SquareX Uncovers Critical Vulnerabilities in Top Webmail Providers. Read More

✨ SquareX has raised a USD 6M seed from Sequoia Capital SEA. Read More

Home / Use cases / Identity Attacks

Identity Attacks

SaaS apps are becoming more common, offering enterprises scalable and cost-effective solutions to specific problems. However, this popularity has also made them a target for cyber attackers. One of the main threats is credential theft or identity attacks, where attackers use various techniques to steal user credentials or access.

SquareX provides enterprises with the option to create policies that block login access to different SaaS apps based on granular properties like permissions or authentication methods used (like SAML, Password or OAuth based SSO), helping them stay one step ahead of these threat actors. For SaaS apps who only support password based logins, SquareX also allows creation of policies to avoid re-use across SaaS apps and ensure good password strength ensuring overall security posture.

In addition to this, SquareX also provides policies to protect users from accessing possible phishing pages which look similar to your organisations' login pages.

Block SaaS Apps with Risky Permissions

Many SaaS apps do not follow best practices—for instance, requesting overly broad permissions like full Google Drive access instead of specific file creation permissions. SquareX enables creating policies that enforce best practices, ensuring apps adhere to security standards by granting permissions only as necessary. This approach maintains employee productivity while enhancing security. Policies can be made defining OAuth scopes to either allow or block apps based on their requested permissions. Threat actors also exploit by creating malicious SaaS apps that mimic legitimate ones. Stricter policies that permit or deny apps based on their client ID, can also be made to allow / disallow specific apps to counter this. These policies also handle multi-step permission requests often made by SaaS apps.

Protect employees against tenant impersonation

SquareX helps protect employees from tenant impersonation by allowing policies that block logins unless they occur through a designated SSO method like OAuth or SAML, and that too specifically for the organization's tenant. This approach ensures that authentication attempts outside of approved SSO channels are effectively prevented, preventing unauthorized access attempts.

Policies Against Evasion Tactics by AiTM Phishing Pages

To effectively combat evasion tactics used by AiTM (Adversary in the Middle) phishing pages, robust policies are essential. Attackers often obfuscate code and text within their source code or block proxies from reading their actual content to evade detection. They also use Browser in the Middle (BiTM) based platforms or obscure the phishing platform signatures to make it even before difficult to detect. SquareX empowers organizations to create policies that utilize advanced techniques like rules-based on-screen OCR (Optical Character Recognition). These policies allow blocking pages based on matching the actual visible content on the page to match with the organization's SSO login page, effectively countering AitM detection evasion.

Preventing Password Reuse Across SaaS Apps

SquareX helps protect against password re-use across various SaaS applications, even when these apps lack Single Sign-On (SSO) support. It can be used to create policies that help maintain unique password requirements for each application, enhancing overall security posture. It also allows organizations to create policies to use newer passwords with stronger strength based on a strength score.

Protect Employees from Device ID Phishing

SquareX allows organizations to create policies that prevent device code phishing attempts, a method where attackers exploit device authentication processes used by devices such as smart TVs or CLI tools. Attackers often use carefully crafted phishing emails to distribute such links along with device code. SquareX's policies can block unauthorized access attempts by enforcing strict controls by blocking device code based login links. This helps mitigate the risk of attackers gaining access tokens.

Block file uploads to drive.google.com when not logged into company google workspace account

SquareX allows creation of identity-aware policies to manage file uploads directly within the browser. This capability allows SquareX to enforce rules based on the user's identity context within SaaS platforms. For example, it can restrict upload of files to Google Drive by allowing it to continue only if users logged into their company's Google workspace account.

Block advanced Browser-in-the-browser attacks

There are classes of attacks that are orchestrated entirely within the browser that both cloud proxies and endpoint security have no visibility into. One such attack is the Browser-in-the-browser (BitB) phishing attack, where a browser view is embedded within a page, appearing as a window popup. Users get tricked into entering their data into these seemingly unassuming pages.Enterprises can leverage SquareX to block employees from facing BitB attacks. For instance, if an enterprise is using Okta for authentication, then a simple site content policy to check for Okta login content against the domain can be done effectively, using SquareX. A demonstration of this is shown against the recent and ongoing ‘Steamcommunity’ phishing attack that is propagated through Discord. Simply using a screenshot of the actual phishing page, you can see the power of SquareX’s detection technology.