Okta, Inc., the leading independent Identity partner, today launched Identity Threat Protection with Okta AI (Identity Threat Protection), a new offering for Okta Workforce Identity Cloud that provides real-time detection and reaction to Identity-based threats. Identity Threat Protection, built with Okta AI and powered by insights from an organization’s security stack, extends protection beyond initial authentication to any time a user logs in. This enables administrators and security teams to continuously assess user risk during live sessions and respond to Identity threats across their whole ecosystem.
To stay up with new threats, organisations are adopting a growing number of cybersecurity tools, forcing administrators and security teams to sift through an enormous quantity of detailed security data in order to build effective policies and detect and respond to significant risks. This fragmentation necessitates navigating many interfaces and makes tracking the risk of any given user session over time challenging. Okta is uniquely positioned to analyse risk across security domains and active user sessions since Identity is universally deployed across an organization’s IT stack. This dynamic strategy solves a major worry for corporations, since Gartner estimates that “organisations that embrace a continuous adaptive trust approach by 2025 will reduce [account takeover] and other identity risks by 30%…”
“You can’t defend what you can’t see, and identity is a powerful tool for connecting everything,” explained Sagnik Nandy, President and Chief Development Officer of Okta’s Workforce Identity Cloud. “Organisations must be able to gather risk insights not only at the point of login, but also at any point during a user’s session.” Identity Threat Protection extends Okta’s adaptive risk analysis and provides automatic remediation and reaction, assisting businesses in detecting and mitigating possible attacks in real time.”
While multi-factor authentication (MFA) is a common defence against identity-based assaults, its usefulness is frequently limited to the point of login. The increasing threat of post-authentication threats such as session hijacking, Adversary-in-the-Middle (AiTM), and MFA bypass attempts via phishing is compelling organisations to expand their Identity-powered security capabilities beyond the point of authentication.
Identity Expansion in Security Response Operations
Integrations for Identity Threat Protection were developed in partnership with a large ecosystem of partners, including CrowdStrike, Jamf, Material Security, Netskope, Palo Alto Networks, SGNL, Trellix, Zimperium, and Zscaler. To extract information from diverse security systems, the product use a standards-based event pipeline. When Identity Threat Protection detects an unusual event, such as a change in IP address or device context, admin-configured policies and features can take action, such as immediately terminating the active user session across supported applications where the feature is enabled in the organisation. This rapid, coordinated response capacity not only enables organisations to more effectively neutralise Identity threats, but it also puts Identity Threat Protection as the connective tissue throughout the tech stack.
“Before businesses can confidently embrace new technologies, they must ensure that their security strategies are designed to outpace threats,” said Meerah Rajavel, CIO of Palo Alto Networks. “Our world-class threat intelligence innovations assist enterprises in protecting themselves against evolving attack methods.” Collaboration with Okta’s Identity Threat Protection is an excellent opportunity to further empower organisations through security signal sharing, allowing them to monitor changes in user risk across their technology stack.”
Identity Threat Protection helps organisations to minimise risk with richer threat detection and response capabilities by exploiting common signals during a user’s active session. At launch, the following functionalities are available:
- Continuous Risk Evaluation implements security regulations during login as well as during an active user session, lowering the risk of unauthorised access or session hijacking.
- Shared Signals Pipeline increases threat visibility across an organization’s tech ecosystem, allowing security teams to detect and respond to emerging threats across multiple security technologies such as Mobile Device Management (MDM), Cloud Access Security Broker (CASB), and Endpoint Detection & Response (EDR).
- Adaptive Actions responds to real-time threats by performing targeted actions such as Universal Logout from supported applications that have the feature enabled, requesting users for on-demand multi-factor authentication, and running automated workflows to handle emergent risks.
“Jamf manages and secures more than 30 million Apple devices for the world’s leading companies,” Linh Lam, Jamf’s CIO, said. “In today’s risk environment, any changes in management status and device user risk must be transmitted in real-time for remediation.” Jamf is an ideal partner for Okta admins who utilise Identity Threat Protection due to our market-leading Apple device management solution and endpoint security capabilities, which are underpinned by Apple-focused threat intelligence.”
