Material Security

Boston, we need to talk about your hidden attack surface. 🏛️ If you’re heading to SecureWorld Boston next week, come find the Material Security team. Lately, we’ve been having a lot of conversations with CISOs who feel like they’ve finally “solved” phishing with FIDO2 and passkeys, only to realize the back door is wide open. Attackers aren’t just hunting for passwords anymore—they’re hunting for OAuth tokens. It’s the perfect crime: persistent, highly privileged access that survives a password reset and bypasses MFA entirely. We’re going to be at SecureWorld to do more than just talk about how to actually wrap your arms around this. Come see what’s next from Material! No theater, no "black box" AI promises—just better visibility and actual control over your cloud workspace. Details here: https://lnkd.in/ghXdc74k See you at the Hynes Convention Center!

80% of security leaders say automating OAuth management is significant or critical. So why isn’t it happening? Because most security programs are still built around the inbox—while modern attacks move far beyond it. Today, a single OAuth grant can quietly turn into persistent, API-level access… often completely outside traditional detection. And with AI agents rapidly expanding OAuth usage, that risk surface is only growing. Security needs to follow the attack chain—not just the entry point. Our latest research dives into where the gap really is 👇 https://lnkd.in/g6bjNcJK

Here’s a little preview of what you’ll see at: 🎬 Security Theater LIVE in Austin 🎬 Join us April 7 for an evening of vintage cybercrime films, heckling hackers, live commentary, meeting your new best friend, and a breakdown of what “100% effective cybersecurity” supposedly looks like on screen. We’ll be featuring: – Hackers (1995) – Live group chat heckling of impossible scenes – Trivia, games, prizes, drinks, snacks  – Fun Free to attend. Limited space. RSVP now. 📍 Austin 🗓 April 7 | 5:00–9:00 PM CDT 🎟 material.security/theater

Come see us at BSides MKE! We love the BSides community because it’s where the real conversations happen, the ones about why the status quo in security is broken and how we actually fix it. We’ll be there talking about why the cloud workspace is the new endpoint and how to stop treating your email and file security like a "checked box" on an audit. Whether you want to talk shop about protecting OAuth tokens, swap stories about the wildest things you’ve found in a legacy mailbox, or just grab some swag that you’ll actually want to wear, we’d love to see you. Schedule time with us here:  https://lnkd.in/gB5KrUNS

If you’ve ever felt like your security dashboard was designed by someone who secretly hates you, you’re not alone. Most legacy tools (and even some native cloud ones) seem to think "visibility" means "dumping a mountain of data on your head and wishing you good luck." At Material, we think if you have to click five times just to understand why an alert fired, the tool has failed you. We’ve been busy giving the Material interface a serious facelift, focusing on the "analyst's flow." We're talking: The "Why" Card: We overhauled our Analysis Card so you don't have to play detective to find the signal. The most critical info is now "above the fold"—because no one should have to scroll to find the remediate button. Visual Timelines: Phishing attacks aren't just one-off blips; they’re stories. Our new timeline view actually lets you see the sequence of events and the blast radius without needing a PhD in forensics. Trust without the Headache: Configuring "trusted entities" shouldn’t feel like you’re programming a VCR in 1998. It’s now intuitive, fast, and makes sense. Closing the Loop: Material’s customers trust our remediations, and they don’t have to double-check the work we’ve taken off our plate. So you can now automate the ticket fully by having resolved issues close themselves. The goal is simple: See the alerts that need to be seen, understand the context, and get back to your day. Check out the full breakdown of how we’re cleaning up the workspace clutter in the comments.

To the solo CISOs and the 3-person security teams at rapidly-scaling companies: we see you. Scaling a company is hard–keeping a company secure as it grows is even harder. As your headcount increases, your attack surface expands exponentially, as each new employee becomes a cache of sensitive email data, shared files, connected OAuth apps, and more. The right tooling helps, but blindly adding more tools often just leads to more noise. Before you start adding to your security stack, you need leverage–finding the fixes that make the most impact. Material’s Guide to Google Workspace Security for lean teams does just that–walks through the highest-impact configuration changes you can make to GWS today to be more secure than you were yesterday. Link in comment below

Most security teams are stuck in a loop of reactive whack-a-mole. You’re triaging time-consuming user reports, chasing email bombs, manually reviewing apps users have OAuthed into, and so much more. Material moves the goalpost by treating the cloud workspace as the critical infrastructure it is: not just a communications transit hub but a key data repository and identity center. Material applies pragmatic zero-trust principles to the cloud office, like masking sensitive historical content until it's actually needed, monitoring and collaboratively securing shared data, and holistically securing identities. Material prevents more attacks and dramatically reduces the blast radius when they do happen without breaking user workflows. It’s not just about stopping the "bad" emails. It’s about automating the tedious parts of SecOps, like instantly clustering similar threats across the entire tenant or identifying risky third-party integrations that have over-privileged access to your files. We don’t replace the native security in Google Workspace or Microsoft 365; we bridge the gaps they weren't built to close.

What does RSA smell like? Actually… nevermind. We don’t want to know the answer to that. But, if you ran into any Material folks around the Moscone Center over the last couple of days, your answer might be oregano, parmesan, or tomato sauce. Breach for Men. Smells... secure?

We’ve spent decades hardening the physical endpoint while leaving the cloud workspace wide open. Google Workspace and Microsoft 365 are where your users actually live and work: they're also where your most rigorous security controls belong.

The Cloud Workspace is the New Endpoint Attackers are moving on. While we’ve been perfecting the art of stopping a suspicious link, the threat landscape has shifted under our feet. Credential theft is getting harder thanks to passkeys and FIDO2, so attackers are simply taking the path of least resistance: OAuth tokens, API keys, and Chrome extensions. These aren't just "emerging" risks; they’re the new front lines. The good news? We don’t have to reinvent the wheel. If you know how to secure a laptop, you already have the blueprint for securing your cloud environment. It comes down to three familiar pillars: Posture: Hardening configurations and policies before the fire starts. Data: Knowing exactly where the "crown jewels" are hiding in mailboxes and drives. Access: Detecting and responding to anomalous behavior in real-time. At Material, we believe in "shifting the unit economics" of security. You shouldn't need a massive headcount to manage these risks. By applying an endpoint protection mindset—and leveraging a bit of smart automation—you can protect the workspace without slowing down the business. Check out our latest deep dive into the evolution of the attack landscape and how to build a resilient framework for the modern office. https://lnkd.in/geupFGBE