The Snowflake breach wasn’t an anomaly — it was the inevitable result of outdated Third-Party Risk Management (TPRM) colliding with a relentless adversary like Scattered Spider. While organizations relied on annual checklists, UNC3944 weaponized orphaned credentials and toxic SaaS integrations across vendors like Snowflake, turning trusted platforms into breach delivery systems that impacted AT&T, Ticketmaster, Santander, and hundreds more.
This session delivers the urgent counterplay. Forget Band-Aid fixes. We’ll expose how Scattered Spider exploited the gaps legacy TPRM ignores — and unveil a modern, proactive playbook: continuous SaaS monitoring, automated threat detection, and real-time access governance designed for the realities of today’s supply chain contagion.
Stop being Scattered Spider's next trophy. Adapt or become the next Snowflake-scale headline.
Learning Objectives:
Decode the Kill Chain: How Scattered Spider breached Snowflake via orphaned credentials, inherited access, and static vendor controls.
Quantify the Blast Radius: Understand how legacy TPRM enables cascading SaaS compromise and widespread data loss.
Deploy Active Defense: Learn how to detect credential misuse, apply least privilege in real time, and break adversary momentum through continuous, automated controls.
