Blog

Introducing in-browser app banners: Set guardrails for cloud apps | Learn more →

Video

BlueHat 2023 - SaaS Cyber Kill Chain

Luke Jennings, Push's VP of R&D, explores the evolution of cyber attacks and the impact of the remote working and SaaS revolution on the cyber kill chain.

He discusses the new SaaS cyber kill chain for modern, fully SaaS native organizations and the surprising number of attacks possible without touching company-owned endpoints or infrastructure.

Luke discusses how initial access, lateral movement, and persistence methods have changed in a world with no internal infrastructure. He also introduces the open-source SaaS attacks matrix as a tool for both red and blue teams navigating this new landscape.

Ready to take Push for a spin?
You've got 10 free licenses and nothing to lose

Similar content

Shared Security - Compromising an Organization without Touching the Network
Video

Shared Security - Compromising an Organization without Touching the Network

In this episode of Shared Security Luke Jennings VP of Research & Development from Push Security joins us to discuss SaaS attacks and how its possible to compromise an organization without touching a single endpoint or network. Luke talks about his recent SaaS attack research, why SaaS based attacks are different than traditional network based attacks, the SaaS attack matrix which can be used by both red and blue teams, and why its important that this research is shared and talked about in the cybersecurity community.

Read more
Pain in the SaaS - Talk at WithSecure
Video

Pain in the SaaS - Talk at WithSecure

Luke Jennings, Vice President of R&D at Push Security, gives a talk about new SaaS attack techniques at WithSecure Conference

Read more
Securing employee-adopted SaaS apps
Video

Securing employee-adopted SaaS apps

SaaS vendors are bypassing your vetting processes and getting employees hooked with free apps and trials. Attackers are targeting this new shadow attack surface with new takes on old techniques. In this webinar, Jacques will cover:

  • Why the traditional gated approach for onboarding new software no longer works.

  • How to adapt your approach to meet the challenges and enable your business.

  • Share insights about other teams that have embraced app self-adoption and kept a handle on risks.

Read more
Understanding the New SaaS Cyber Kill Chain
Video

Understanding the New SaaS Cyber Kill Chain

This talk will consider what a new SaaS cyber kill chain looks like for modern organizations that are fully SaaS native without any concept of an internal network, and the surprising number of attacks that are possible without touching company owned endpoints or infrastructure. In this webinar, you will:

  • Discover how most organizations are already hybrid SaaS and are increasingly SaaS-native

  • Learn what the cyber kill chain looks like when applied to SaaS-native organizations

  • Understand both new variations of old attacks and brand new attack techniques against SaaS-native organizations

  • Discover how SaaS opens up serious persistence challenges even in traditional endpoint compromise scenarios

  • Learn what the SaaS attacks matrix is and how it can benefit your red and blue teams

Read more