Changelog

We’ve enhanced Nudge Security’s ability to detect and assess potential security risks associated with OAuth grants with new OAuth risk insights to help accelerate OAuth investigations into suspicious, misleading, or malicious grants.

‍

Now, customers can quickly and easily identify the use of restricted or sensitive scopes, detect suspicious domains and email activities, assess vendor trust signals, and understand an app’s popularity both within their own organization and across other environments.

‍

Nudge Security has added the ability to discover and inventory multiple instances of the same app, enabling customers to identify and rationalize duplicate instances and shadow tenants. 

‍

Previously, Nudge Security categorized some instance types as resources within an app. Now, we’ll display instances defined by a unique subdomain (ex, company.slack.com) in an Instances tab within the App Overview page. Within that same pane, we’ll also associate individual accounts with the instances they have access to.

‍

‍

From food delivery to media apps, not every tool your employees use at work requires the same level of oversight. Now, Nudge Security admins can choose to ignore any app and its associated accounts from view as they work in Nudge Security.

‍

Nudge Security will exclude ignored apps from your Progress dashboard results, your total counts of apps and accounts on the Overview dashboard, and total counts on your Apps and Accounts pages. These changes will make it easier to focus on your most important apps. 

‍

Ignored apps will still trigger notification rules, including breach alerts, and you’ll still be able to view the app’s health status and breach notifications on the Overview dashboard. They will also remain included in your Attack Surface overview, App Directory, and all playbooks. 

‍

Nudge Security has updated our filters to make them more intuitive and user-friendly. As part of that effort, we’ve added a new filter that makes it possible to view your organization’s apps by the number of accounts. Now, you can use the new filter to see all apps with more accounts than a number you choose, or fewer.

‍

For example, let’s say you’ve offboarded all users associated with an app and have zero remaining accounts. You can use the new filter to view only apps with greater than zero accounts. Alternatively, you can prioritize low-adoption apps by filtering to see only apps with fewer than 5 associated accounts.

‍

We’ve added support for single sign-on with Okta, including the availability of Nudge Security in the Okta Marketplace. This enterprise-ready feature is available to all Nudge Security customers without requiring a subscription upgrade or otherwise paying any "SSO tax," which runs counter to our product principles. 

‍

Read our documentation to learn how to configure SSO with Okta, or learn more about how you can expand your Okta coverage by integrating with Nudge Security.

‍

Nudge Security has released a new API to help you manage SaaS security and governance across your entire security ecosystem. 

‍

You can use the API to automate critical security tasks, break down data silos between different tools, and centralize SaaS security data to make sure your entire team is working with the same information. For example, you can:

‍

• Ingest Nudge Security data into your SIEM to correlate it with other datasets and generate events.
• Send Nudge Security data to external ticketing systems like ServiceNow or Jira.
• Add custom attributes to an app in Nudge Security based on context from another system, such as “renewal date” or “cost center.”
• Easily orchestrate actions in other tools using third-party automation platforms like Tines, Torq, and Tray.io.

‍

See our API documentation for more information on API functionality, recipes, and samples.

‍

We’ve updated Nudge Security’s menu to make it easier to find functionality like our Overview, AI Usage, and Progress dashboards and our global search bar. Now, all of these features are available within our left hand navigation menu.

‍

Search results from Nudge Security’s main dashboard now include apps with no associated accounts at your organization, making it easier to evaluate apps before your organization begins to use them. 

‍

Now, you can access security profiles for apps outside of your organization, including:

‍

• App info: App category and app description
• Organization details: Corporate location, legal terms, and hosting details
• Security program: Certifications and security links related to the vendor’s public support for security engagement, such as their terms of service, privacy policy, corporate security page, and status page
• Authentication: Authentication methods the vendor supports, including supported methods of SSO
• Supply chain: SaaS services used by the vendor‍
• Breach history: A summary of any known breaches related to the vendor

‍

We’ve enhanced our search results to make it easier to find and interpret information about the SaaS apps your employees are using. Now, search results from Nudge Security’s main dashboard are clearly organized by type, including apps, accounts, resources, and OAuth grants.

‍

We’ve released a new dashboard to help you visualize and share the progress you’re making toward key SaaS security and governance metrics. 

‍

With the new dashboard, you can:

• Visualize your progress over different time periods as you work towards important SaaS security metrics.
• Identify the highest-impact opportunities to bolster SaaS security and governance at your organization.
• Share your progress with stakeholders and easily communicate the value of your work with print-ready reports.

‍

Check out today’s blog to learn more about these key metrics and how Nudge Security can help you improve them.  

‍

‍