ShadowMap – Tracking SSO Integrations

Key Features of ShadowMap – Tracking SSO Integrations & Threat Analysis Report

• Compatibility with: Google Workspace, Azure AD, Office 365, Okta, Cloudflare Access, Duo Security, Auth0, Amazon Cognito, Idento IAM along with internal SAML / OAuth implementations.
• Track account information behind each SSO Integration & Raise alerts for unauthorised shadow accounts.
• Automated best-practice checks of the SSO implementations to raise alerts for any privacy or security issues.
• Track Credentials Leaked on the Internet, Deep-Web & Dark-Web related to your SSO implementations.
• Have our Cyber Threat Police Experts available on-demand to investigate, analyse and mitigate these critical risks.

Importance of Ensuring Secure SSO (Single Sign-On) Implementation

A recent study on risks associated with SSO (Single Sign-On) implementations found:

• 25% of the S&P 500 and half of the top 20 most valuable public U.S companies have had at least one SSO credential for sale on the dark web in 2022.
• Shared credentials were the most common attack vector used by hackers and responsible for nearly 50% of all cyber attacks.
• Logon credentials are a major focus for external attackers (61% of data breaches involve credential data).
• With the average enterprise using over 250 cloud apps, the prospect of employees remembering unique, strong passwords for each of them is simply impractical.
• Brute force attacks accounted for 31% of all cyberattacks in 2021 and 89% of the organisations interviewed experienced phishing attacks over the past year.

Common Security Vulnerabilities in SSO (Single Sign-On) Implementations

• XML injection Attacks
• Timing or Expiration Based Attacks
• Signature Spoofing and Exclusion Attacks
• XXE and XSLT Attacks
• SSO Implementation Bypass / Authentication Bypass Attacks
• Access Token Misuse or Replay Attacks
• Credential Leakage via Referrer Header
• Client Secret Leakage
• Credential Leakage via Page Content

The post Tracking SSO Integrations Across The Organization appeared first on ShadowMap.

ShadowMap Executive Cyber Protection Demo

Key Features of Executive Cyber Protection

• Protect your Executive’s personal, corporate and family accounts from targetted data breaches.
• Get notified for any executives impacted by: third-party data breaches, data leaks, dark web mentions, news mentions, social media mentions, etc.
• Monitor the dark web, ransomware groups, social media for any chatter related to their emails, phone numbers, usernames, computer names, IP addresses.
• Receive a high priority alert as soon as one of your executives is part of a data breach or attack.
• Have our Cyber Threat Police Experts available on-demand to investigate, analyse and mitigate these critical risks.

Targetted Attacks Against Your CXO Executives?

A recent study on Data Brokers and Data Breaches found:

• 99% of our executives have their personal information available on more than three dozen online data broker websites, with a large percentage listed on more than 100.
• 70% of executive profiles found on data broker websites contained personal social media information and photos, most commonly from LinkedIn and Facebook.
• 40% of online data brokers had the IP address of an executive’s home network.
• 95% of executive profiles contained personal and confidential information about their family, relatives, and neighbours.
• On average, online data brokers maintained more than three personal email addresses for every executive record.

How to enable Executive Cyber Protection In your Dashboard?

Step 1: Add Executives To Your Dashboard

Add A New Executive

Step 2: Add Any Number of Monitoring Fields For Your Executives

Add Monitoring Fields For Executives

Step 3: In a few minutes, data will start getting populated for the executives and alerts will start triggering!

The post Executive Cyber Protection appeared first on ShadowMap.