Learning center

To overcome the inherent limits to identity management and SSO, security leaders rely on the SaaS security control plane (SSCP) for visibility, risk mitigation, and access control.

SaaS commands the digital enterprise. Access control to SaaS services is the equivalent to protecting the cockpit door of a Boeing 787—unauthorized access is non-negotiable.

Cloud security depends on SaaS security, because SaaS is the control interface for everything in the digital enterprise—factories and finance, engineers and DevOps, HR and IT—everything and everyone runs on SaaS.

Lior Yaari, co-founder and CEO of Grip Security, who assessed and provided advice on the company’s investments in cybersecurity while serving as the CTO of YL Ventures prior to joining Grip Security.

SaaS security posture management (SSPM) is a critical component for companies to effectively respond to SaaS threats while complying with industry standards have strong security posture. But SSPM is often insufficient, incomplete, and ineffective to secure SaaS access.

SSPM solutions help companies gain visibility and secure SaaS apps. Learn how you can get the most value from an SSPM solution.

Business-led and shadow IT is a part of organizations as more digital tools are available. Learn how shadow and business-led IT impacts your SaaS security.

What’s the best identity access management (IAM) solution to secure shadow SaaS? Learn how it can be secured just like sanctioned applications.

Five predictions for 2023 based on the accelerating adoption of business-led IT, formerly known as shadow IT.

The global cybersecurity community understands the traditional network security paradigm has held the industry back, but strides are being made to catch up.

SaaS security is not only consistent with overall cloud security, it is entailed by it—because SaaS is the principle technology used to access and control everything else, including IaaS systems and IaaS security controls.

SaaS security is unique because of the velocity of new SaaS being adopted and the decentralized purchasing decision process.

CASBs present some drawbacks. CISOs, information security managers, security architects, and security teams should consider alternatives to CASBs that may be more advantageous before making using one.

Grip’s SaaS Security Control Plane solution provides full visibility and access control of SaaS applications other products are unable to secure

Password managers are a popular option for companies to govern and secure credentials for SaaS, but they have some key shortcomings that limit their effectiveness.

Just as DevOps has brought software development and IT operations closer together, new and emerging changes in enterprise technology are refining DevOps.

In 2022, 36 percent of SaaS spending will be outside core IT budgets and security oversight. By the year 2030, more than 80 percent of all SaaS will be business-led SaaS. What does this mean for security?

The new program furthers the company’s mission to help companies securely embrace business-led IT with the industry’s best platform for detecting and securing SaaS applications in use that are unknown to IT and security teams.

Grip is looking to add partners who understand the differentiated value of their offering, and the uniqueness that it will provide to customers looking for improved SaaS security.

When we take a closer look, we can see why so many security teams end up with only 5-15 percent of their SaaS estate shielded by single sign-on (SSO) and password managers—it's just not worth it to extend these solutions to every SaaS service.

SaaS security is unique because of the velocity of new SaaS being adopted and the decentralized purchasing decision process.

Ars Technica thinks that the story the hacker tells is plausible, and that, while it's still not clear what the hacker gained access to, potentially at least it's quite a bit. W

Forbes Tech Council members discuss the tech trends and topics they believe will soon be hitting the workplace and how companies can prepare.

The four primary problems of password managers causing low adoption and other failures to achieve the desired security outcome are discussed below.

Cisco attack attributed to Lapsus$ ransomware gang. U-Haul discloses data breach. Update on IHG data breach.

Password compromise led to unauthorized access to a customer contract search tool over a five-month window, according to the company.

Venture capital and private equity firm Insight Partners has invested $22 million in SaaS Alerts, a cybersecurity company that promotes cloud application security software to MSPs.

0ktapus demonstrates the effectiveness of threat actors to compromise SaaS with global-scale attacks and persist within the SaaS attack surface—expanding conquest via Okta SWA credentials.

This article looks at the top 60 cybersecurity startups to watch in 2022 based on their innovations in new and emerging technologies, length of operation, early funding rounds, scalability, and more.

Security teams do have products that help them discover and manage SaaS apps that are being used by their employees. However, the problem is that these products still rely on the outdated assumption that the company controls the endpoint, network access, or authentication method.

Security teams should view BYOA as an opportunity in efficiency and innovation

The incident for CISOs demonstrates that your source code is no less a target than your customer data, as it can reveal valuable information about your application's underlying architecture.

The "0ktapus" cyberattackers set up a well-planned spear-phishing effort that affected at least 130 orgs beyond Twilio and Cloudflare, including Digital Ocean, DoorDash and Mailchimp.

The same hacking group that successfully breached Twilio Inc. and Cloudflare Inc. earlier this month is now believed to have breached more than 130 organizations in the same phishing campaign.

The core principles for protecting SaaS throughout its lifecycle are fundamentally about security architecture—discovery, justification, sanctioning, securing, and decommissioning are all implicated by security architecture. As SaaS moves through its lifecycle, security architects have an outsized impact on the fate of their organization’s SaaS defense.

Forbes Technology Council members share a female tech leader who’s been an inspiration to them as they’ve pursued their careers in tech.

SaaS risk goes far beyond just the vendor’s risk, and it is now driven by enterprise specific factors that most companies still do not factor into their risk calculations because risk is still assessed as if vendor risk were the most important factor.

New research has shown that most apps don't use the smartphone's default web browser to open links, which could potentially circumvent the operating system's security and privacy features.

Shadow IT has a new name. Welcome to the world of business-led IT—it's officially a thing.

Ransomware. Malware. Phishing attacks. Tech headlines are full of stories of the multitude of cyberthreats businesses face. Even so, every year seems to see new and reemerging cybersecurity threats, and some may be flying under the radar.

The trend away from shadow IT to business-led IT is a paradigm shift for security.

Twilio published an incident report on August 4, 2022 about an attack that led to employee and customer account compromise. The Grip SaaS Security Control Plane can help customers protect against potential attacks resulting from this breach.

CASB’s own design interferes with its ability to deliver meaningful SaaS security. It is now clear that any SaaS a CASB can protect, it does so by accident.

In this exclusive Cyber Talk interview, CEO and Co-Founder Lior Yaari shares insights into securing SaaS applications and describes why visibility is so crucial.

With the multitude of CASB vendors, there is a lot of noise, and it is not easy to evaluate the best CASB on the market. One method that could be an input into the evaluation of a CASB purchase are product review sites.

Business-led SaaS pushes each organization closer to threats that move faster than light, use currencies you can’t trace, and strike with push-button tools or services stitched together in a weekend—threats we’ve never had to face or mitigate until now.

Members of Forbes Technology Council share practical, actionable ways tech leaders can help educate both the public and lawmakers and steer new tech legislation in the right direction.

The industry reacts to Russia's unabated cyberespionage attempts

The use of legitimate cloud services to deliver malicious payloads is on the rise as cybercriminals look to take advantage of the entrenched trust that millions of business users (and email gateways) have in them.

Despite the industry’s best efforts, shadow IT has not gotten smaller but has increased and is close to becoming legitimized as a viable IT strategy that provides competitive benefits.

This CRN annual list recognizes the fast-rising, channel-focused technology vendors that help deliver innovative, cutting-edge solutions for business and opportunity for solution providers.

The FTC warned companies and apps against misusing the data they collect about their users.

To help consumers and businesses better understand the role E2EE plays in security, 13 members of Forbes Technology Council share essential facts about E2EE, including what it entails, why it’s important and what its limitations are.

It’s never easy to be a trailblazer, especially as a female junior Data Engineer in the male-led cybersecurity ecosystem. A year later, I can now say that this was a fantastic decision!

Despite economic concerns, the funds keep flowing to promising young security firms.

14 members of Forbes Technology Council share new and emerging applications of AI that may be new to you.

Is it possible to position your security team as a profit center instead of the traditional cost center reporting to the CIO?

Based on the work Grip has done with hundreds of CISOs, we have defined four stages of maturity we have seen in SaaS security programs.

CISOs are challenged to understand the scope of risk when employees are using hundreds of apps causing data proliferation and dormant zombie accounts that are no longer used but maintain unmanaged privileges. Read this Help Net Security article to gain insights into how modern CISOs are addressing this problem.

Forbes Technology Council members explore 15 common tech buzzwords that are frequently misused and misunderstood by the non-tech-savvy, and what these terms actually mean.

SaaS has created unique challenges for security teams and requires them to evaluate the maturity of their SaaS security using a framework that was developed for the unique challenges SaaS creates.

There are six primary SaaS discovery methods and each one has its pros and cons. To overcome the shortcomings of today’s products, Grip developed its own method, which is now becoming the industry standard for SaaS security.

Passwords are the worst. Infamous, ubiquitous, we just can't seem to get them right. Why are we stuck securing access with methods users hate and hackers love?

Business-led IT is spurring SaaS use in the enterprise. This SaaS security checklist helps CISOs put in place the controls needed to manage the risk.

SaaS sprawl is inevitable as business-led IT continues to gain momentum. With automation and new technologies from companies like Grip, IT and security teams can partner with business leads while maintaining strong risk controls.

The SaaS revolution has upgraded enterprise data goldmines to platinum, and the security leaders charged with protecting them have never been more worried about data loss risk. Digital migration is also redefining the scope of information warranting protection.

CASBs are the go to solution for SaaS Security. What are the pros and cons of using a CASB, and are there alternatives security leaders should consider?

Fintech giant Block, formerly known as Square, has confirmed a data breach that affected 8.2 million users, involving a former employee who downloaded reports from Cash App that contained some U.S. customer information.

Shadow SaaS is a bigger problem than you think. We did a proof of value with a company, and the results were eye opening. We found almost 7X more SaaS applications being used and even former employees who still had access.

SSO is a key component of modern security, but it falls short of delivering on SaaS security

The best defense against credential theft is resetting every password.  Unfortunately, this is easier said than done for many companies.

Grip Founders Named to Forbes’ 30 Under 30 List

Identity and access management in the age of SaaS must fundamentally change

Grip Security’s CMO describes how the company is redefining SaaS security and why it will transform the industry.

What are the main risks associated with SaaS applications within your organization? What parameters should organizations consider when contemplating adopting SaaS applications?

Grip recognized by GRC Outlook as one of the top 10 SaaS Security Solution Providers for 2021

Grip mentioned in Top Cybersecurity Startups to Watch in 2022 by eSecurity Planet.

Grip was listed in "7 Cybersecurity Startups to Watch in 2022" by Acceleration Economy.

Managing SaaS Risks: The latest CISO view the SaaS Sprawl Apps like GitHub, CircleCI and Hubspot have access to your sensitive assets. So why aren’t we connecting them via SSO? Why are we focusing so many of our SaaS concerns on DLP?

Grip Security raises $19M Series A for its SaaS security platform

In this piece published in ITProPortal, Bradley Busch (CISO at Tyro Payments) and Grip CEO and Co-Founder Lior Yaari explains the problems with growing SaaS use and possible solution paths

CRN names Grip as one of The 10 Hottest Cybersecurity Startups Of 2021

A piece published by Amour Harari, Senior Software Engineer at Grip Security

We’ve got SaaS. You’ve got SaaS. We’ve all got SaaS! But is it safe? Saas adoption is outpacing our capacity to manage its mounting risks with adapted technologies, policies and processes. Discover what some of cybersecurity’s most influential leaders intend to do about it.

Grip Security Recognized as Zero-Trust Network Access Solution of the Year

Grip Security named a winner of the 2021 Swisscom StartUp Challenge

In this piece published in Security Magazine, CEO and Co-Founder Lior Yaari explain the problems with growing SaaS use and possible solution paths

Though SaaS was already on the rise, the global pandemic and widespread Work From Home (WFH) policies dramatically accelerated enterprise dependence on SaaS across every market sector—even traditional laggards like health and finance.

YL Ventures' John Brennan on Top Israeli Cybersecurity Startups

Check out the list of Cyber leaders backing Israeli startup Grip Security

Grip Security aims to simplify and automate SaaS endpoint security

Startup Grip Security secures seed founding round for comprehensive enterprise SaaS security solution

Grip Security raises $6M to improve SaaS security

SaaS Security Company Grip Security Emerges From Stealth

Grip Security Raises $6M from YL Ventures, CrowdStrike’s George Kurtz and Cybersecurity Luminaries to Revolutionize SaaS Security

Grip Security grabs more cash to lead ‘gold rush’ to cloud security development

Technology innovation is our only hope of maintaining a strict, low frictioned and scalable security program. Now is the time to get a Grip on the burgeoning and chaotic SaaS ecosystem.

To overcome the inherent limits to identity management and SSO, security leaders rely on the SaaS security control plane (SSCP) for visibility, risk mitigation, and access control.

SaaS commands the digital enterprise. Access control to SaaS services is the equivalent to protecting the cockpit door of a Boeing 787—unauthorized access is non-negotiable.

Cloud security depends on SaaS security, because SaaS is the control interface for everything in the digital enterprise—factories and finance, engineers and DevOps, HR and IT—everything and everyone runs on SaaS.

SaaS security posture management (SSPM) is a critical component for companies to effectively respond to SaaS threats while complying with industry standards have strong security posture. But SSPM is often insufficient, incomplete, and ineffective to secure SaaS access.

SSPM solutions help companies gain visibility and secure SaaS apps. Learn how you can get the most value from an SSPM solution.

Business-led and shadow IT is a part of organizations as more digital tools are available. Learn how shadow and business-led IT impacts your SaaS security.

What’s the best identity access management (IAM) solution to secure shadow SaaS? Learn how it can be secured just like sanctioned applications.

SaaS security is not only consistent with overall cloud security, it is entailed by it—because SaaS is the principle technology used to access and control everything else, including IaaS systems and IaaS security controls.

SaaS security is unique because of the velocity of new SaaS being adopted and the decentralized purchasing decision process.

CASBs present some drawbacks. CISOs, information security managers, security architects, and security teams should consider alternatives to CASBs that may be more advantageous before making using one.

Password managers are a popular option for companies to govern and secure credentials for SaaS, but they have some key shortcomings that limit their effectiveness.

When we take a closer look, we can see why so many security teams end up with only 5-15 percent of their SaaS estate shielded by single sign-on (SSO) and password managers—it's just not worth it to extend these solutions to every SaaS service.

The four primary problems of password managers causing low adoption and other failures to achieve the desired security outcome are discussed below.

0ktapus demonstrates the effectiveness of threat actors to compromise SaaS with global-scale attacks and persist within the SaaS attack surface—expanding conquest via Okta SWA credentials.

Security teams do have products that help them discover and manage SaaS apps that are being used by their employees. However, the problem is that these products still rely on the outdated assumption that the company controls the endpoint, network access, or authentication method.

Security teams should view BYOA as an opportunity in efficiency and innovation

The core principles for protecting SaaS throughout its lifecycle are fundamentally about security architecture—discovery, justification, sanctioning, securing, and decommissioning are all implicated by security architecture. As SaaS moves through its lifecycle, security architects have an outsized impact on the fate of their organization’s SaaS defense.

SaaS risk goes far beyond just the vendor’s risk, and it is now driven by enterprise specific factors that most companies still do not factor into their risk calculations because risk is still assessed as if vendor risk were the most important factor.

The trend away from shadow IT to business-led IT is a paradigm shift for security.

Twilio published an incident report on August 4, 2022 about an attack that led to employee and customer account compromise. The Grip SaaS Security Control Plane can help customers protect against potential attacks resulting from this breach.

CASB’s own design interferes with its ability to deliver meaningful SaaS security. It is now clear that any SaaS a CASB can protect, it does so by accident.

With the multitude of CASB vendors, there is a lot of noise, and it is not easy to evaluate the best CASB on the market. One method that could be an input into the evaluation of a CASB purchase are product review sites.

Business-led SaaS pushes each organization closer to threats that move faster than light, use currencies you can’t trace, and strike with push-button tools or services stitched together in a weekend—threats we’ve never had to face or mitigate until now.

Despite the industry’s best efforts, shadow IT has not gotten smaller but has increased and is close to becoming legitimized as a viable IT strategy that provides competitive benefits.

It’s never easy to be a trailblazer, especially as a female junior Data Engineer in the male-led cybersecurity ecosystem. A year later, I can now say that this was a fantastic decision!

SaaS has created unique challenges for security teams and requires them to evaluate the maturity of their SaaS security using a framework that was developed for the unique challenges SaaS creates.

There are six primary SaaS discovery methods and each one has its pros and cons. To overcome the shortcomings of today’s products, Grip developed its own method, which is now becoming the industry standard for SaaS security.

Passwords are the worst. Infamous, ubiquitous, we just can't seem to get them right. Why are we stuck securing access with methods users hate and hackers love?

Business-led IT is spurring SaaS use in the enterprise. This SaaS security checklist helps CISOs put in place the controls needed to manage the risk.

SaaS sprawl is inevitable as business-led IT continues to gain momentum. With automation and new technologies from companies like Grip, IT and security teams can partner with business leads while maintaining strong risk controls.