Recent high profile SaaS breaches have brought attention to SaaS as the new enterprise attack surface. For many organizations, SaaS is dangerously under-defended. Threat actors like UNC6040 (possibly ShinyHunters) and UNC6395 (GRUB1) are actively exploiting SaaS users, misconfigurations, unmaintained third-party integrations, and gaps in monitoring to gain persistent access to business-critical SaaS platforms like Salesforce, ServiceNow, M365, and Okta. Traditional tools often miss these attacks entirely, leaving security teams blind to activity happening beyond the endpoint.
Join AppOmni’s security team for a deep dive into how leading security practitioners are rethinking SaaS security. We’ll unpack lessons from real-world incidents, explore how attackers are compromising organizations and share actionable strategies to reduce risk and improve visibility.
Key Takeaways
- How the attack surface has changed
- Weaknesses in your SaaS estate that attackers are exploiting
- TTPs being used by threat actors like UNC6040 (possibly ShinyHunters) and UNC6395 (GRUB1)
- The proactive countermeasures that can disrupt these kill chains early
- Detection and response strategies that are needed to stop attackers
Whether you’re in financial services, healthcare, high tech, retail, or government, this session will equip you with the mindset and methods to secure your SaaS estate.
Can’t attend live? Register anyway and we will send you the recording.
Tuesday September 23, 2025
8am PT | 11am ET | 4pm GMT
Speakers:
Cory Michal
VP of Security
AppOmni
Sam Morrison
Product Manager
AppOmni
Drew Holstein
Account Manager
AppOmni
