Reco Blog

SaaS identity sprawl refers to the unchecked proliferation of user identities, access permissions, and authentication credentials across an organization's growing SaaS ecosystem. This phenomenon occurs as companies adopt more SaaS apps, each requiring separate user accounts, role definitions, and access controls.

Learn how Reco’s AI agents reduce alert overload for Security teams and improve SaaS security by turning unnecessary noise into clear, useful insights.

Learn how one CISO measures the ROI of SaaS security and 5 tips for increasing speed to value.

MFA fatigue attacks exploit user frustration by bombarding them with authentication requests until they approve one just to make the notifications stop. This sophisticated social engineering tactic turns a security measure into a vulnerability, threatening sensitive data and systems across an organization's SaaS ecosystem. Learn more about the risks with MFA fatigue and how by recognizing the warning signs of these attacks—such as unusual spikes in MFA declines or authentication attempts from suspicious locations —security teams can prevent attackers from bypassing this critical security layer.

Detecting ransomware in SaaS environments requires more than traditional security approaches as malicious files can spread through file synchronization and messaging platforms like Teams. While Microsoft and Google provide native scanning capabilities, Reco enhances detection by correlating alerts across platforms, providing crucial context about how ransomware originated, and enabling automated response before threats can spread through interconnected SaaS applications.

As SaaS applications grew increasingly AI powered, CSK needed to visibility and control over AI usage at the organization. The goal was to support AI innovation, without slowing the business down. CSK turned to Reco to help. Read this blog from CSKs Chief Information Officer, Jason Thomas, to learn more.

Organizations face significant security and compliance vulnerabilities when third-party vendors share sensitive data with their own vendors (fourth parties) without adequate oversight. Learn how these fourth-party relationships create blind spots in your security posture that can lead to regulatory penalties and reputational damage when breaches occur.

The Oracle cloud breach underscores how vulnerable identities are, as hackers continuously find ways to expose credentials. This blog discusses what happened, how Oracle cloud users can mitigate risks, and how you can protect your SaaS apps, even when your credentials are exposed by a vendor.

Self-Service Password Reset (SSPR) systems enable users to reset passwords independently but create new security risks that require monitoring for unusual patterns. Learn how effective SSPR monitoring can help prevent account takeovers and how to integrate monitoring into security architecture.

Wellstar Health uses Reco to manage shadow SaaS. In this blog, Wellstar Health's Executive Director of Security & GRC provides 9 actionable tips for reducing shadow IT. By employing these strategies, you too can reduce your shadow SaaS footprint and create a manageable, sustainable, and effective program.

One of the biggest challenges of SaaS security is that SaaS ownership is fragmented. So how do you get app owners to embrace SaaS security in order to drive change? Read this blog from Jennifer Langford at CSK. She improved her posture score from 45 to 75. Learn 5 tips for success.

Microsoft Copilot helps businesses be more efficient, but it also allows malicious actors to potentially exploit your business data. Reco uses prompt analysis to identify and flag risky behavior within Microsoft Copilot. Read this blog to understand how Reco can help you keep Microsoft Copilot secure.

Legacy SSPM is static – it can't keep up with the SaaS rate of change. SSPM+ is the next revolution in SSPM. It covers not only existing apps you know about, but also new apps as soon as they hit your infrastructure. It offers visibility into the entire SaaS lifecycle, and adjusts as your environment changes and grows. ‍

Reco now supports over 160 SaaS apps. Through the SaaS App Factory™, Reco can release new integrations on request in just days.

RFA is a managed IT services provider. They wanted to offer Managed Detection & Response services for Microsoft365 to clients. They signed up with Reco to power this service. Read the blog from RFA's CIO to learn how they did it.

BigID was struggling to build a threat detection and response program for SaaS applications. They signed up with Reco and eliminated months of work. Today, Reco is an integral part of BigIDs SOC automation.

Implementing a robust SaaS security program can help you improve your company's overall security posture. But simply purchasing a security tool won't be enough – you must pay attention to certain critical organizational factors as well. This blog details 6 steps for success.

SaaS has taken over our enterprise world. But it's constantly outscaling Security due to five types of sprawl. Read this blog to understand why traditional solutions, like CASB and SSPM, are not enough for SaaS security and why you need a Dynamic SaaS Security Platform.

Learn more about ESET uncovering PlushDaemon, a China-linked APT behind a 2023 supply chain attack on IPanyVPN. The attackers trojanized the installer to deploy the SlowStepper backdoor, enabling long-term espionage across multiple regions.

Reco identified an ongoing, global campaign targeting SaaS identities originating from Phoenix, Arizona. This technical analysis report identifies attack patterns, attacker infrastructure, targeted accounts, and security measures that prevented or allowed account takeovers.

SaaS supply chain attacks occur when a malicious actor compromises a third-party SaaS vendor and uses that as a launching pad to target the vendor’s customers. By exploiting the interconnected nature of SaaS ecosystems, attackers can scale their reach and impact more victims. Read this blog to learn about the risks and how to mitigate them.

DeepSeek has quickly upended the AI market. But is it safe to use? Short answer: probably not. Read this blog to understand the biggest DeepSeek security risks for organizations.

Deep dive into Reco's shadow app discovery technology, covered by The Hacker News. Reco uses AI-based graph technology and email filtering to discover shadow apps and shadow AI. Learn what Reco can do – and what Reco cannot do – for shadow IT security at organizations.

Mike D'Arezzo, Executive Director of Security and GRC at Wellstar Health, turned to Reco to help him manage shadow IT and secure SaaS deployments at the organization. Learn how Reco empowers him to effectively secure PHI in SaaS apps.

On December 24, 2024, Cyberhaven experienced a security breach involving its Chrome browser extension. What started as a phishing email led to a poisoned Chrome extension, resulting in an estimated 400,000 compromised browsers.

Pat Opet, Chief information Security Officer (CISO) at JPMorgan Chase, recently named SaaS security as a top priority for 2025. Learn why it should be your top priority, too, and best practices for securing SaaS applications.

CISA recently released requirements for federal agencies to secure SaaS applications like Microsoft 365. Learn five steps to get SaaS security right.

Reco's shadow SaaS and shadow AI discovery solution can identify all applications and copilots being used by employees, rank their level of risk, and provide insight into who is using what and how.

The recent surge in generative AI adoption has given rise to a new security concern: shadow AI. A subset of shadow IT, shadow AI refers to the unapproved or unsanctioned use of AI tools and copilots within an organization. This blog discusses shadow AI security challenges, risks, and how to prevent data exposure by reducing shadow AI.

SailPoint includes two built-in organizational admin accounts that are used to provide customer support and ensure smooth operations. While these accounts are designed with good intentions, they introduce potential risks. Read this blog to learn about the risks and how Reco can help.

Discover how APT36's ElizaRAT leverages cloud platforms like Slack, Google Drive, and Telegram for stealthy cyber espionage. Explore its advanced evasion tactics, modular payloads, and evolving campaigns targeting Indian entities, highlighting its persistent threat and adaptability.

On October 30, 2024, Okta resolved a vulnerability affecting the Active Directory (AD) and LDAP delegated authentication systems that could allow unauthorized access to Okta accounts under specific conditions.

Building a strong security culture takes time and effort. Learn how CISOs can foster shared responsibility through foundational practices, policy enforcement, automation, and democratizing security knowledge to reduce risks, streamline compliance, and promote empathy for security requirements.

Find out how an ethical hacker uncovered a Zendesk flaw allowing anyone to impersonate Zendesk's agents, access connected platforms like Slack, and view private channels. The flaw can also let attackers view customer service tickets from any business using the platform by sending a crafted email to a Zendesk-managed support address.

Read our latest thought leadership piece for Forbes Technology Council on the importance of knowing your data exposure. Reco CEO & Cofounder Ofer Klein shares ways to prevent this risk and help organizations stay ahead of regulators and bad actors by gaining visibility into all connected SaaS apps and avoiding giving apps permissions when prompted.

Regular password changes and secure authentication methods are not enough to protect SaaS applications. Hackers can bypass these defenses without needing your password using ghost logins. This blog post by Reco covers how cyber attackers exploit ghost logins in platforms like Zapier using connected apps like Dropbox to maintain unauthorized access without detection.

Sophisticated cyber threats demand a new perspective—one that centers around the behavior of identities across the entire SaaS ecosystem. At Reco, we've developed an advanced analytics platform that leverages ClickHouse to detect and respond to threats like impossible travel, while reducing false positives and adapting to emerging attack vectors.

Darknet Diaries podcast provides true stories of hacking, cybercrime, and the dark web. A recent episode delves into how easily SaaS applications can be compromised, using dubstep music to highlight security vulnerabilities. This episode underscores the importance of SaaS security to protect against increasingly sophisticated web-based threats. We provide our top takeaways.

Explore a few widely used SaaS apps that fall outside what is normally characterized as a ‘crown jewel’ app, how attackers normally gain access to them, and perform reconnaissance to launch the next phases of their attack. We provide best practices that could help prevent these risks and limit the blast radius.

Read our latest thought leadership piece for Forbes Technology Council on zero trust and how it is critical for enterprises to secure their SaaS environment. Reco CEO & Cofounder Ofer Klein shares how in order for a zero-trust framework to be effective, organizations, first and foremost, must be aware of all of the applications that exist in their SaaS environment.

Explore Microsoft Copilot privacy concerns. Learn how Copilot manages user data, complies with regulations, and ensures data protection through encryption and pseudonymization. Find out how Microsoft aims to address evolving privacy challenges, maintaining user trust and data security.

Learn about the security risk connected with Microsoft 365 Copilot to avoid data leakage or unauthorized access while boosting productivity via AI-driven automation. Explore the best practices and strategies for secure Microsoft 365 Copilot deployment in our article.

Learn about the chain of events behind the recent Snowflake data breach from the perspective of a CISO, and gain step-by-step guidance from Reco on how you can secure your SaaS applications including Snowflake proactively.

OpenAI recently released a connector in ChatGPT that requires access to shared drives where personal and organizational environments are located. Preventing potential data exposure is crucial. Learn our recommendations to prevent threat surface from widening.

Explore key pillars of Microsoft 365’s security infrastructure and learn about 21 best practices for securing Microsoft 365. Find out which activities to monitor and how to protect your organization’s data and minimize exposure risk across different devices and applications.

AI-powered assistants, known as Copilots, are becoming more and more popular as they automate routine activities and provide useful insights. However, they also introduce security challenges, such as data leaks and privacy breaches. Ensuring their security is crucial, particularly with laws like GDPR and CCPA. This article explores how various SaaS Copilots handle security, helping businesses understand how to safely integrate these tools into their operations.

Learn our key takeaways for SaaS security from Verizon’s 2024 Data Breach Investigations Report (DBIR). This annual report provides an in-depth analysis of breaches from organizations of all sizes and industries, giving insights into trends and changes in the threat and security landscapes.

Read our latest thought leadership piece for Forbes Technology Council on the importance of SaaS Security Posture Management. Reco CEO & Cofounder Ofer Klein shares how by focusing on the unique security issues of SaaS alone, SSPM solutions help organizations stay ahead of regulators and bad actors.

Microsoft Copilot is transforming the way businesses interact with data and applications through its integration with Microsoft 365, offering a range of tools powered by advanced AI. Getting full visibility on the cost of using Microsoft Copilot is essential, as there can be unexpected charges beyond the basic price.

From antivirus basics to AI-driven solutions, cybersecurity tools have evolved to address increasingly complex threats. Advances in AI, especially Large Language Models (LLMs), have significantly enhanced threat detection and incident response, enabling better protection of digital assets. Explore the list of security tools with LLM capabilities.

Global software automation leader UiPath simplified SaaS data exposure and access management by sending alerts to Microsoft Sentinel of publicly exposed data located in shared Drives with the help of Reco.

Learn how to prepare your business for Microsoft Copilot. Discover Copilot’s functionalities and capabilities but also its potential risks and challenges. Learn about the advantages of using Microsoft Copilot for your business and follow the best practices for secure deployment.

Organizations are looking to generative AI (GenAI) governance as the technology's risks and opportunities continue to emerge. Learn from the world's leading AI experts about security industry priorities around AI safety and governance in our recap of the Digital World Conference Summit.

Microsoft Copilot for Security is an AI-driven platform enhancing cybersecurity across organizations by automating threat detection, analysis, and response, and ensuring data privacy and compliance with advanced encryption and strict regulations. Learn how Microsoft Copilot handles data and discover the best practices for its implementation.

Learn about Microsoft Copilot, an AI chatbot launched earlier this year and its insecurities including potential data leakage from account takeover. Gain an understanding of how easy it is for a threat actor to gain elevated access to organizational data from executing a simple GenAI prompt in Copilot, and learn best practices to secure your Copilot instance.

Learn about the SaaS App Factory from Reco, which extends SaaS security expertise, insights, and continuous monitoring from Reco to any SaaS application.‍ Enterprises can implement a common security framework to ensure universal coverage of all SaaS applications in their tech stack.

Reco CEO and Cofounder Ofer Klein sat down with Chief Digital Evangelist of eViRa Health, Evan Kirstel as part of the podcast What's Up in Tech? to discuss the cybersecurity landscape, the explosion in adoption of SaaS applications, and why SaaS security is no longer an option.

Hear from SaaS security experts on the effectiveness of the National Cybersecurity Strategy to help organizations secure their SaaS applications as we approach the one-year anniversary.

Gain an understanding of the recent Midnight Blizzard cyber attack: how the threat actors were successful, techniques used, and actionable recommendations to protect your Microsoft environment.

Our SaaS security experts use the cyber kill chain to walk through the phases of a SaaS application cyberattack, told from the perspective of a threat actor.

Discover how to leverage Reco AI with Cortex XSOAR for automated SaaS security. Streamline threat detection, automate remediation workflows, and fortify your organization's security posture.

Learn about the importance of Zero Trust and SaaS security for continuous verification of identities, strict access control, and total context across infrastructure.

Reco joins CISO Series, Super Cyber Friday to discuss hacking the SaaS security journey, the evolution of SaaS and security priorities, and the best methods for aligning SaaS security with business goals.

Connecting in Minutes, Reco Discovers Every App, Its Users, and Actions to Seamlessly Prioritize and Control the Risks in the SaaS Ecosystem

Intellyx, an industry analyst firm, named Reco to its 2023 Digital Innovator list. This annual list recognizes fast-rising technology companies committed to delivering enterprise digital transformation.

While GenAI provides efficiency at scale, it also poses risks that Security leaders can't ignore. Learn about the most common security risks associated with GenAI integrations and tactics to protect your data.

Learn about a real-world use case involving the Reco SaaS Threat Detection module and its revelation of a common threat within Office 365: disabled users retaining access to company data,

Learn about the recent cyberattack on Okta that led to the theft of HAR files from their customer support system. Reco shares how SaaS security (SSPM) solutions can be used to prevent techniques used in the Okta attack, detect session hijacking, and protect valuable data.

Learn about the recent exploit and ransomware attack with MOVEit. Reco shares how their SaaS security (SSPM) solution can be used to prevent techniques used by Clop to infiltrate data, exfiltrate data, and encrypt data.

Learn about Lapsus$, a data extortion group and their recent cyberattacks against Okta, Uber, and Microsoft. Reco shares how their SaaS security (SSPM) solution can be used to prevent techniques used by Lapsus$ including privilege escalation, and user execution.

Learn how a misconfigured SaaS token in Microsoft led to 38TB of data being exposed, and how to prevent misconfigurations using configuration management and event monitoring.

Reco CTO and Cofounder Tal Shapira shares insights on the transformative power of GenAI and its implications on cybersecurity from the SECtember AI Think Tank Day. Learn how AI innovators and experts came together to discuss the industry priorities for AI research and soft launch the Cloud Security Alliance’s AI Safety Initiative.

Learn how SaaS super admins targeted Okta in a social engineering campaign, and how to keep your Okta tenant and highly privileged SaaS accounts secure using Reco’s AI-driven approach and comprehensive mapping of data, apps, and identities.

Discover the benefits of Multi-Factor Authentication (MFA) for SaaS app security, and learn how MFA enhances protection against cyber threats and improves compliance.

See how organizations are underestimating the extent of their SaaS attack surface risk due to a lack of unified risk visibility.

Learn how Reco is transforming application governance and tackling the challenges of shadow applications using Generative AI. By leveraging Large Language Models and Google search, Reco's unique 'application consolidation' process brings clarity to complex landscapes, enhances app governance, and shadow app discovery. Join us on the forefront of security innovation with Reco.

Reco and Wiz have joined forces to create a comprehensive cloud security solution. Reco's contextual AI enhances Wiz's understanding of user privileges and activity in SaaS applications, while Wiz helps Reco users track and protect cloud assets. This collaboration ensures complete visibility, control, and protection across SaaS and cloud environments.

The partnership of Reco and Torq offers a powerful data protection and workflow automation solution for businesses utilizing SaaS applications. Reco identifies and flags sensitive data across platforms, providing insight into potential exposure risks. Meanwhile, Torq's hyperautomation ensures automatic risk remediation. Together, they have yielded an impressive 80%-90% reduction in exposure risk for their customers. By leveraging Reco's data insights and Torq's automation capabilities, businesses can secure their data, streamline workflows, and focus on their core operations.

Shadow threats—Shadow Identities, Shadow Applications, and Shadow Data—pose risks to organizational security, compliance, and efficiency. To address these threats, organizations must adopt a comprehensive strategy supported by AI-powered SaaS security solutions. A whole systems security approach driven by AI offers scalability, visibility, detection and remediation. Leveraging context analysis solutions enables organizations to safeguard information assets, improve operational efficiency, and foster secure collaboration.

Discover how Reco’s AI-driven approach and comprehensive mapping of data, apps, and identities perfectly aligned with the needs of our customer, Cresta. By going beyond security posture, Reco enabled proactive detection and response to sensitive data exposure and leakage.

Reco has empowered SolarEdge to enhance their SaaS security and productivity exponentially. By providing comprehensive visibility, reducing false positives, and streamlining the protection of sensitive data, Reco has proven instrumental in SolarEdge's pursuit of securing their intellectual property, maintaining data privacy, and achieving operational excellence.

The impacts of data leaks not only result in the loss of critical medicines that save lives and put operators in danger, but also cause disruptions to essential systems, such as food, water, electricity, heat, and the monetary system, with significant impacts on the economy. Furthermore, they can have severe consequences for education, collaboration, the environment, and other vital aspects of modern life. In the realm of cybersecurity, cybercriminals, hackers, and ransomware gangs can do more than just damage businesses - they can destroy lives on a grand scale.

As a security professional, one of our key responsibilities is to implement cybersecurity solutions, policies and governance that establish guidelines and procedures for handling sensitive data. Policies and governance should empower your users with confidence in their security, rather than limiting their use of powerful Generative AI applications like ChatGPT.

The role of cybersecurity professionals is a highly demanding one. CISOs, CIOs, CSOs, Security analysts, Compliance Officers, and many others are responsible for safeguarding sensitive information and critical systems from cyber threats such as hackers, hacktivists, and even nation-states.

The convenience of using SaaS-based storage services like Google Drive has revolutionized the way we store and share files. However, with this convenience comes the risk of inadvertently exposing sensitive information to the public. For example, if someone shares a file or folder with the wrong person or forgets to restrict access to sensitive information, it could end up being publicly accessible.

The explosion in SaaS collaboration tools adoption such as Slack, Microsoft 365 or Google Workspace, GitHub, has forced significant changes in how organizations operate, leading to on-going digital transformations. Traditional data security protocols and solutions are rigid, relying entirely on one-dimensional rules that don’t take into account the vast reams of unstructured data flowing to both internal and external users.

A recent article, “Negotiating With Internal Security Teams,” addressed the frustrations tech teams face when collaborating with their internal security counterparts. To overcome these challenges and achieve a balance between employee productivity and information security, organizations must adopt a business-context-based security approach.

Securing data is crucial in cloud computing and across any SaaS application, as the data stored within these platforms are often sensitive and valuable. It is imperative that all parties involved, including SaaS providers, businesses, and their security teams, take responsibility for safeguarding these applications and their data.

A key challenge around SaaS data security is the risk of data loss when an employee leaves the organization. This is because when an employee leaves an organization, they may take sensitive data with them or cause damage to company data either intentionally or unintentionally.

Canalys, a technology market analysis firm, estimated that more than 30 billion data records were stolen in 2020, more than in the previous 15 years combined and the FBI has reported that the number of cyberattacks is doubling. This trend is only going to grow in the years to come, so ensuring your data is protected by tackling where it is and who is accessing it is critical.

More than 80% of workers use collaboration tools, up 44% since the start of the pandemic. While this rapid increase has improved workplace efficiency, it's also opened organizations up to greater data security threats and headaches due to the massive amounts of sensitive data at play.

Adversaries are crafting better messages, going through deeper investigations to craft more targeted attacks, and using phishing kits to spread these attacks across organizations. It would appear fraudsters and cybercriminals behind the various tactics to fool and deceive never rest and now are looking to exploit SaaS based tools.

Securing data in collaboration tools centers around understanding of the principle of least privilege across the organization. But the decentralized nature of collaboration tools challenges traditional privilege management, and a new solution is needed to democratize how privileges are assigned and abuses remediated.

We recently received a headline from Google: 46% of potentially sensitive files have been shared outside your organization. Part of Google’s data protection insights for Drive, this alert and indeed the report, and the entire initiative, is missing an important ingredient: Context.

Could security tasks really be automated? We argue yes, when context is added to the security workflow, remediation of simple tasks can absolutely be automated

Current ways of working, with remote working, and increased use of collaboration tools have increased the potential of employee insider threats. Reco’s collaboration security platform is designed to avoid situations where an employee uses anything from sanctioned work collaboration tools to shadow IT to leak sensitive work documents.

A recently discovered vulnerability in the Figma integration in Slack potentially leaks information contained in Figma files to unauthorized users in the preview thumbnail. This vulnerability has been reported to Figma for them to manage. We are reporting our findings in accordance with the principles of responsible disclosure.

Last month, security researcher Bobby Rauch published two blogs revealing a new vulnerability in Microsoft Teams. Known as GIFShell, the vulnerability utilizes seven different insecure design elements within Microsoft Teams to create the situation whereby an attacker can launch an exfiltration or malware attack against a victim – simply by sending them a GIF with embedded commands in a Teams chat.

When collaborating over multiple platforms, you need to secure all of them: integrations cause data and policies to shapeshift between platforms

As a company who are developing a pioneering security tool designed to allow our customers to improve their security, it is important to us that we ensure that all our systems are as secure as they can be.