OAuth token misuse and overprivileged SaaS access

Your security budget is funding the wrong defenses.

Steve Elovitz leads Unit 42's North America consulting and incident response practice, where his team helps prevent, and ultimately answers the call when organizations face their worst day. After analyzing 750+ major breaches in a single year, he's seen exactly which security investments save companies and which ones fail when attackers strike. The data is uncomfortable: 90% of breaches succeed not because attackers are sophisticated, but because of misconfigurations or gaps in security coverage.

You'll discover:

- Why your detection window just shrunk to 1.2 hours (and what autonomous containment actually means when every minute counts)

- The single identity control that separated organizations recovering in days from those shut down for weeks—with the same attacker, same techniques, different outcome

- How to stop wasting money on tools that can't see the SaaS integrations and OAuth tokens attackers are already exploiting in your environment

- Which gaps in your security posture are preventable right now, before they become next quarter's incident response bill

- The defensive investment that delivers ROI in real breach scenarios, not just compliance checkboxes

With 15+ years leading incident response teams at Mandiant, PriceWaterhouseCoopers, and Booz Allen Hamilton, Steve has helped security teams make critical decisions under pressure when ransomware is encrypting, data is walking out the door, and the board is demanding answers. He knows which controls actually stop sophisticated threat actors and which ones just look good in budget presentations.

This episode is essential listening if you:

- Need to defend your security roadmap with evidence from actual breach investigations, not vendor promises

- Want to understand why identity keeps appearing in every postmortem and what to do about it before you're the case study

- Are tired of "best practices" that don't map to how attackers actually succeed against real organizations

Related Episodes:

- Muddled Libra: From Spraying to Preying in 2025 - Learn which conditional access policies actually stopped the threat actor Unit 42 calls their toughest fight

- Transform Your SOC and Get Ahead of the Threats - Discover how organizations build SOCs that partner effectively with IR teams instead of slowing down containment

- Inside Jingle Thief: Cloud Fraud Unwrapped - Understand why your MFA deployment isn't protecting you from identity compromise the way you think it is #IncidentResponse

If you think you may have been compromised or have an urgent matter, please contact Unit 42 Incident Response team or call North America Toll-Free: 866.486.4842 (866.4.UNIT42), EMEA: +31.20.299.3130, UK: +44.20.3743.3660, APAC: +65.6983.8730, or Japan: +81.50.1790.0200.

About Threat Vector

Threat Vector by Palo Alto Networks is your premier podcast for security thought leadership. Join us as we explore pressing cybersecurity threats, robust protection strategies, and the latest industry trends.

The podcast features in-depth discussions with industry leaders, Palo Alto Networks experts, and customers, providing crucial insights for security decision-makers.

Whether you're looking to stay ahead of the curve with innovative solutions or understand the evolving cybersecurity landscape, Threat Vector equips you with the knowledge needed to safeguard your organization.

Palo Alto Networks

Palo Alto Networks enables your team to prevent successful cyberattacks with an automated approach that delivers consistent security across the cloud, network, and mobile.⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ ⁠http://paloaltonetworks.com.