sb-eu logo
Story image

Okta launches offerings for threat detection and remediation

14 Oct 2019

Identity and access management service provider Okta has announced Okta SecurityInsights, a family of product innovations that provides global organisations with personalised security detection and remediation capabilities at the end-user, administrator, and customer network level.

Okta is introducing two features of SecurityInsights: UserInsight, suspicious activity reporting for end-users, and HealthInsight, customised, dynamic security best practice recommendations for administrators.

These end-user and administrator functionalities build on Okta’s ThreatInsight, network effect-driven protection that prevents threat actors from compromising user accounts by identifying and blocking malicious IPs pre-authentication.

Collectively, SecurityInsights enables large enterprises to take meaningful action across their organisations to improve security.

Global enterprises have built rapidly-evolving, expansive workforces that continuously adopt new technology and engage with new markets.

As a result, tens of thousands of employees, contractors, and partners are interacting with and accessing sensitive information.

Aside from the efficiency hurdles, a distributed and disparate workforce presents an increasingly difficult security challenge, especially in the face of growing attacks and breaches where everyone from the rank and file to the executive suite could become attack targets.

In a global threat landscape in which 80% of attacks involve compromised or weak credentials, enterprises must maintain a security posture that accounts for dynamic and global workforces while still enabling robust protection at scale.

That means implementing and maintaining access management best practices across global workforces and simultaneously turning those potential victims of attacks into first responders.

“Enterprises operating at tremendous scale are faced with the seemingly impossible task of managing technology access, with each application requiring individual policy configuration in order to avoid potentially catastrophic risk.

“By centralising identity, these organisations can not only deploy new technology faster but do so securely,” says Okta chief product officer Diya Jolly.

Empowering administrators

As global security and IT administrators implement policies that govern identity and access management within their organisations, the security landscape continues to evolve.

Approaches that were once the gold standard fall out of practice, with new approaches being adopted regularly.

To counter this shifting security playing field, Okta has introduced HealthInsight, a new, dynamic offering that monitors adherence to security best practices and provides tailored configuration recommendations, like enforcing strict password policies, creating a block list for known malicious IP addresses, and requiring strong factors during factor enrolment.

“HealthInsight offers a tailored assessment of an organisation’s security posture as well as providing the ability to automate policy responses across hundreds of apps,” Jolly says.

Administrators can easily act on these recommendations from the HealthInsight console to help prevent credential-based attacks.

In addition to implementing security best practices through dynamic monitoring, Okta has also unveiled new, stronger authentication capabilities for administrators, unlocking passwordless access through FIDO2/WebAuthn factors, including biometrics.

These non-phishable factors go even further to empower large organisations to protect themselves against account takeover and potential data loss.

Engaging end-users and the ecosystem

With UserInsight, an organisation’s tens of thousands of end-users serve as the first line of defence against credential-based attacks.

Once attacks are identified, the Okta Identity Cloud works with technology partners including security orchestration, automation & response (SOAR) and security information & event management (SIEM) vendors, leveraging identity to automate incident remediation workflows throughout an organisation.

With millions of log entries in an organisation’s SIEM solutions, it’s impossible for security teams to monitor and respond to every potential issue, but now users can share the responsibility.

UserInsight’s suspicious activity reporting alerts end-users to anomalous activity within their account, including logins from new devices and the enrolment or resetting of multi-factor authentication factors.

After being notified, end-users have the ability to report unrecognised activity to their organisation’s administrator, kicking off automated incident response workflows.

Leveraging integrations with SOAR platforms and other security tools, Okta can automatically quarantine a user, preventing access to apps with sensitive data until identity verification can be confirmed through biometrics and Okta Verify Push, Okta’s mobile authenticator application.

Using Okta Hooks, an Okta administrator can also automatically notify SecOps teams of potential account compromise, through integrations with digital operations platforms like PagerDuty.

“With UserInsight, CISOs can harness their user base to report suspicious activity without impacting productivity, turning security targets into first responders. Collectively, SecurityInsights leverage the end user, administrator, and network effects across Okta’s customer base to help keep enterprises secure,” says Jolly.

Okta SecurityInsights features are available starting today for Okta customers.

Story image
Why greater network visibility is needed to reduce the threat posed by IoT in the enterprise
At home and abroad, organisations have joined the rush to embrace Internet of Things (IoT) technology, but a new survey shows they’re only just beginning to wake up to the enormous risk those devices pose, writes ExtraHop A/NZ Regional Sales Manager Glen Maloney.More
Story image
Beware of these six L7 DDoS attacks
As more services are migrating online, DDoS attacks are increasingly shifting away from the network layer, and into the application layer, writes Radware product marketing manager Eyal Arazi.More
Story image
Malware attacks abusing machine identities grew eightfold over the last 10 years - report
"Machine identity capabilities have become commoditised and are being added to off-the-shelf malware, making it more sophisticated and harder to detect."More
Story image
CompTIA's new threat intelligence resource officially launches
The new resource is designed to help technology solution providers, managed services providers (MSPs) and other organisations searching for critical cybersecurity threat intelligence. More
Story image
Businesses underutilising cloud security due to lack of education and training
Demand is high for cloud security access brokers (CASB), but more training and clear goals are needed to ensure companies get full effectiveness of products.More
Story image
Q&A: Barracuda VP on how SD-WAN can aid in public cloud adoption
Techday caught up with Barracuda RVP of public cloud & strategic alliances Chris Hill to discuss why SD-WAN is fast becoming the launch pad into the cloud.More