012 - Is Identity the New Firewall? The SaaS Cyber Kill Chain Examined
This week on SysAdmin Weekly, Andy is joined by returning guest Paul Schnackenburg to dive headfirst into one of the most important (and overlooked) topics in modern IT: SaaS Security.
From token theft and malicious OAuth apps to adversary-in-the-middle attacks and the harsh truth about identity becoming the new firewall, we unpack how attackers are adapting to the cloud-first world, and why most orgs are woefully unprepared.
We explore:
- The SaaS cyber kill chain from recon to persistence
- Other real-world security incidents like CitrixBleed2 and the Fortinet hardcoded credentials fiasco
- The dark art of malicious OAuth apps and shadow IT exploitation
- Why EDR and XDR fall short in a SaaS world
- What you can do *right now* to harden your defenses (Hint: MFA is not enough)
This one’s loaded with insights and practical tips, don’t miss it!
## Episode Resources ##
- SysAdmin Weekly Companion Newsletter
- X Post re: Fortinet Hard-Coded Credentials
- Paul's SaaS Cyber Kill Chain Article