Demo Request
Take a personalized product tour with a member of our team to see how we can help make your existing security teams and tools more effective within minutes.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Home
Blog
Exela Pharma Sciences Leverages Reco to Reduce its Attack Surface Area and Manage Risk

Exela Pharma Sciences Leverages Reco to Reduce its Attack Surface Area and Manage Risk

Reco Security Experts
Updated
December 4, 2024
May 20, 2025
2 minutes
Ready to Close the SaaS Security Gap?
Chat with us

Exela Pharma Sciences, an award-winning US-based integrated specialty pharmaceutical company, leveraging Reco to protect its confidential pharmaceutical data, such as patented medication recipes and dosage information. Exela utilizes core SaaS applications such as Veeva CRM and Veeva Vault, Microsoft 365 (M365), and SAP on a daily basis to support its business operations.

During a time of rapid growth, the Exela security team was struggling to keep up with all the identities and applications that were being added to the corporate infrastructure. Initially relying on ingesting logs from Microsoft into its SIEM solution to gain visibility into its M365 environment proved to be an exhaustive effort, and was quickly abandoned.

To keep the company safe from damaging breaches, Exela needed a solution that would provide insight into what was being deployed, who was accessing what, and what permissions existed. Exela signed up with Reco to help.

Utilizing the Reco platform, Exela Pharma Sciences was able to:

  • Reduce risk. They identified and managed risk around 218 shadow applications. They also remediated misconfigurations, for example they removed stale accounts that were several years old, added MFA to accounts that did not have it, and changed passwords for users who shared their corporate credentials in SaaS apps.
  • Decrease configuration drift. They worked with Customer Success to build automations that enforce security policies and reduce drifts from baseline.
  • Enable visibility and observability. The team now has visibility into the complex web of identities, apps, and permissions across its SaaS ecosystem. By sending high and critical alerts through the SIEM to the Security team, SaaS risks can be addressed immediately, reducing corporate exposure.
  • Protect unique apps: Reco offers coverage for the Veeva suite, and quickly rolled out support for FreshService, Exela's niche ITSM app, in under a week.
  • Validate SSO and MFA: Reco identified dozens of apps that were not configured with SSO or MFA enforcement. Exela used Reco to remediate this and validate progress within the platform.

“Now that we use Reco we’ve reduced our attack surface area and we have the tools we need to deprovision SaaS and also change passwords for users who share their corporate credentials in SaaS applications.We have reduced both the stress and the risk that comes with our business growth because we have a handle on what’s happening across our SaaS deployments and our technology users,” says Ansari. 

Read the full customer story of Reco and Exela Pharma Sciences to learn more.

No items found.

Reco Security Experts

ABOUT THE AUTHOR

Technical Review by:
Gal Nakash
Technical Review by:
Reco Security Experts

Request a Demo
Ready to Close the SaaS Security Gap?
Chat with us
Table of Contents
Overview
Get the Latest SaaS Security Insights
Subscribe to receive updates on the latest cyber security attacks and trends in SaaS Security.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Explore Related Posts

6 min read
Cyber Attack
Inside the ShinyHunters Experience Cloud Campaign: IOCs, Detection Logic, and What's at Risk
Nitay Bachrach
March 12, 2026
Reco is actively investigating a ShinyHunters campaign targeting organizations running Salesforce Experience Cloud sites with misconfigured guest user profiles. By exploiting publicly accessible Aura API endpoints, the threat actor claims to have compromised between 300 and 400 organizations — with cybersecurity companies deliberately targeted to enable downstream supply chain attacks. This post covers the campaign's IOCs, the detection logic needed to hunt for it in Salesforce Event Monitoring, and the underlying misconfiguration that makes it possible.
6 min read
Cyber Attack
OpenClaw: The AI Agent Security Crisis Unfolding Right Now
Alon Klayman
February 12, 2026
OpenClaw, the viral open-source AI agent with over 135,000 GitHub stars, has triggered the first major AI agent security crisis of 2026 with multiple critical vulnerabilities, malicious marketplace exploits, and over 21,000 exposed instances. When employees connect these autonomous agents to corporate systems like Slack and Google Workspace, they create shadow AI with elevated privileges that traditional security tools can't detect. Reco's platform provides the visibility security teams need to identify OpenClaw integrations, audit permissions, and assess risk before incidents occur.
5 min read
SaaS Security
SaaS and AI Security Is Here: Reco Raises Series B to Dominate the Future of AI Usage in SaaS
Ofer Klein
February 10, 2026
After 400% growth, Reco raises $30M Series B to address the AI SaaS security gap, where traditional tools can't see the thousands of AI apps, agents, and integrations that now power modern enterprises. This round was led by Zeev Ventures, with participation from all our existing investors—Insight Partners, boldstart ventures, and Angular Ventures—and new corporate investors including Workday Ventures, TIAA Ventures, S Ventures, and Quadrille Capital.
See more featured resources

Ready for SaaS Security that can keep up?

Request a demo
Reco is the leader in Dynamic SaaS Security — the only approach that eliminates the growing gap between what you can protect and what’s outpacing your security. Reco keeps pace with SaaS sprawl, no matter how fast it evolves, by covering the entire SaaS lifecycle — cradle to grave.
Request a demo
Chat with us
Chat with us
Memberships
Accreditations
AICPA for RecoAICPA for RecoReco - ISO 27001
Platform
Posture ManagementApp Discovery & GovernanceIdentity & Access GovernanceThreat Detection & ResponseData Exposure ManagementShadow App DiscoveryGenerative AI DiscoveryAgentic AI SecurityReco AI AgentsAI Governance and SecuritySaaS App Factory™
Use Cases
Shadow SaaS DetectionSaaS Ticketing WorkflowUnsanctioned Apps ControlSaaS OffboardingCustom Policy StudioShadow AI DiscoveryIdentity Governance ComplianceAI-Powered SaaS Security Insights
Integrations By App
All Supported ApplicationsSalesforceMicrosoft 365Google WorkspaceServiceNowWorkday
ServiceNow
soon
SlackOktaVeeva
Resources
BlogLearnIT HubCustomer StoriesWebinarsCompareSSPM ReportCISO GuideFinancial GuideHealthcare GuideSalesforce GuideMicrosoft GuideAI Security GuideShadow AI GuideState of SaaS Security ReportThe State of Shadow AI ReportResource Center
Company
About Reco
Careers
Hiring
NewsroomBrand GuidelinesPartnersTrust CenterContact Us
Top Content
SaaS SecurityWhat is SSPMCISO Hub
Use Cases
Detect Shadow SaaSSaaS Ticketing WorkflowUnsanctioned Apps ControlSaaS OffboardingCustom Policy StudioShadow AI DiscoveryEnsure Identity Governance ComplianceAI Powered SaaS Security Insights
Memberships
Accreditations
AICPA for RecoAICPA for RecoReco - ISO 27001
TermsPrivacy
© 2026 Reco. All Rights Reserved.