In this episode of the Talking Security Podcast, we sit down with Itai Cohen from the Microsoft Defender for Cloud Apps team to explore the evolution of SaaS Security — from the traditional CASB (Cloud Access Security Broker) model to a broader, more proactive security strategy.

We cover:

• Why CASB isn’t enough anymore and what the future of SaaS Security looks like
• The growing threat of OAuth abuse — and why it’s such a hot target for attackers
• New innovations from Microsoft like Attack Path Analysis and Advanced Hunting for OAuth threats
• How Exposure Management is helping organizations proactively reduce SaaS risk

🎧 Whether you're a security architect, IT decision-maker, or Microsoft 365 enthusiast, this episode will help you rethink how you protect your SaaS environments.

👇 Don’t forget to like, subscribe, and share with your network.

📬 Got feedback or topics you'd like us to cover? Let us know in the comments or reach out via TalkingSecurity.nl!

Outline of the recording

0:00 - Intro

0:22 - Introduction of this episode

2:05 - Introduction of Itai Cohen - Microsoft

2:29 - What was the original goal of Microsoft Defender for Cloud Apps as a CASB solution?

4:10 - Why is Microsoft adding more capabilities on top of the traditional CASB model towards a broader SaaS Security approach?

6:08 - How do you see today’s SaaS threat landscape compared to when CASB solutions first appeared?

10:11 - Why is OAuth has become such an attractive attack vector?

13:53 - What are typical OAuth attack paths, and how do attackers exploit them?

14:50 - Microsoft blog - https://techcommunity.microsoft.com/blog/microsoftthreatprotectionblog/protect-saas-apps-from-oauth-threats-with-attack-path-advanced-hunting-and-more/4395997-, you announced new capabilities to detect OAuth threats. Can you give us an overview of what’s new?

16:16 - How does Attack Path Analysis help customers better understand and mitigate OAuth risks?

19:10 - Advanced Hunting is now available for OAuth threats — how can security teams leverage this capability?

22:36 - What are some common mistakes you see organizations make when it comes to OAuth permissions and consent management?

26:40 - Exposure Management - How does Microsoft Defender for Cloud Apps contribute to a broader exposure management approach, and how can customers use it

31:47 - How do you see the role of SaaS Security evolving within the wider Exposure Management strategy that Microsoft is building?

33:09 - How does SaaS Security fit into Microsoft’s broader security strategy, alongside Defender XDR and Entra ID?

35:33 - SaaS Security is overlooked? Why?

40:42 - If you weren’t working in security, what would you be doing instead?

42:20 - Closing the episode

43:23 - Outro

#SaaSSecurity #MicrosoftDefender #OAuth #CASB #CloudSecurity #TalkingSecurityPodcast