In the latest episode of the Talking Security Podcast, we sat down with Itai Cohen from the Microsoft Defender for Cloud Apps team to explore one of today’s hottest topics in cloud security: the evolution from Cloud Access Security Brokers (CASB) to a broader SaaS Security strategy — and how to tackle the growing threat of OAuth abuse.
🔄 From CASB to SaaS Security: A Strategic Shift
While CASB solutions were once the standard for gaining visibility and control over SaaS apps, the threat landscape has drastically changed. The SaaS ecosystem has expanded, attackers have become more sophisticated, and a more comprehensive security approach is now essential.
Microsoft is leading that shift by evolving Defender for Cloud Apps from a traditional CASB into a modern, integrated SaaS Security solution. During our discussion, Itai shared how this transition enables better visibility, deeper insights, and more proactive protection across today’s complex SaaS environments.
🕵️ OAuth Abuse: The Silent Threat in SaaS Environments
One of the biggest security risks in SaaS today? OAuth abuse.
OAuth tokens and permission grants are incredibly powerful — and when misused, they can open the door to serious compromises. Itai walked us through:
- The typical attack paths used to exploit OAuth tokens,
- Why attackers are targeting them more frequently,
- And what Microsoft is doing to help organizations fight back.
Among the new capabilities:
- Attack Path Analysis to uncover how attackers move through OAuth relationships,
- Advanced Hunting for OAuth events, giving security teams new ways to detect and respond,
- And improvements around consent governance, to help reduce over-permissioned apps and shadow risk.
This is also shared on the latest blog of Itai on Microsoft TechCommunity – link
🔍 Exposure Management: From Reactive to Proactive
We also explored the growing role of Exposure Management in SaaS Security. Instead of waiting for threats to strike, organizations are now focused on identifying and reducing risk before it becomes a problem.
Microsoft Defender for Cloud Apps plays a key role in this proactive approach, helping organizations gain control over SaaS risks and integrate with Microsoft’s broader security ecosystem — including Defender XDR and Entra ID.
🎙️ Tune in to the Episode
Whether you’re using Microsoft Defender for Cloud Apps today or just getting started with SaaS security, this episode is packed with valuable insights and practical advice.
▶️ Listen to the episode: https://rss.com/podcasts/talking-security/1981018
👤 Connect with our guest: Itai Cohen on LinkedIn
📺 View on Youtube
👉 Don’t forget to subscribe to the Talking Security Podcast for more expert insights on Microsoft Security, identity, and modern workplace topics.
Stay secure, stay curious — and see you next time on Talking Security.
If you have questions, feedback, or topics you’d love to hear about, let us know!