IT Brief India - Technology news for CIOs & IT decision-makers
India

Guides

#
artificial intelligence
#
digital transformation
#
disaster recovery
#
hybrid & remote work
#
internet of things

Search

Shield symbol integrated with cloud network elements secure cloud software protection cyber threat detection blocking
#
SaaS
#
Network Security
#
Breach Prevention

AppOmni unveils Zero Trust Bridge to counter SaaS cyberattacks

Today
Author image
By Catherine Knowles, Journalist

AppOmni has introduced a new capability designed to help organisations defend against recent attacks on customer relationship management (CRM) applications linked to the cybercriminal groups ShinyHunters and UNC6040.

The new feature, known as Zero Trust Bridge, aims to address the challenge faced by many companies whose software-as-a-service (SaaS) applications cannot communicate risk or suspicious user activity to the broader security infrastructure in real time. This limitation has prevented security teams from implementing dynamic Zero Trust policies that adapt to emerging threats quickly enough to prevent breaches.

SaaS and security blind spots

Zero Trust security frameworks require visibility and the ability to respond to risk across all parts of an IT environment. However, in most organisations, SaaS applications have remained a blind spot, AppOmni attests. Although Zero Trust Network Access (ZTNA) authenticates each connection, once users are inside SaaS platforms, changes or threats can go unnoticed and unreported throughout the rest of the security stack.

Recent incidents affecting Salesforce customers, attributed to both the ShinyHunters and UNC6040 groups, have highlighted the role that SaaS blind spots can play in successful data theft campaigns. Attackers have reportedly exploited weaknesses in OAuth protocols and engaged in social engineering attacks to compromise sensitive data, often without immediate detection from traditional security systems.

Realtime signals for Zero Trust

Brian Soby, Chief Technology Officer, AppOmni, wrote a blog post on the topic. He wrote:

"Zero Trust works best when every system can call out risk in real time. Zero Trust Network Access (ZTNA) verifies every connection, yet most architectures go quiet once users land inside SaaS. That silence is costly. Recent activity affecting Salesforce customers attributed to UNC6040 and ShinyHunters has clearly demonstrated this threat.

"The main challenge? Most SaaS applications can't easily communicate risk or user activity back to the rest of your security stack. Without a way to share real-time signals, Zero Trust policies can't adapt fast enough to prevent breaches. That's where the Shared Signals Framework (SSF) comes in. When implemented in SaaS solutions, SSF can bridge this gap by allowing SaaS platforms to send standardized risk and user activity updates to your enforcement points, turning SaaS from a security blind spot into a vital source of threat intelligence."

According to the company, organisations can now unlock shared signals for SaaS using AppOmni's new Zero Trust Bridge feature, enabling dynamic, responsive Zero Trust security across their entire environment. AppOmni already provides posture controls and threat detection mechanisms to protect and detect the TTPs used by UNC6040 and ShinyHunters. With the Zero Trust Bridge, AppOmni can also augment defenses by informing other zero trust components in an environment.

Patented bridge technology

Soby described Zero Trust Bridge as a patented feature that monitors updates across source applications and translates these into messages that can prompt real action by authorisation systems. These actions may include requiring additional user authentication, reauthorisation, or session revocation.

Soby wrote, "Our patented, new feature changes the game for shared signals in SaaS applications. As the leading SaaS security platform, AppOmni is uniquely positioned to now leverage our Zero Trust Bridge to bring SaaS applications into a dynamic and responsive security architecture. The attacks that abused OAuth and social engineering show why this matters. Zero Trust Bridge turns SaaS into an active participant in your Zero Trust program. It brings SaaS applications into a closed-loop architecture without waiting for every app to implement SSF and allows adaptive, dynamic policy enforcement across your existing controls.

"In a nutshell, Zero Trust Bridge monitors updates across source applications and translates those updates into messages using application context. It then sends those messages to authorisation systems that can take real actions like step-up, reauthorise, or revoke."

Extending shared signals capabilities

The system supports the Continuous Access Evaluation Protocol (CAEP) and Risk Incident Sharing and Coordination (RISC), and extends the Shared Signals Framework with support for over 350 event types. By generating these comprehensive signals and sharing them with the identity provider, SASE and ZTNA platforms, and other security enforcement points, organisations gain the capability for real-time policy enforcement triggered by actual SaaS activity rather than relying solely on vendor-provided logging.

According to Soby, "AppOmni informs Zero Trust Policy Enforcement Points (PEPs) in real time, such as Secure Access Service Edge (SASE) platforms or your identity provider, so they can evaluate and enforce policy. AppOmni informs, and your PEPs enforce."

Detecting threats and session hijacking

An example described by the company involves session hijacking where attackers reuse tokens, impersonate users, or attempt access from anomalous devices or locations. Through Zero Trust Bridge, these activities are detected, packaged as CAEP and RISC messages, and dispatched to relevant enforcement points to react according to pre-defined policies.

"This restores the closed loop that Zero Trust intends. Detection → Signaling → Decision → Enforcement. You do not need to wait for each SaaS vendor to natively support SSF," Soby wrote.

The capability also covers cross-application correlation, allowing detection of threat patterns that would not be visible from a single application's perspective. This includes activity by administrators, service accounts, and integrations across multiple SaaS platforms.

Enabling immediate Zero Trust response

According to the company, Zero Trust Bridge is designed to allow immediate activation of shared signals within existing environments. The feature can be enabled for organisations already using AppOmni in conjunction with their identity or access management solutions, with support for mapping and validating high-value security signals.

"If you already integrate AppOmni with your identity provider or SASE or ZTNA, enabling Zero Trust Bridge is straightforward. We will help you map the highest value signals, including the extended catalog, to your existing PEPs and validate end to end outcomes. Zero Trust Bridge keeps your policies responsive, and it makes Zero Trust real for the layer where your data lives. SaaS finally has a voice in your Shared Signals ecosystem," Soby stated.
Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X
Related stories
AMSYS adopts Conifers platform to scale security services growth
Check Point named Leader in Gartner’s 2025 hybrid firewall report
Fortinet named leader in Gartner’s 2025 hybrid mesh firewall
Commvault unveils new HyperScale Edge & Flex for cyber resilience
Ransomware attacks stable in July but threat remains high, warns report

Top stories

StorONE & Viking unveil unified storage to end legacy silos
Maritime firms upbeat on AI yet struggle to scale beyond pilots
Salesforce data theft campaign exposes SaaS integration risks
Female cyber leaders call for visibility & inclusion at all levels
Check Point named a leader in 2025 Gartner firewall analysis