SecurityBrief New Zealand - Technology news for CISOs & cybersecurity decision-makers
Story image
Okta launches offerings for threat detection and remediation
Mon, 14th Oct 2019
FYI, this story is more than a year old

Identity and access management service provider Okta has announced Okta SecurityInsights, a family of product innovations that provides global organisations with personalised security detection and remediation capabilities at the end-user, administrator, and customer network level.

Okta is introducing two features of SecurityInsights: UserInsight, suspicious activity reporting for end-users, and HealthInsight, customised, dynamic security best practice recommendations for administrators.

These end-user and administrator functionalities build on Okta's ThreatInsight, network effect-driven protection that prevents threat actors from compromising user accounts by identifying and blocking malicious IPs pre-authentication.

Collectively, SecurityInsights enables large enterprises to take meaningful action across their organisations to improve security.

Global enterprises have built rapidly-evolving, expansive workforces that continuously adopt new technology and engage with new markets.

As a result, tens of thousands of employees, contractors, and partners are interacting with and accessing sensitive information.

Aside from the efficiency hurdles, a distributed and disparate workforce presents an increasingly difficult security challenge, especially in the face of growing attacks and breaches where everyone from the rank and file to the executive suite could become attack targets.

In a global threat landscape in which 80% of attacks involve compromised or weak credentials, enterprises must maintain a security posture that accounts for dynamic and global workforces while still enabling robust protection at scale.

That means implementing and maintaining access management best practices across global workforces and simultaneously turning those potential victims of attacks into first responders.

“Enterprises operating at tremendous scale are faced with the seemingly impossible task of managing technology access, with each application requiring individual policy configuration in order to avoid potentially catastrophic risk.

“By centralising identity, these organisations can not only deploy new technology faster but do so securely,” says Okta chief product officer Diya Jolly.

Empowering administrators

As global security and IT administrators implement policies that govern identity and access management within their organisations, the security landscape continues to evolve.

Approaches that were once the gold standard fall out of practice, with new approaches being adopted regularly.

To counter this shifting security playing field, Okta has introduced HealthInsight, a new, dynamic offering that monitors adherence to security best practices and provides tailored configuration recommendations, like enforcing strict password policies, creating a block list for known malicious IP addresses, and requiring strong factors during factor enrolment.

“HealthInsight offers a tailored assessment of an organisation's security posture as well as providing the ability to automate policy responses across hundreds of apps,” Jolly says.

Administrators can easily act on these recommendations from the HealthInsight console to help prevent credential-based attacks.

In addition to implementing security best practices through dynamic monitoring, Okta has also unveiled new, stronger authentication capabilities for administrators, unlocking passwordless access through FIDO2/WebAuthn factors, including biometrics.

These non-phishable factors go even further to empower large organisations to protect themselves against account takeover and potential data loss.

Engaging end-users and the ecosystem

With UserInsight, an organisation's tens of thousands of end-users serve as the first line of defence against credential-based attacks.

Once attacks are identified, the Okta Identity Cloud works with technology partners including security orchestration, automation - response (SOAR) and security information - event management (SIEM) vendors, leveraging identity to automate incident remediation workflows throughout an organisation.

With millions of log entries in an organisation's SIEM solutions, it's impossible for security teams to monitor and respond to every potential issue, but now users can share the responsibility.

UserInsight's suspicious activity reporting alerts end-users to anomalous activity within their account, including logins from new devices and the enrolment or resetting of multi-factor authentication factors.

After being notified, end-users have the ability to report unrecognised activity to their organisation's administrator, kicking off automated incident response workflows.

Leveraging integrations with SOAR platforms and other security tools, Okta can automatically quarantine a user, preventing access to apps with sensitive data until identity verification can be confirmed through biometrics and Okta Verify Push, Okta's mobile authenticator application.

Using Okta Hooks, an Okta administrator can also automatically notify SecOps teams of potential account compromise, through integrations with digital operations platforms like PagerDuty.

“With UserInsight, CISOs can harness their user base to report suspicious activity without impacting productivity, turning security targets into first responders. Collectively, SecurityInsights leverage the end user, administrator, and network effects across Okta's customer base to help keep enterprises secure,” says Jolly.

Okta SecurityInsights features are available starting today for Okta customers.