🗞️ UNC6395 Targets Salesforce via Salesloft Drift: What happened, why it happened, and what you can learn from it

Third-Party Risks for SaaS

Real-time visibility and insights into risks introduced by connected third- and fourth-party applications.

CHALLENGE

Third- and fourth-party connected apps are everywhere—and growing fast. These extensions and integrations often request excessive permissions and operate outside of IT’s visibility. Without clear oversight, organizations risk data exposure, privilege abuse, and supply chain compromise.

How AppOmni secures third- and fourth-party app risks

AppOmni provides the telemetry and tools, combined with posture and identity centric analysis to efficiently prioritize and respond to SaaS security threats.

Identifies Unsanctioned Apps

Proactively alert and prioritize unsanctioned non-human identities.

Increased visibility

Visualize and monitor third- and fourth-party applications—including those authorized by non-human identities.

Discovers Exposure and Impacts

Quickly identify the blast radius of 3rd and 4th party breaches and misconfigurations.

Key Features

What is the 0ktapus Breach? Key Lessons for SaaS Security Teams

0ktapus demonstrates how attackers bypass even strong authentication controls by targeting the human layer.

Read the Blog

In the News

AI Security Map: Linking AI vulnerabilities to real-world impact

Melissa Ruzzi, Director of AI at AppOmni, says the framework can be strengthened with careful mapping of both users and data.
In the News

Extensive Salesforce data theft campaign fueled by stolen Salesloft Drift OAuth tokens

Such an attack campaign was noted by AppOmni Chief Security Officer Cory Michal to exhibit elevated levels of discipline from the threat actors.
In the News

Massive attack hits Salesforce users: hackers exfiltrating data with stolen third-party app credentials

Cory Michal, CSO of AppOmni, warns that the incident is yet another example of how integrated apps open doors to attackers, enabling broader access.

Critical applications secured

Protect data essential to your business

Microsoft 365

Salesforce

ServiceNow

Workday

Google Workspace

Explore all applications

“I needed to get a better understanding of the overall attack surface, our portfolio of applications, and their configurations and data exposure risks.”

Wai Sheng Cheng

Information Security and Risk Manager, Spencer Fane

Read the Case Study

Manage M365 Security

Uncover dozens of unknown third-party connections posing security risks with AppOmni.

Solutions

Product

Featured Resources

What SaaS Apps Are You Really Using? And Why It Matters (More on SaaS Discovery)

Simplify SaaS Security: How Posture Scoring Empowers Teams to Optimize SSPM

Customers

Featured Resources

How the University of Cincinnati gained full visibility & control over SaaS security

How Rightmove secures and optimizes its expanding SaaS estate with AppOmni

Partners

Featured Resources

AppOmni Is Now Available in All Major Cloud Marketplaces

AppOmni Continues to Lead SaaS Security, Ends Fiscal Year with Strong Momentum

SaaS Security Resources

Featured Resources

Operationalize Zero Trust in Public Sector SaaS

Salesforce Industry Clouds: 0-days and Exploitable Misconfigs

Third-Party Risks for SaaS

How AppOmni secures third- and fourth-party app risks

Key Features

Connectivity Visualization

Custom Rulesets & Alerting

Discovered Apps

Real-Time Policy Snapshots

What is the 0ktapus Breach? Key Lessons for SaaS Security Teams

AI Security Map: Linking AI vulnerabilities to real-world impact

Extensive Salesforce data theft campaign fueled by stolen Salesloft Drift OAuth tokens

Massive attack hits Salesforce users: hackers exfiltrating data with stolen third-party app credentials

Critical applications secured

“I needed to get a better understanding of the overall attack surface, our portfolio of applications, and their configurations and data exposure risks.”

Uncover dozens of unknown third-party connections posing security risks with AppOmni.

SaaS Security RoundUp

Company

Resources

Secured Apps

Use Cases

Product

Customers

Partners

SaaS Security Resources

Third-Party Risks for SaaS

How AppOmni secures third- and fourth-party app risks

Key Features

What is the 0ktapus Breach? Key Lessons for SaaS Security Teams

Related Content

Critical applications secured

“I needed to get a better understanding of the overall attack surface, our portfolio of applications, and their configurations and data exposure risks.” ​​

Uncover dozens of unknown third-party connections posing security risks with AppOmni.

“I needed to get a better understanding of the overall attack surface, our portfolio of applications, and their configurations and data exposure risks.”