Thank you for downloading "Cloud Threat Detection, Investigation and Response For Dummies."

Alerts never stop, cloud blind spots keep multiplying, and now attackers are using AI to scale faster than human defenders ever could. And so the SOCs are drowning.

When we think about catastrophic vulnerabilities in the cloud, we usually imagine complex exploits that require advanced techniques, persistence, or luck. Sometimes a single flaw breaks the trust we put in our identity providers.

Mitiga Labs began investigating a series of suspicious activities targeting Salesforce environments well before the news broke publicly. It all started with traffic from Tor exit nodes interacting with Salesforce via an app called Drift. Is this normal behavior? What is Drift? And how do we assess its legitimacy? This is where the challenge of shadow IT surfaces – security operations teams are often left scrambling to determine whether such activity is authorized or a sign of compromise.