Our highly anticipated new SpinOne features are here! Stay ahead of the latest security threats and improve your SaaS Security Posture by identifying and mitigating risks in your SaaS environment with these new features – available for SpinOne customers today. Let’s take a closer look at what these new features mean for you and your organization.

Risk Heatmap for spotting trends at a glance

The number of OAuth applications and browser extensions that your security teams manage is increasing constantly, making it increasingly difficult to get an understanding of insights and trends – and even more difficult to make agile decisions.

The new Apps Risk Heatmap is a powerful tool from SpinOne that helps you understand and manage risk from 3rd party applications and browser extensions. This heatmap is highly customizable, allowing you to specify risk and exposure factors to identify and prioritize high-risk applications and risk trends at a glance.

Head to the Risk Assessment Overview section from the left panel to uncover insights on all your applications.

The Risk Assessment Overview is broken down into 5 tabs:

• Overview – a general summary of all applications and their breakdown, with insights on how many applications are medium or high risk, and even how many were installed in the past week
• By Service – breakdown of the most impacted services within your SaaS application
• By Permissions – visibility into scopes of permissions and insights into their risk level
• By Category – common categories from installed applications and extensions
• By Compliance – executive insights on applications and compliances they adhere to
  

Dive deeper into each tab to uncover insights and identify which applications and extensions are risky for your organization.

The Apps Risk Heatmap on the right hand corner is a configurable risk matrix showing Risk and Exposure. The Risk Trend on the bottom indicates number of High, Medium or Low risky applications that meet the defined factors.

Click on the Settings icon on the top right to configure factors.

For Risk and for Exposure, you will be able to configure and define what is Medium or High risk. To add a new factor, click on the + icon, select a factor and specify the risk you’re looking for.

Once you’ve configured all factors, click Save in order to immediately see the results on the heatmap. Click on each box to uncover applications that fall under that criteria.

Enhanced Posture Management controls: Manage and Share 

Proactively identify and remediate security misconfigurations by creating granular policies and receiving real-time alerts. 

Manage allows you to change the status of the control manually. There are two possible statuses that can be granted manually:

• Risk Accepted – Control has not been implemented but imposed risk has been accepted
• Alternative Resolution – Control has been fully implemented through alternative methods

To put controls on these statuses, customers must also specify their reasoning and add additional notes.

Share allows customers to share the control of Email, Jira & ServiceNow integration. This can help to delegate the control to different departments within the organization by creating a ticket for them, or can even act as a way to notify End Users of changes they need to make from their end.

Enhanced Misconfiguration Management

To receive alerts when statuses of controls have changed, or change the scope of specific controls, create a new Posture Policy.

In the Conditions section of the policy, specify the controls which you are changing the scope for.

In the Actions section of the policy, enable Detect Configuration Drift to monitor for controls with status changes. Select the notification channels you would want to receive notifications to and click Next step when you are done. 

On the Scope & Exceptions page, specify for which users and groups these controls should be monitored for.

NOTE: The control will be suppressed for all users that are not part of the Scope. If all groups are removed, then the control will be entirely Suppressed.

Once you’ve created the policy, ensure you have the right priority of policies configured. If needed, change the priority of your policies. Whichever policy is triggered first, will be the one that is activated.

More customizable alerts than ever before 

No matter which subscription you are on, or which SaaS applications you are protecting, notifications have never been more customizable with SpinOne. Configure notifications for each policy for each integration to meet your business requirements by specifying how Email, Slack, Teams, Jira, ServiceNow and other alerts should be sent.

Head to Security policies → Notification templates from the left panel of your SpinOne platform to get started.

In the Actions section of the policy, enable Detect Configuration Drift to monitor for controls with status changes. Select the notification channels you would want to receive notifications to and click Next step when you are done. 

On the Scope & Exceptions page, specify for which users and groups these controls should be monitored.

NOTE: The control will be suppressed for all users that are not part of the Scope. If all groups are removed, then the control will be entirely Suppressed.

Once you’ve created the policy, ensure you have the right priority of policies configured. If needed, change the priority of your policies. Whichever policy is triggered first will be the one that is activated.

Complete protection on one, unified platform

You need a streamlined, simple way to manage your SaaS workspaces to protect your SaaS data. These key updates give your SecOps team the power of customization and automation – replacing manual, time-wasting tasks with complete protection on one platform. 

Read more about our major Q3 Product Updates, visit our Knowledge Center, or reach out to us on live chat at spin.ai.