Wing Security: Tackling SaaS Identity Threats with AI-Driven Detection at RSA 2025 : @VMblog

Article

Search:

Follow VMblog.com:

Improve end user experience in VDI, DaaS and physical endpoint environments

Wing Security: Tackling SaaS Identity Threats with AI-Driven Detection at RSA 2025

The RSA Conference (RSAC), the premier cybersecurity industry event, returns to San Francisco's Moscone Center April 28-May 1, 2025, bringing together thousands of security professionals, vendors, and thought leaders from across the globe. This annual gathering serves as the definitive forum for the latest cybersecurity innovations, trends, and best practices, featuring hundreds of educational sessions, keynotes from industry luminaries, and an expansive expo floor showcasing cutting-edge security solutions. For organizations navigating today's complex threat landscape, RSAC provides unparalleled networking opportunities, hands-on training, and essential insights to help bolster defense strategies against evolving cyber threats.

As organizations increasingly rely on SaaS applications as the backbone of their operations, identity-based threats have emerged as a critical security concern. In this exclusive VMblog interview ahead of RSA Conference 2025, Galit Lubetzky Sharon, Co-founder and CEO of Wing Security, discusses how traditional security solutions often leave dangerous gaps in SaaS identity protection.

With predictions that mid-market organizations will use over 1,000 SaaS apps by 2027 and employees connecting their identities to more than 40 services on average, Sharon reveals how Wing's platform uses AI-driven anomaly detection and automated enforcement to protect businesses from multi-stage identity attacks that traditional solutions miss. Learn how Wing Security is helping organizations uncover the full attack story across their expanding SaaS ecosystems.

VMblog: Give VMblog readers a quick overview of your company and its core mission in the cybersecurity space.

Galit Lubetzky Sharon: Traditional security solutions, including IDPs and PAMs, may leave gaps when it comes to SaaS identity threats. Scattered event logs, tons of alerts, and fragmented data prevent security teams from seeing multi-stage identity attacks unfolding across SaaS applications-leaving organizations vulnerable to breaches, insider risks, and compliance failures.

Wing Security was founded to help businesses solve these problems by protecting critical SaaS applications and maximizing continuity. With so much at stake, and with such low visibility into the number and types of SaaS applications businesses are using, Wing's SaaS protection platform provides automated discovery, security assessment, and remediation across all cloud applications, helping organizations secure their SaaS environments without disrupting operations. As hackers are increasingly using AI to amplify their attacks, Wing is leveraging AI-driven anomaly detection and automated enforcement policies to keep up and proactively reduce SaaS security risks, prevent data exposure, maintain compliance across cloud ecosystems, and detect and respond to identity threats within SaaS applications.

With a rapidly expanding customer base and continued investment in automated security workflows, Wing Security is solidifying its position as a leader in Identity and SaaS security innovation.

VMblog: What is your message to RSA attendees coming out to the show this year?

Sharon: Modern organizations rely on SaaS applications as the backbone of their operations, but attackers increasingly target human and non-human identities, exploiting identities as entry points for breaches. While many security solutions focus on cloud, endpoint, and network threats, they overlook the unique risks posed by SaaS identity ecosystems. Logs from SaaS applications surface isolated suspicious events but don't tell the full story, creating blind spots and leaving security teams unable to connect routine user actions like password changes with malicious tactics that evolve into multi-stage attack chains. Without identity-centric event correlation and context between different SaaS applications, organizations remain vulnerable to account takeovers, identity misconfigurations, and compliance failures, putting security and business continuity at risk.

Our goal is to give businesses the tools and power to uncover the full attack story, map user behavior from infiltration to exfiltration, and regain control of their SaaS attack surface.

VMblog: What were your key learnings from 2024's security landscape, and how have those insights shaped your solutions for 2025?

Sharon: In 2024, over 10,000 AI-powered SaaS tools were identified. The rampant use of SaaS tools are so compelling to user productivity that they are unstoppable. By 2027, mid-market organizations are projected to use well over 1,000 SaaS apps, up from 750 in 2024. Employees will connect their identities to more than 40 services on average, a 30% rise from 2024, amplifying unmanaged risks.

Tools like Cloud Access Security Brokers (CASBs) offer visibility but cannot monitor app-to-app integrations or token permissions. Without addressing these gaps, security teams remain blind to critical risks.

We've found that identity is at the center of SaaS security and ITDR cuts through the noise by uncovering and correlating suspicious identity events with routine ones across the SaaS ecosystem. Security teams want and need this correlation so that they can see, in plain sight, the full attack story. This simplifies their investigations, eliminates alert fatigue, and enables them to quickly respond to identity threats.

VMblog: What specific market challenges or pain points is your company addressing at RSA 2025? How have these evolved from previous years?

Sharon: Identity-based attacks pose an escalating threat to SaaS environments. Every new SaaS integration, third-party app, and misconfiguration creates an opportunity for attackers to exploit credentials, escalate privileges, and move laterally within an organization.

We aim to provide SOC teams with a comprehensive approach to identity-based threat detection and response built to support the MITRE ATT&CK framework, which helps map identity-based attacks, correlate identity events, and provide deeper insights into adversarial tactics and techniques. We give security teams a clear and complete picture of the attack path, reducing investigation time and enabling faster responses.

To ensure the most pressing issues are dealt with first, our solution delivers prioritization scoring using User and Entity Behavior Analytics (UEBA). Wing Security's ITDR pulls together fragmented identity-related logs, then applies UEBA to detect anomalies and subtle patterns of movement or privilege abuse.

VMblog: How can security leaders better prepare their organizations for the evolving threat landscape in 2025 and beyond?

Sharon: To stay ahead, CISOs must prioritize comprehensive SaaS risk assessments to determine their strategy based on data vs. intuition. Organizations that take these steps will be better positioned to manage evolving SaaS complexities and secure their environments in 2025 and beyond. My advice is to not overlook identity protection in SaaS applications, build up your defenses to monitor the most pressing SaaS risks,and enable compliance through frameworks like CISA's Secure Cloud Business Applications (SCuBA). Above all else, security leaders need to know where they stand with the SaaS applications their organization is using, approved or otherwise. Begin there, and you're already taking a big step in the right direction.

Published Tuesday, April 15, 2025 7:29 AM by David Marshall