Reviewing the Security Posture of Your SaaS Applications (SSPM)

Overview

SaaS Security Posture Management (SSPM) continuously evaluates the configuration and security settings of your SaaS applications. Each of the numerous applications used by your organization introduces its own configuration risks, for example, authentication settings, third-party integrations, and data-sharing controls. Misconfigurations can expose risk, even when access to the application itself is tightly controlled. SSPM addresses this by providing visibility into how SaaS applications are configured and identifying where those configurations do not follow security best practices.

SSPM is configured by creating a connector between Cato and the SaaS application. SSPM reviews the current posture of connected SaaS applications. It then compares the current posture with the recommended posture defined by Cato’s research team. This helps identify vulnerabilities in the configuration of the application. For a full list of supported applications, see SaaS Posture Connectors. 

Posture data for each application is available in the Applications dashboard. This provides a summary of posture scores and highlights the highest-severity findings across connected applications. You can review each posture check from the Posture page. Each check includes details about the issue, its status, and the remediation action required to pass the check.

SSPM requires a CASB.

Understanding SSPM and CASB

SSPM complements CASB to provide comprehensive SaaS security coverage.

CASB monitors how users access and use SaaS applications. For example, CASB can help control tenant access, detect risky activities, and enforce access policies.

SSPM focuses on the posture of the application itself, regardless of who is using it. A SaaS application can have well-enforced CASB policies and still be vulnerable if, for example, multi-factor authentication is disabled, stale admin accounts remain active, or a third-party integration has been granted excessive permissions.

Together, CASB and SSPM provide a full SaaS security solution. CASB ensures users are interacting with applications appropriately and SSPM ensures the applications are configured securely.

Use Case

A Salesforce administrator manages a Salesforce tenant that contains sensitive customer information, sales opportunities, and business data. While the security team uses CASB controls to monitor user activity and enforce access policies, they also need to ensure that Salesforce is configured according to security best practices.

After creating a Salesforce connector, the security team reviews the Salesforce posture in the Cato Management Application. They identify several failed checks, such as users who are not required to use multi-factor authentication, overly permissive administrator roles, and security settings that do not align with recommended configurations. From the Posture page, they review each failed check and follow the remediation guidance.

This helps reduce risk in the Salesforce environment without manually auditing every security setting.

Viewing Posture Checks

A summary of SSPM checks can be viewed from the Application dashboard. This provides a high-level view of SaaS posture findings across connected applications. For more information, see Using the Applications Dashboard.

On the Posture page, the SaaS Security tab displays each posture check. Each check includes its status, severity, related findings, and remediation guidance. This helps security teams understand what failed and how to resolve it.

For more information on reviewing Posture checks, see Reviewing Posture Checks for Your Account.

Note: SaaS Security checks do not contribute to the Account Score.

The posture checks are divided into these security domains:

• Authentication: Help verify that strong authentication methods are configured. For example, they can identify gaps in MFA enforcement or other login security settings.

• Data Protection: Checks related to protecting sensitive data in SaaS applications. These checks help identify settings that may expose data or allow unnecessary access.

• Application Access: Checks related to how users and services access SaaS applications. These checks help identify risky access paths, broad permissions, or access that is not aligned with security policy.

• Identity Access: Help identify users, roles, or permissions that may increase account or application risk.

• Configuration Governance: Checks related to the overall configuration of the SaaS application. These checks help identify settings that do not follow recommended security practices.

• Identity and Access: Checks related to the relationship between identities, privileges, and access rights. These checks help identify excessive permissions, stale access, or privileged access concerns.