS applications, while Wiz helps Reco users track and protect cloud assets. This collaboration ensures complete visibility, control, and protection across SaaS and cloud environments.
SaaS Security
3 min read
Take Action on Your SaaS Security with Torq and Reco
Gal Nakash
June 7, 2023
The partnership of Reco and Torq offers a powerful data protection and workflow automation solution for businesses utilizing SaaS applications. Reco identifies and flags sensitive data across platforms, providing insight into potential exposure risks. Meanwhile, Torq's hyperautomation ensures automatic risk remediation. Together, they have yielded an impressive 80%-90% reduction in exposure risk for their customers. By leveraging Reco's data insights and Torq's automation capabilities, businesses can secure their data, streamline workflows, and focus on their core operations.
SaaS Security
3 min read
Confronting The Triad of Shadow Identities, Applications, and Data
Gal Nakash
May 31, 2023
Shadow threats—Shadow Identities, Shadow Applications, and Shadow Data—pose risks to organizational security, compliance, and efficiency. To address these threats, organizations must adopt a comprehensive strategy supported by AI-powered SaaS security solutions. A whole systems security approach driven by AI offers scalability, visibility, detection and remediation. Leveraging context analysis solutions enables organizations to safeguard information assets, improve operational efficiency, and foster secure collaboration.
SaaS Security
4 min read
Cresta Leverages Reco to Prevent Data Exposure
Oz Wasserman
May 24, 2023
Discover how Reco’s AI-driven approach and comprehensive mapping of data, apps, and identities perfectly aligned with the needs of our customer, Cresta. By going beyond security posture, Reco enabled proactive detection and response to sensitive data exposure and leakage.
SaaS Security
4 min read
Empowering SolarEdge's Security & Productivity
Oz Wasserman
May 24, 2023
Reco has empowered SolarEdge to enhance their SaaS security and productivity exponentially. By providing comprehensive visibility, reducing false positives, and streamlining the protection of sensitive data, Reco has proven instrumental in SolarEdge's pursuit of securing their intellectual property, maintaining data privacy, and achieving operational excellence.
Cyber Attack
3 min read
Data Security: Life Saving, Life Supporting and Life Advancing
Gal Nakash
May 22, 2023
The impacts of data leaks not only result in the loss of critical medicines that save lives and put operators in danger, but also cause disruptions to essential systems, such as food, water, electricity, heat, and the monetary system, with significant impacts on the economy. Furthermore, they can have severe consequences for education, collaboration, the environment, and other vital aspects of modern life. In the realm of cybersecurity, cybercriminals, hackers, and ransomware gangs can do more than just damage businesses - they can destroy lives on a grand scale.
SSPM
4 min read
Protecting Sensitive Data & Maintaining Governance In The Age of Generative AI
Gal Nakash
May 10, 2023
As a security professional, one of our key responsibilities is to implement cybersecurity solutions, policies and governance that establish guidelines and procedures for handling sensitive data. Policies and governance should empower your users with confidence in their security, rather than limiting their use of powerful Generative AI applications like ChatGPT.
SaaS Security
4 min read
The Silent Enemy: Understanding & Combating Burnout In Cybersecurity
Gal Nakash
May 10, 2023
The role of cybersecurity professionals is a highly demanding one. CISOs, CIOs, CSOs, Security analysts, Compliance Officers, and many others are responsible for safeguarding sensitive information and critical systems from cyber threats such as hackers, hacktivists, and even nation-states.
SSPM
4 min read
The Future of SaaS Security is Here: Intelligent SSPM to Safeguard Your Sensitive Data
Gal Nakash
May 10, 2023
The convenience of using SaaS-based storage services like Google Drive has revolutionized the way we store and share files. However, with this convenience comes the risk of inadvertently exposing sensitive information to the public. For example, if someone shares a file or folder with the wrong person or forgets to restrict access to sensitive information, it could end up being publicly accessible.
SSPM
4 min read
SSPM: A Partial Solution to Protecting Data in the Era of SaaS Collaboration
Yael Yair Cohen
May 10, 2023
The explosion in SaaS collaboration tools adoption such as Slack, Microsoft 365 or Google Workspace, GitHub, has forced significant changes in how organizations operate, leading to on-going digital transformations. Traditional data security protocols and solutions are rigid, relying entirely on one-dimensional rules that don’t take into account the vast reams of unstructured data flowing to both internal and external users.
SaaS Security
4 min read
From Conflict to Collaboration: Balancing Business Agility, Productivity, and Security with AI and Organizational Context
Tal Shapira
May 10, 2023
A recent article, “Negotiating With Internal Security Teams,” addressed the frustrations tech teams face when collaborating with their internal security counterparts. To overcome these challenges and achieve a balance between employee productivity and information security, organizations must adopt a business-context-based security approach.
SaaS Security
4 min read
Cloudy With a Chance of Intrusion: Overcoming Data Security Hurdles Across SaaS Applications
Gal Nakash
May 10, 2023
Securing data is crucial in cloud computing and across any SaaS application, as the data stored within these platforms are often sensitive and valuable. It is imperative that all parties involved, including SaaS providers, businesses, and their security teams, take responsibility for safeguarding these applications and their data.
SaaS Security
4 min read
Protecting Your SaaS Data When Employees Leave
Andrea Bailiff-Gush
May 10, 2023
A key challenge around SaaS data security is the risk of data loss when an employee leaves the organization. This is because when an employee leaves an organization, they may take sensitive data with them or cause damage to company data either intentionally or unintentionally.
SSPM
4 min read
Sensitive SaaS Data: Managing Access To IT
Andrea Bailiff-Gush
May 10, 2023
Canalys, a technology market analysis firm, estimated that more than 30 billion data records were stolen in 2020, more than in the previous 15 years combined and the FBI has reported that the number of cyberattacks is doubling. This trend is only going to grow in the years to come, so ensuring your data is protected by tackling where it is and who is accessing it is critical.
SaaS Security
4 min read
Real Life Challenges: Finding Your Sensitive SaaS Data
Andrea Bailiff-Gush
May 10, 2023
More than 80% of workers use collaboration tools, up 44% since the start of the pandemic. While this rapid increase has improved workplace efficiency, it's also opened organizations up to greater data security threats and headaches due to the massive amounts of sensitive data at play.
Cyber Attack
4 min read
Same Tricks, Different Methods – Phishing Via SaaS!
Oz Wasserman
May 10, 2023
Adversaries are crafting better messages, going through deeper investigations to craft more targeted attacks, and using phishing kits to spread these attacks across organizations. It would appear fraudsters and cybercriminals behind the various tactics to fool and deceive never rest and now are looking to exploit SaaS based tools.
SSPM
4 min read
Democratizing the Principle of Least Privilege in Collaboration Tools
Gal Nakash
May 10, 2023
Securing data in collaboration tools centers around understanding of the principle of least privilege across the organization. But the decentralized nature of collaboration tools challenges traditional privilege management, and a new solution is needed to democratize how privileges are assigned and abuses remediated.
SaaS Security
4 min read
Google’s Data Protection Insights for Drive: Great Idea, Poor Execution
Gal Nakash
May 10, 2023
We recently received a headline from Google: 46% of potentially sensitive files have been shared outside your organization. Part of Google’s data protection insights for Drive, this alert and indeed the report, and the entire initiative, is missing an important ingredient: Context.
SaaS Security
4 min read
Context Enables (Some) Automation in Security
Dr. Tal Shapira
May 10, 2023
Could security tasks really be automated? We argue yes, when context is added to the security workflow, remediation of simple tasks can absolutely be automated
SaaS Security
5 min read
Reco Visibility and Detection Reduces Employee Insider Threat – Before It Goes Too Far
Ofer Klein
May 10, 2023
Current ways of working, with remote working, and increased use of collaboration tools have increased the potential of employee insider threats. Reco’s collaboration security platform is designed to avoid situations where an employee uses anything from sanctioned work collaboration tools to shadow IT to leak sensitive work documents.
SaaS Security
4 min read
Figma Vulnerability: Slack Preview Gives Unauthorized View of Project Contents
Gal Nakash
May 10, 2023
A recently discovered vulnerability in the Figma integration in Slack potentially leaks information contained in Figma files to unauthorized users in the preview thumbnail. This vulnerability has been reported to Figma for them to manage. We are reporting our findings in accordance with the principles of responsible disclosure.
Cyber Attack
5 min read
How to Detect a GIFshell Attack: Step-by-Step Guide
Gal Nakash
May 10, 2023
Last month, security researcher Bobby Rauch published two blogs revealing a new vulnerability in Microsoft Teams. Known as GIFShell, the vulnerability utilizes seven different insecure design elements within Microsoft Teams to create the situation whereby an attacker can launch an exfiltration or malware attack against a victim – simply by sending them a GIF with embedded commands in a Teams chat.
SaaS Security
5 min read
Is Lucidchart Safe When Shared to Confluence?
Gal Nakash
May 10, 2023
When collaborating over multiple platforms, you need to secure all of them: integrations cause data and policies to shapeshift between platforms
PR
4 min read
We’re SOC 2 Compliant and Here’s Why It’s an Important Milestone
Gal Nakash
May 10, 2023
As a company who are developing a pioneering security tool designed to allow our customers to improve their security, it is important to us that we ensure that all our systems are as secure as they can be.
PR
4 min read
Reco Raises $30 Million to Enable Organizations to Secure their SaaS
Gal Nakhash
May 10, 2023
Reco emerged from stealth with the introduction of its Context-Based AI Platform that enables modern organizations to collaborate securely with their customers, vendors, and employees across major Collaboration Tools. The company also announced that it has raised $30 million to date. The A round was led by Zeev Ventures and Insight Partners, with participation from BoldStart, Angular Ventures, Jibe Ventures, CrewCapital, Cyber Club London and leading private investors.
SaaS Security
5 mins
Ghost Logins in Zapier: The Hidden Risk in Automation Platforms
Dr. Tal Shapira
September 26, 2024
Explore how Zapier's ghost logins pose hidden security risks, allowing unauthorized access to sensitive automation workflows.
SaaS Security
7 mins
Why Attackers Love Your SaaS
Darwin Salazar
July 8, 2024
SaaS apps are everywhere, yet security teams often overlook non-core apps, leaving them vulnerable. Learn how to secure all your apps effectively with Reco.
SaaS Security
7 mins
Forbes Tech Council - Zero Trust For SaaS Security: How To Get Started
Ofer Klein
June 18, 2024
Discover the importance of a Zero Trust framework for SaaS security. Protect your ecosystem with insights from Reco's CEO, Ofer Klein, via Forbes Tech Council.
SaaS Security
7 mins
Microsoft Copilot Privacy Concerns: Is Your Data Safe?
Dvir Sasson
June 12, 2024
Explore Microsoft Copilot privacy concerns: data protection, compliance, third-party access, incident management, user education, and future considerations.
SaaS Security
6 mins
The Security Risks of Microsoft 365 Copilot
Dvir Sasson
June 11, 2024
Explore data privacy concerns, permission issues, & mitigation strategies to secure your Microsoft 365 environment.
SaaS Security
5 mins
Microsoft 365 Security Best Practices for 2024: Essential Guide
Gal Nakash
May 20, 2024
Explore essential Microsoft 365 security best practices for 2024, including key pillars, compliance standards & monitoring strategies to protect your organization.
SaaS Security
6 mins
Comparing SaaS Copilots for Enterprise: GenAI Security Risks
Gal Nakash
May 16, 2024
Compare features, capabilities and security aspects of top SaaS Copilots like Microsoft, GitHub and Salesforce, and make an informed choice!
SaaS Security
6 mins
Evaluating Security Tools with LLM Capabilities
Gal Nakash
April 30, 2024
Explore the evolution of security tools, key players in LLM-enhanced security, challenges, and the future landscape in this insightful guide.
SaaS Security
5 min
UiPath Leverages Reco for Data Exposure Management and Automation
Andrea Bailiff-Gush
April 25, 2024
Discover how UiPath improved SaaS data exposure and access management by integrating Reco with Microsoft Sentinel to manage publicly exposed data.
SaaS Security
5 min
Microsoft Copilot Pricing: Plans, Hidden Costs & Management Tips
Gal Nakash
May 1, 2024
Learn about Microsoft Copilot pricing, uncover hidden costs and cost management tips. Understand the structure and manage costs effectively.
SaaS Security
5 mins
How to Prepare Your Business for Microsoft Copilot
Dr. Tal Shapira
April 22, 2024
Learn how to prepare your business for Microsoft Copilot with insights into its benefits, potential challenges and best security practices.
SaaS Security
6 mins
Microsoft Copilot for Security: Everything You Need to Know
Gal Nakash
April 8, 2024
Learn how Microsoft Copilot for Security handles data, ensures privacy, and enhances compliance. Explore its benefits, challenges, and best practices.
SaaS Security
5 mins
Are You Ready for Microsoft Copilot?
Dvir Sasson
April 2, 2024
Explore the security risks of Microsoft Copilot, including potential data leakage from account takeovers. Learn best practices to secure your Copilot instance.
SaaS Security
5 mins
Introducing the SaaS App Factory™: Secure Any SaaS Application
Gal Nakash
March 26, 2024
Learn about the SaaS App Factory from Reco, which extends SaaS security expertise, insights, and continuous monitoring from Reco to any SaaS application.This is a game changer for SaaS, allowing enterprises to implement a common security framework with a consistent set of policies to ensure universal coverage of all SaaS applications in their tech stack.
SaaS Security
4 mins
Why SaaS Security Is No Longer an Option
Andrea Bailiff-Gush
March 20, 2024
Reco CEO and Cofounder Ofer Klein sat down with Evan Kirstel to discuss the cybersecurity landscape, the explosion in adoption of SaaS applications, and why SaaS security is no longer an option.
SaaS Security
5 mins
Cybersecurity National Strategy: One Year Later
Andrea Bailiff-Gush
February 28, 2024
Hear from SaaS security experts on the effectiveness of the National Cybersecurity Strategy to help organizations secure their SaaS applications as we approach the one-year anniversary.
SaaS Security
5 mins
Automate SaaS Security & Data Exposure Risk with Palo Alto Networks & Reco
Gal Nakash
January 17, 2024
Discover how to leverage Reco AI with Cortex XSOAR for automated SaaS security. Streamline threat detection, automate remediation workflows, and fortify your organization's security posture.
SaaS Security
5 mins
5 Key Takeaways on Hacking the SaaS Security Journey
Andrea Bailiff-Gush
December 20, 2023
Reco joins CISO Series, Super Cyber Friday to discuss hacking the SaaS security journey, the evolution of SaaS and security priorities, and the best methods for aligning SaaS security with business goals.
SaaS Security
7 mins
Microsoft 365 and Azure AD: Addressing Misconfigurations and Assessing Risks
Gal Nakash
November 15, 2023
Learn how Reco's threat detection & response revealed a common threat in Office 365: disabled users retaining access to company data. Discover how to fix it.
SaaS Security
4 mins
Configuration Management Isn’t Enough: The Crucial Role of Event Monitoring in SaaS Security
Gal Nakash
October 4, 2023
Discover the impact of SaS token misconfiguration. Explore the advantages of event monitoring and learn how to prevent data leaks.
SaaS Security
3 mins
SECtember AI Think Tank Reflections: Shaping the Future of AI Security & Governance
Tal Shapira
September 28, 2023
Discover transformative insights on GenAI and cybersecurity from SECtember AI Think Tank Day. Join CTO Tal Shapira & experts discussing industry priorities.
SaaS Security
4 min read
Cresta Leverages Reco to Prevent Data Exposure
Oz Wasserman
May 24, 2023
Discover how Cresta significantly improved SaaS security using Reco's AI-driven solutions. Learn about Reco's proactive detection tool to prevent data exposure.
SaaS Security
5 mins
9 Benefits of Multi-Factor Authentication (MFA) for SaaS App Security
Gal Nakash
September 8, 2023
Discover the 9 benefits of Multi-Factor Authentication (MFA) for SaaS app security, and learn how it protects against risks and enhances overall SaaS security.
SaaS Security
3 mins
Reimagining Contextualized SaaS Security with Generative AI
Dr.Tal Shapira
July 12, 2023
Discover how Reco uses Generative AI to revolutionize app governance and tackle shadow applications. Learn about Reco's unique consolidation process and LLMs.
SaaS Security
2 min read
Empowering Cloud Security with the Combined Strength of Wiz & Reco
Gal Nakash
June 9, 2023
Explore Reco & Wiz's cloud security solution. Gain superior visibility, control, and protection across SaaS and cloud with advanced AI and security features.
SaaS Security
3 min read
Take Action on Your SaaS Security with Torq and Reco
Gal Nakash
June 7, 2023
Discover Reco and Torq's powerful partnership offering data protection and workflow automation for SaaS-based businesses that reduces exposure risk by 80%-90%.
SaaS Security
3 min read
Confronting The Triad of Shadow Identities, Applications, and Data
Gal Nakash
May 31, 2023
Discover strategies to address shadow IT challenges, including shadow identities, applications, and data. Learn how AI-powered SaaS security solutions can help.
SaaS Security
4 min read
Empowering SolarEdge's Security & Productivity
Oz Wasserman
May 24, 2023
See how Reco enhances SolarEdge's SaaS security and productivity. Gain insights on comprehensive visibility, data protection, and operational excellence.
SaaS Security
4 min read
The Silent Enemy: Understanding & Combating Burnout In Cybersecurity
Gal Nakash
May 10, 2023
Discover the causes and solutions for burnout among cybersecurity professionals. Learn how to protect sensitive information while maintaining mental health.
SaaS Security
4 min read
From Conflict to Collaboration: Balancing Business Agility, Productivity, and Security with AI and Organizational Context
Tal Shapira
May 10, 2023
A recent article, “Negotiating With Internal Security Teams,” addressed the frustrations tech teams face when collaborating with their internal security counterparts. To overcome these challenges and achieve a balance between employee productivity and information security, organizations must adopt a business-context-based security approach.
SaaS Security
4 min read
Cloudy With a Chance of Intrusion: Overcoming Data Security Hurdles Across SaaS Applications
Gal Nakash
May 10, 2023
Securing data is crucial in cloud computing and across any SaaS application, as the data stored within these platforms are often sensitive and valuable. It is imperative that all parties involved, including SaaS providers, businesses, and their security teams, take responsibility for safeguarding these applications and their data.
SaaS Security
4 min read
Protecting Your SaaS Data When Employees Leave
Andrea Bailiff-Gush
May 10, 2023
Learn how to protect SaaS data during employee departures. Address risks of data loss and ensure the security of information with effective strategies.
SaaS Security
4 min read
Real Life Challenges: Finding Your Sensitive SaaS Data
Andrea Bailiff-Gush
May 10, 2023
Explore the challenges of identifying sensitive SaaS data in the workplace. Learn how the rise of collaboration tools has increased the data security threats.
SaaS Security
4 min read
Google’s Data Protection Insights for Drive: Great Idea, Poor Execution
Gal Nakash
May 10, 2023
Learn about Google's data protection insights for Drive. Understand the challenges and risks of sharing sensitive files outside your organization.
SaaS Security
4 min read
Context Enables (Some) Automation in Security
Dr. Tal Shapira
May 10, 2023
Discover how adding context to security workflows can automate simple tasks. Learn the benefits of context-driven security automation.
SaaS Security
5 min read
Reco Visibility and Detection Reduces Employee Insider Threat – Before It Goes Too Far
Ofer Klein
May 10, 2023
Current ways of working, with remote working, and increased use of collaboration tools have increased the potential of employee insider threats. Reco’s collaboration security platform is designed to avoid situations where an employee uses anything from sanctioned work collaboration tools to shadow IT to leak sensitive work documents.
SaaS Security
4 min read
Figma Vulnerability: Slack Preview Gives Unauthorized View of Project Contents
Gal Nakash
May 10, 2023
Explore a vulnerability in Figma that potentially leaks information contained in Figma files to unauthorized users in the Slack preview thumbnail.
SaaS Security
5 min read
Is Lucidchart Safe When Shared to Confluence?
Gal Nakash
May 10, 2023
Learn about security vulnerabilities in Lucidchart when shared to Confluence. Discover why it's important to secure cross-platform collaboration.
SSPM
5 min
How Reco Leverages Advanced Analytics to Detect Sophisticated SaaS Threats
Nir Barak
September 10, 2024
Sophisticated cyber threats demand a new perspective—one that centers around the behavior of identities across the entire SaaS ecosystem. At Reco, we've developed an advanced analytics platform that leverages ClickHouse to detect and respond to threats like impossible travel, while reducing false positives and adapting to emerging attack vectors.
SSPM
7 mins
Forbes Tech Council: The Importance Of SaaS Security Posture Management
Ofer Klein
May 1, 2024
Read our latest thought leadership piece for Forbes Technology Council on the importance of SaaS Security Posture Management. Reco CEO & Cofounder Ofer Klein shares how by focusing on the unique security issues of SaaS alone, SSPM solutions help organizations stay ahead of regulators and bad actors.
SSPM
5 mins
Navigating the New Frontier of AI Governance: Insights from Digital World Conference Summit
Dr. Tal Shapira
April 18, 2024
Organizations are looking to generative AI (GenAI) governance as the technology's risks and opportunities continue to emerge. Learn from the world's leading AI experts about security industry priorities around AI safety and governance in our recap of the Digital World Conference Summit.
SSPM
5 min
Zero Trust in the Cloud: Why Total Context Matters
Dr. Chase Cunningham
January 2, 2024
Learn about the importance of Zero Trust and SaaS security for continuous verification of identities, strict access control, and total context across infrastructure.
SSPM
4 mins
Securing Your Okta Environment After the HAR Breach: How SSPM Can Help
Gal Nakash
November 8, 2023
Learn about the recent cyberattack on Okta that led to the theft of HAR files from their customer support system. Reco shares how SaaS security (SSPM) solutions can be used to prevent techniques used in the Okta attack, detect session hijacking, and protect valuable data.
SSPM
10 mins
Video: Salesforce Risks and How to Secure the Wild West of the Modern Enterprise
Andrea Bailiff-Gush
August 23, 2023
See how organizations are underestimating the extent of their SaaS attack surface risk due to a lack of unified risk visibility.
SSPM
4 min read
Protecting Sensitive Data & Maintaining Governance In The Age of Generative AI
Gal Nakash
May 10, 2023
As a security professional, one of our key responsibilities is to implement cybersecurity solutions, policies and governance that establish guidelines and procedures for handling sensitive data. Policies and governance should empower your users with confidence in their security, rather than limiting their use of powerful Generative AI applications like ChatGPT.
SSPM
4 min read
The Future of SaaS Security is Here: Intelligent SSPM to Safeguard Your Sensitive Data
Gal Nakash
May 10, 2023
The convenience of using SaaS-based storage services like Google Drive has revolutionized the way we store and share files. However, with this convenience comes the risk of inadvertently exposing sensitive information to the public. For example, if someone shares a file or folder with the wrong person or forgets to restrict access to sensitive information, it could end up being publicly accessible.
SSPM
4 min read
SSPM: A Partial Solution to Protecting Data in the Era of SaaS Collaboration
Yael Yair Cohen
May 10, 2023
The explosion in SaaS collaboration tools adoption such as Slack, Microsoft 365 or Google Workspace, GitHub, has forced significant changes in how organizations operate, leading to on-going digital transformations. Traditional data security protocols and solutions are rigid, relying entirely on one-dimensional rules that don’t take into account the vast reams of unstructured data flowing to both internal and external users.
SSPM
4 min read
Sensitive SaaS Data: Managing Access To IT
Andrea Bailiff-Gush
May 10, 2023
Canalys, a technology market analysis firm, estimated that more than 30 billion data records were stolen in 2020, more than in the previous 15 years combined and the FBI has reported that the number of cyberattacks is doubling. This trend is only going to grow in the years to come, so ensuring your data is protected by tackling where it is and who is accessing it is critical.
SSPM
4 min read
Democratizing the Principle of Least Privilege in Collaboration Tools
Gal Nakash
May 10, 2023
Securing data in collaboration tools centers around understanding of the principle of least privilege across the organization. But the decentralized nature of collaboration tools challenges traditional privilege management, and a new solution is needed to democratize how privileges are assigned and abuses remediated.
Cyber Attack
5 min read
Reco Security Labs: How Zendesk Left a Backdoor Open
Dvir Sasson
October 21, 2024
An ethical hacker exposed a security flaw in Zendesk’s systems. This exploit allows anyone to impersonate a Zendesk agent, and gain access to connected platforms (such as Slack) with two emails. The flaw also enabled access to private Slack channels. The ethical hacker found a significant weakness in Zendesk that let anyone view customer service tickets from any business that used the platform. All they needed to do was to send a carefully worded email to a Zendesk-managed support email.
Cyber Attack
7 min
5 Takeaways from Darknet Diaries – Explaining the Intricate Web of SaaS Security
Andrea Bailiff-Gush
August 27, 2024
Darknet Diaries podcast provides true stories of hacking, cybercrime, and the dark web. A recent episode delves into how easily SaaS applications can be compromised, using dubstep music to highlight security vulnerabilities. This episode underscores the importance of SaaS security to protect against increasingly sophisticated web-based threats. We provide our top takeaways.
Cyber Attack
5 min
What We Can Learn from the Snowflake Breach
Merritt Baer
June 6, 2024
Learn about the chain of events behind the recent Snowflake data breach from the perspective of a CISO, and gain step-by-step guidance from Reco on how you can secure your SaaS applications including Snowflake proactively.
Cyber Attack
5 min
Verizon 2024 DBIR: Three Takeaways for SaaS Security
Andrea Bailiff-Gush
May 13, 2024
Learn our key takeaways for SaaS security from Verizon’s 2024 Data Breach Investigations Report (DBIR). This annual report provides an in-depth analysis of breaches from organizations of all sizes and industries, giving insights into trends and changes in the threat and security landscapes.
Cyber Attack
9 mins
Securing Microsoft After the Midnight Blizzard Attack
Oz Wasserman
February 14, 2024
Gain an understanding of the recent Midnight Blizzard cyber attack: how the threat actors were successful, techniques used, and actionable recommendations to protect your Microsoft environment.
Cyber Attack
7 mins
A Hacker’s Guide to a SaaS Application Breach
Gal Nakash
January 31, 2024
Our SaaS security experts use the cyber kill chain to walk through the phases of a SaaS application cyberattack, told from the perspective of a threat actor.
Cyber Attack
3 mins
MOVEit Exploit & Ransomware Attack: Why SaaS Security Is Critical During a Cyberattack
Gal Nakash
November 1, 2023
Learn about the recent exploit and ransomware attack with MOVEit. Reco shares how their SaaS security (SSPM) solution can be used to prevent techniques used by Clop to infiltrate data, exfiltrate data, and encrypt data.
Cyber Attack
5 mins
A Closer Look at the Hacking Techniques Used by the Lapsus$ Data Extortion Group
Gal Nakash
October 10, 2023
Learn about Lapsus$, a data extortion group and their recent cyberattacks against Okta, Uber, and Microsoft. Reco shares how their SaaS security (SSPM) solution can be used to prevent techniques used by Lapsus$ including privilege escalation, and user execution.
Cyber Attack
4 mins
The MGM Resorts Cyber Attack: How Attackers Gained Highly Privileged Access Through Social Engineering
Gal Nakash
September 21, 2023
Learn how SaaS super admins targeted Okta in a social engineering campaign, and how to keep your Okta tenant and highly privileged SaaS accounts secure using Reco’s AI-driven approach and comprehensive mapping of data, apps, and identities.
Cyber Attack
3 min read
Data Security: Life Saving, Life Supporting and Life Advancing
Gal Nakash
May 22, 2023
The impacts of data leaks not only result in the loss of critical medicines that save lives and put operators in danger, but also cause disruptions to essential systems, such as food, water, electricity, heat, and the monetary system, with significant impacts on the economy. Furthermore, they can have severe consequences for education, collaboration, the environment, and other vital aspects of modern life. In the realm of cybersecurity, cybercriminals, hackers, and ransomware gangs can do more than just damage businesses - they can destroy lives on a grand scale.
Cyber Attack
4 min read
Same Tricks, Different Methods – Phishing Via SaaS!
Oz Wasserman
May 10, 2023
Adversaries are crafting better messages, going through deeper investigations to craft more targeted attacks, and using phishing kits to spread these attacks across organizations. It would appear fraudsters and cybercriminals behind the various tactics to fool and deceive never rest and now are looking to exploit SaaS based tools.
Cyber Attack
5 min read
How to Detect a GIFshell Attack: Step-by-Step Guide
Gal Nakash
May 10, 2023
Last month, security researcher Bobby Rauch published two blogs revealing a new vulnerability in Microsoft Teams. Known as GIFShell, the vulnerability utilizes seven different insecure design elements within Microsoft Teams to create the situation whereby an attacker can launch an exfiltration or malware attack against a victim – simply by sending them a GIF with embedded commands in a Teams chat.
Start Securing
Your Entire SaaS Lifecycle
Request a demo