What is your detection strategy when your identity provider is compromised?
A Reveal Security Analysis
Following the Okta Support Unit breach, Okta has recently updated that nearly all of its customers are at greater risk of being targeted by attackers using the same technique.
Watch Reveal Security Field CTO Adam Koblentz deconstruct what happened, share best practice advice on what to do now, and how identity threat detection and response (ITDR) can help.
What this breach tells us:
- Preventative controls around identities are no longer enough – identity providers and PAM systems are being bypassed by attackers.
- It’s imperative to put a detection strategy in place for both identities and SaaS applications – including Okta.
- Distinguishing between legitimate users and a compromised legitimate identity (eg: a victim of account takeover) is impossible with traditional detection methods.
So now what?
At Reveal Security, we recommend taking an approach of continuous monitoring and validation of trusted identities – post-authentication. We do this uniquely by monitoring user behavior in and across applications to quickly and accurately detect and alert suspicious behavior.
Are you concerned about Okta, identity threats, or detecting identity-based threats in your applications?