Castra Q&A: SaaS threat detection and response

An interview with Castra’s Grant Leonard on how to prepare for the future of SaaS security.

The realities of work are always changing—but the last few years have marked a stunning sea change. Teams are more decentralized, distributed, and independent than ever. Meanwhile, SaaS (software as a service) applications that boost productivity, collaboration, and creativity are readily available, and employees are quick to adopt, experiment, and optimize. Overall, this shift is a boon to workplace productivity and flexibility. But as these remote work trends persist, and as IT and SaaS become more synonymous, security operations leaders need modern approaches to managed detection and response (MDR) that align with these rapidly shifting dynamics.

Founded in 2012 by Tony Simone and Grant Leonard, Castra has partnered with thousands of healthcare, financial, retail, technology, and government organizations to strengthen their information security posture. We caught up with Castra Co-Founder Grant Leonard, who has nearly 20 years of experience in corporate level network security, to talk about the growing need for SaaS threat detection and response, and how Nudge Security fits in.

In recent years, cloud and SaaS adoption rates have skyrocketed, thanks to a confluence of factors: digital transformation; IT (information technology) consumerization; the movement toward everything as a service; and of course, a global pandemic that put rocket boosters on these trends. What are the inherent cyber risks of such a rapid—and often decentralized—approach to IT adoption?

Freemium and/or trial accounts can be created in numerous SaaS-based tools, many times linked to credit cards and/or associated with sensitive information related to the company. These accounts can be unknown for months and years and can present backdoor access and facilitate “shadow IT” growth.

We continue to see a steady stream of data breach disclosures involving cloud and SaaS environments. What do you see as the top emerging SaaS threats that security leaders should be aware of?

Beyond the common unexpected costs from SaaS platforms and shadow IT, one of the threats is the lost or forgotten username/password in SaaS platforms that provide the first steps to lateral movement within a company and enable threat actors to learn about a company.

In what ways is SaaS threat detection and response like conventional managed detection and response (MDR) processes, and in what ways is it different?

Interestingly it is very much akin to all SOAR (Security Orchestration Automated Response) and MDR responses, which is locating then shutting down shadow IT SaaS accounts. A tool like Nudge Security is essential to this process, providing the awareness that the accounts exist along with history and duration and frequency of use of the SaaS accounts.

As hybrid work persists, enterprises are increasingly moving toward highly distributed, cloud-and SaaS-first IT environments. How has this shift influenced your security technology decisions as a managed security service provider (MSSP)?

Castra has opted to focus on SaaS-based platforms due to the robust API (application programming interfaces) integration, in turn allowing our UEBA (User and Entity Behavior Analytics) platforms to tie users to risky behaviors. Typically, we are only gathering account activity a client knows about, however Nudge Security is providing our analytic platforms with accounts our clients were not previously aware of, allowing Castra to tie external SaaS user activity with internal users.

What advice do you have for security teams who are just getting started with SaaS security?

Log all the things!!!! Learn as much as you can about user accounts and leverage a central SAML/IdP or other account management system as well as tools like Nudge to ensure the company is in control of accounts and access.


To learn how Nudge Security can help you reclaim your security posture with features including SaaS discovery, risk insights, playbooks, and more, visit our Product page.

Related posts


Debunking the "stupid user" myth
in security

Exploring the influence of employees’ perception
and emotions on security behaviors