The four risks
Four detection rules. The four highest-cost mistakes.
Kastrum runs four continuous detections against your connected SaaS apps. Each rule targets a class of access risk that we — and the public breach record — have seen turn into a business-stopping incident.
Ex-employees with active accounts
Member exists in a connected SaaS app but no longer matches an active identity in your directory.
The single largest source of breaches in the public record. Departing employees keep their access for weeks or months because manual offboarding checklists silently miss tools.
Admins without multi-factor authentication
Member has an admin/owner role in a connected SaaS app and no MFA factor is enrolled.
Admin accounts without MFA are a credential-stuffing target. One reused password is the difference between a near-miss and a full tenant compromise.
Dormant super-administrators
Member has the highest privilege role in a connected SaaS app but has not been active in 90+ days.
Dormant super-admins are the riskiest accounts in any tenant. They retain full power and rarely get noticed when compromised.
Long-standing external guests
Member is a guest/external collaborator in a connected SaaS app and has held that access for more than 90 days.
External guests linger long after the project that justified them ended. Each one is an unmanaged identity with continuing reach into your data.