cl-nz logo
Story image

Okta launches offerings for threat detection and remediation

14 Oct 2019

Identity and access management service provider Okta has announced Okta SecurityInsights, a family of product innovations that provides global organisations with personalised security detection and remediation capabilities at the end-user, administrator, and customer network level.

Okta is introducing two features of SecurityInsights: UserInsight, suspicious activity reporting for end-users, and HealthInsight, customised, dynamic security best practice recommendations for administrators.

These end-user and administrator functionalities build on Okta’s ThreatInsight, network effect-driven protection that prevents threat actors from compromising user accounts by identifying and blocking malicious IPs pre-authentication.

Collectively, SecurityInsights enables large enterprises to take meaningful action across their organisations to improve security.

Global enterprises have built rapidly-evolving, expansive workforces that continuously adopt new technology and engage with new markets.

As a result, tens of thousands of employees, contractors, and partners are interacting with and accessing sensitive information.

Aside from the efficiency hurdles, a distributed and disparate workforce presents an increasingly difficult security challenge, especially in the face of growing attacks and breaches where everyone from the rank and file to the executive suite could become attack targets.

In a global threat landscape in which 80% of attacks involve compromised or weak credentials, enterprises must maintain a security posture that accounts for dynamic and global workforces while still enabling robust protection at scale.

That means implementing and maintaining access management best practices across global workforces and simultaneously turning those potential victims of attacks into first responders.

“Enterprises operating at tremendous scale are faced with the seemingly impossible task of managing technology access, with each application requiring individual policy configuration in order to avoid potentially catastrophic risk.

“By centralising identity, these organisations can not only deploy new technology faster but do so securely,” says Okta chief product officer Diya Jolly.

Empowering administrators

As global security and IT administrators implement policies that govern identity and access management within their organisations, the security landscape continues to evolve.

Approaches that were once the gold standard fall out of practice, with new approaches being adopted regularly.

To counter this shifting security playing field, Okta has introduced HealthInsight, a new, dynamic offering that monitors adherence to security best practices and provides tailored configuration recommendations, like enforcing strict password policies, creating a block list for known malicious IP addresses, and requiring strong factors during factor enrolment.

“HealthInsight offers a tailored assessment of an organisation’s security posture as well as providing the ability to automate policy responses across hundreds of apps,” Jolly says.

Administrators can easily act on these recommendations from the HealthInsight console to help prevent credential-based attacks.

In addition to implementing security best practices through dynamic monitoring, Okta has also unveiled new, stronger authentication capabilities for administrators, unlocking passwordless access through FIDO2/WebAuthn factors, including biometrics.

These non-phishable factors go even further to empower large organisations to protect themselves against account takeover and potential data loss.

Engaging end-users and the ecosystem

With UserInsight, an organisation’s tens of thousands of end-users serve as the first line of defence against credential-based attacks.

Once attacks are identified, the Okta Identity Cloud works with technology partners including security orchestration, automation & response (SOAR) and security information & event management (SIEM) vendors, leveraging identity to automate incident remediation workflows throughout an organisation.

With millions of log entries in an organisation’s SIEM solutions, it’s impossible for security teams to monitor and respond to every potential issue, but now users can share the responsibility.

UserInsight’s suspicious activity reporting alerts end-users to anomalous activity within their account, including logins from new devices and the enrolment or resetting of multi-factor authentication factors.

After being notified, end-users have the ability to report unrecognised activity to their organisation’s administrator, kicking off automated incident response workflows.

Leveraging integrations with SOAR platforms and other security tools, Okta can automatically quarantine a user, preventing access to apps with sensitive data until identity verification can be confirmed through biometrics and Okta Verify Push, Okta’s mobile authenticator application.

Using Okta Hooks, an Okta administrator can also automatically notify SecOps teams of potential account compromise, through integrations with digital operations platforms like PagerDuty.

“With UserInsight, CISOs can harness their user base to report suspicious activity without impacting productivity, turning security targets into first responders. Collectively, SecurityInsights leverage the end user, administrator, and network effects across Okta’s customer base to help keep enterprises secure,” says Jolly.

Okta SecurityInsights features are available starting today for Okta customers.

Story image
B2B buyers more likely to buy from vendors with digital purchasing channels - report
Procurement and purchasing leaders have steadily been shifting purchasing from traditional reliance on sales reps to self-serve ordering through digital channels, and COVID-19 has dramatically accelerated this shift..More
Story image
COVID-19 hits smartphone market hard, with all but Apple sales down
As a whole, in Q2 2020 the global smartphone market dropped 14%. The market fell to 285 million units, a second consecutive quarter of freefall, as lockdown orders caused by the COVID-19 pandemic persisted through April and May. More
Story image
HPE announces worldwide remote access to new 5G lab
The goal of the lab is to accelerate adoption of open, multivendor 5G solutions by allowing HPE customers and partners a place to test and develop.More
Story image
CrowdStrike announces two executive hires, with aim to expand in A/NZ
The endpoint protection company says both executives will be responsible for boosting customer experience (CX) while delivering success mutually with CrowdStrike’s partner team as part of their new roles.More
Link image
True SASE. True zero trust. True cloud.
Secure Access Service Edge (SASE) is the new way of unifying security. Use the combined power of threat protection and data loss prevention to protect data, users, and systems safe when people are now working from almost anywhere.More
Story image
Interview: Forcepoint defines data & user protection for the cloud era
We spoke to Forcepoint’s strategic business director Nick Savvides about data and user protection, and how cloud-managed security can help organisations meet their cybersecurity needs.More