Okta, Inc. announced Identity Threat Protection with Okta AI (Identity Threat Protection), a new product for Okta Workforce Identity Cloud that delivers real-time detection and response for Identity-based threats. Built
with Okta AI and powered by insights pulled from an organization's
security stack, Identity Threat Protection extends security beyond
initial authentication to any time a user is logged in. This allows
admins and security teams to continuously assess user risk throughout
active sessions, and automatically respond to Identity threats across
their entire ecosystem.
Organizations are adopting an increasing number of cybersecurity tools
to keep pace with evolving threats, forcing admins and security teams to
sift through an overwhelming amount of granular security data to
establish effective policies and detect and respond to critical threats.
This fragmentation leads to navigating multiple consoles, and makes it
difficult to track the risk of any given user session over time. Because
Identity is uniformly deployed across an organization's tech stack,
Okta is uniquely positioned to assess risk across security domains and
throughout active user sessions. This dynamic approach addresses a
significant concern for businesses as, according to Gartner,
"organizations that embrace a continuous adaptive trust approach by
2025 will reduce [account takeover] and other identity risks by 30%..."
"You can't defend what you can't see, and Identity is a powerful tool to
connect everything," said Sagnik Nandy, President and Chief Development
Officer of Workforce Identity Cloud at Okta. "Organizations need the
ability to not only bring together risk insights at the point of login,
but also to re-evaluate at any point in a user's session. Identity
Threat Protection extends Okta's adaptive risk analysis and delivers
automatic remediation and response, helping businesses stop potential
threats in real-time."
While multi-factor authentication (MFA) is a mainstay for combating
Identity-based attacks, its effectiveness is often limited to the point
of login. The growing risk of post-authentication threats, such as
session hijacking, Adversary-in-the-Middle (AiTM), and MFA bypass
attacks via phishing, is pushing organizations to extend their
Identity-powered security capabilities beyond the point of
authentication.
Extending Identity to Security Response Operations
Identity Threat Protection includes integrations built in collaboration
with a robust ecosystem of partners including CrowdStrike, Jamf,
Material Security, Netskope, Palo Alto Networks, SGNL, Trellix,
Zimperium, and Zscaler. The product leverages a standards-based event
pipeline to extract insights from various security technologies. When
Identity Threat Protection detects an unusual event - whether it be a
change in IP address or device context - admin-configured policies and
features can initiate certain actions, such as immediately ending the
active user session across supported applications where the organization
has the feature enabled. This rapid, coordinated response capability
not only allows organizations to neutralize Identity threats more
effectively, but it also positions Identity Threat Protection as the
connective tissue across the tech stack.
"Before companies can embrace new technologies with confidence, they
need to ensure their security strategies are designed to outpace
threats," said Meerah Rajavel, CIO at Palo Alto Networks. "Our
world-class threat intelligence innovations help secure enterprises
against evolving attack methods. Collaborating with Okta's Identity
Threat Protection is a great opportunity to further empower enterprises
with security signal sharing, helping them to better detect changes in
user risk across their tech stack."
By leveraging shared signals throughout a user's active session,
Identity Threat Protection empowers organizations to mitigate risk with
richer threat detection and response capabilities. Initial capabilities
at launch include:
-
Continuous Risk Evaluation enforces security policies both at
login and during an active user session, reducing the potential for
unauthorized access or session hijacking.
-
Shared Signals Pipeline amplifies threat visibility across an
organization's tech ecosystem, enabling security teams to detect and
respond to emerging threats between various security technologies,
including Mobile Device Management (MDM), Cloud Access Security Broker
(CASB), and Endpoint Detection & Response (EDR) solutions.
-
Adaptive Actions responds to real-time threats with targeted
actions such as Universal Logout from supported applications with the
feature enabled, prompting users for on-demand multi-factor
authentication, and executing automated workflows to address emerging
risks.
"Jamf manages and secures more than 30 million Apple devices for the
world's leading companies," said Linh Lam, CIO at Jamf. "In today's risk
environment, it's critical for any changes in management status and
device user risk to be sent in real-time for remediation. Our
market-leading Apple device management solution and endpoint security
capabilities, backed by Apple-focused threat intelligence, makes Jamf a
perfect partner for Okta admins using Identity Threat Protection."