< Go Back

A Day-in-the-Life of a SaaS Threat-Intelligence Expert

Meet Yoav Kalati, Wing Security’s head of Threat Intelligence. Learn how he leverages his unique hands-on experience in the field to bring threat detection to SaaS security.

Yoav’s Background:

Portrait of Yoav Kalati, Head of Threat Intelligence at Wing Security
Yoav Kalati – Head of Threat Intelligence at Wing Security

After 14 years of military service in various cyber intelligence roles, with extensive real-world experience in cybersecurity and threat management, I joined Wing Security at the beginning of this year. During my career, I’ve specialized in intelligence collection, cyber operations, network analysis, and cyber threat intelligence.

What does the Wing threat intelligence team do?

The threat intelligence team at Wing Security is responsible for tracking threat-actors’ activities, specifically when it comes to SaaS applications. We monitor and learn about emerging threats, trends in various attack vectors & TTPs (Tactic, Techniques and Procedures). We then analyze this information and disseminate it in an organized way, prioritized by threat-level, to our product and to our customers.

What A Typical Day at Wing Looks Like:

A typical day at Wing for the threat intelligence team focuses around proactive SaaS threat hunting, beginning with intensive research and review. My team and I review security open sources to learn about new attack vectors or techniques impacting the industry. We scour the web and Darknet for any leaks, breaches, or compromised information that’s been recently released.

We also continuously build and strengthen our threat intelligence database. We’re continuously gathering and collecting data, detecting patterns, and analyzing past breaches and compromises in order to develop additional automations and most importantly, actionable insights for our clients.

Why threat intelligence professionals are needed now more than ever?

The value that the threat intelligence team brings to the table is invaluable insight into the threat-actors’ perspective. At the end of the day, the potential vectors for an attack are endless, and security teams can’t reach them all. Threat intelligence helps close the gaps and help companies make smarter SaaS security decisions by prioritizing risks and mitigating attacks ahead of time.

“…the potential vectors for an attack are endless, and security teams can’t reach them all. Threat intelligence helps close the gaps…”

We invest efforts into proactively looking for security or privacy issues in our customers’ SaaS posture, and lean on many resources, including the Darknet. We believe that a narrower attack surface is healthier for an organization’s cybersecurity, and we aim to identify potential entry points that threat-actors might abuse.

For example, a few weeks ago we identified an application that some of our customers used, which turned out to be very risky in terms of security and privacy as well. This third-party application was selling its users’ personal information (including IP addresses, user agent, locations and more) to fourth parties. We alerted our customers, and they decided to prohibit the use of this app within their company.

Wing’s unique threat intelligence strategy

Specifically at Wing, our approach to threat intelligence is individually crafted to each of our clients. That means that we provide our customers with the crucial information they need for their business’ unique needs, rather than overwhelming them with information and notifications that aren’t relevant for their SaaS posture.

The threat intelligence team and I also carry out extensive reviews, performing deep research across the internet and checking the darkest corners of the web for breaches or any possible issues. Once that’s completed, we move our customers to automatic notifications, which mean that they’re only alerted to risks regarding the apps they use and other company-specific information.

How has SaaS security changed in the last 5 years?

There’s no way to overstate the impact of the COVID-19 pandemic, WFH (working-from-home) and hybrid working models has had on SaaS security, cybersecurity and threat intelligence. Even companies that traditionally weren’t enthusiastic about the cloud and did everything on-prem were forced to migrate many of their SaaS applications to the cloud so that their teams could continue working during lockdown periods.

SaaS applications have also moved from being niche programs to software that’s necessary for day-to-day operations and used by numerous teams within a company, like Finance, HR, Marketing and more. This mainstreaming of SaaS within companies means that organizations have to step up their efforts in securing SaaS applications.

The future of SaaS security and threat intelligence

The “perimeter” approach and its accompanying security tools are no longer sufficient. The attack surface has changed, and threat-actors are paying attention. We’re seeing more and more attacks targeting SaaS providers and Saas applications, and it’s not a coincidence that the MITRE ATT&CK framework created a matrix for cloud in general, and SaaS specifically.

“…The ‘perimeter’ approach and its accompanying security tools are no longer sufficient. The attack surface has changed, and threat-actors are paying attention.”

Understanding that we must adapt new SaaS security and threat intelligence strategies is critical not only for security teams, but also for senior management and other teams within a company.

It’s true that SaaS provides many high-value, productive, collaborative, and relatively cheap solutions for today’s workforce, but along with those benefits comes the risk that our data is no longer safely contained within our own hands. Companies need to embrace robust SaaS security solutions in order to properly protect themselves.

Managing an organization’s SaaS posture in terms of securing SaaS applications, permissions that were given to those applications, web extensions, user’s security issues and shared resources, to name a few, is necessary for mitigating the risk of these kinds of attacks. 

Why Wing is your best option

Wing offers security that does more than inform you about threats – it presents the biggest risks in a prioritized, intuitive way, along with solutions to combat them, so that you can take immediate action. You are empowered with both discovery and automated SaaS security tools mitigation options, and given a straightforward understanding of what really matters. Wing Security cuts through the noise and provides you with the information that’s critical, rather than simply bombarding you with notifications that lead to alert fatigue.

Contact Wing Security today for a demo so we can show you our approach to threat intelligence and SaaS security, including Wing Security’s real, actionable solutions.



Curious to learn more about our solution?