web analytics

Okta’s Security Center opens window to customer insights, including threats and friction – Source: www.techrepublic.com

okta’s-security-center-opens-window-to-customer-insights,-including-threats-and-friction-–-source:-wwwtechrepublic.com
#image_title
Rate this post

Source: www.techrepublic.com – Author: Karl Greenberg

A person holding up their phone with the Okta logo on it in front of a page on the Okta website for Authentication
Image: Timon/Adobe Stock

Since acquiring the application team platform Auth0 in 2001, identity management company Okta has pursued a platform-neutral strategy for both internal and external consumer identity authentication that includes delivering insights to IT teams overseeing security and identity-based access protocols.

The 14-year-old company and single sign-on market share leader announced this month that it is adding a key element of visibility, the Security Center, to its Auth0-powered Okta Customer Identity Cloud.

Jump to:

Offering wide visibility of authentication activity

The Security Center dashboard is designed to give near real-time asset visibility to teams focused on customer identity, user experience and security. The Security Center serves up authentication events, security incidents and user experience at points, particularly where security friction could make or break the consumer interface experience, according to Okta (Figure A).

Figure A

Near real-time telemetry from Okta Customer Identity Cloud Security Center dashboard
Near real-time telemetry from Okta Customer Identity Cloud Security Center dashboard. Image: Okta

Ian Hassard, senior director of project management at Okta, said that, going forward, every Okta enterprise customer will have Security Center access whether they have the company’s attack protection product or not

Addressing identity and sign-on management challenges

Hassard explained that, while Okta’s technologies serve both internal employees and external-facing identity interfaces, the latter environment presents special challenges.

“In the customer identity world, we’re talking about 10 million or 50 million users, which means sorting through a lot of the noise and trying to surface attack insights, which are a little hard for somebody who’s not living and breathing customer identity,” Hassard said.

SEE: How one company is using artificial intelligence for two-factor authentication (TechRepublic)

Using insights to parse attack veracity

The company said the security dashboard grabs data from Okta Customer Identity Cloud to provide a window into real-time authentication events, potential security incidents and threat response efficacy as well as the current state of attack protection and authentication traffic.

“To understand what is or isn’t an attack, we’re able to analyze the patterns across logins,” said Hassard. “This means that when we see an attack or when a customer confirms that there’s an attack, we’re able to have the collective shared intelligence of what that actor was doing and what — in this context — ‘bad’ looks like.”

Platform agnostic, behind the scenes

At the RSA conference earlier this month Jameeka Aaron, chief information security officer of customer identity at Okta, explained to TechRepublic that the company’s strategic position in the identity ecosystem is to be platform agnostic and a silent partner. “One of the biggest you’ve never seen.”

Aaron said Okta’s larger strategy is platform agnostic, with a partnership focus on identity management.

“We want to make it really easy to connect your applications to Okta, so our neutrality is one of our biggest superpowers,” Aaron said.

“I came from the retail and manufacturing space, and one thing we always knew is that the customer decides. What we are trying to do is allow businesses, our customers, to decide what tools they want and deploy them,” she added. “So, for example, if you use [Cisco’s] Duo, you can also use Okta for single sign-on, enabling one login to access many applications. And, if, say, 1Password is your password vault, you can plug that into Okta as well.

“We think of other companies in the identity space as partners, so we remain platform-agnostic as much as we can, so the choice is still with the company.”

SEE: Passwords are a thing of the past … almost (TechRepublic)

Finding the Goldilocks zone for security friction

According to Okta, the Security Center interface allows for fine-tuning of an enterprise’s attack protection strategy by showing how multifactor authentication, rate limiting and CAPTCHA affect their applications.

Hassard said data on customer engagement with sign-on interfaces is an important customer retention insight that allows identity management teams to tweak security friction without compromising protections against identity exploits.

“Being able to provide those insights in real time has a lot of value,” said Hassard. “For example, if you’re a bank and you’re using our platform, you may well increase security friction because your customers appreciate the importance of security for preventing fraud.

“But if you’re buying something at a retail app that you can purchase from five other apps, you are going to pick the one that has the best UX, so that app may want to dial back friction toward convenience.”

A 2023 study by the Baymard Institute, reporting an average 69.99% shopping cart abandonment rate derived from 48 e-commerce studies, said 17% of those abandonments were due to an overly complicated, lengthy checkout process.

Hassard said with the unique nature of end-user identity and the variable nature of its challenges — depending on the user, the market, the type of application customers are running — there is no one-stop-shop in the conventional tools domain for visualizing customer identity.

“It’s too niche of a problem space for most of those players,” said Hassard. “So, that’s where we’re coming in and saying, ‘Look, we’re going to give you the insights that we think are necessary to understand what an attack looks like.’”

Auth0 for workforce identity

Aaron said that, on the workforce side of the business, Okta will release an Auth0-powered tool for its ThreatInsight workforce identity service, offering a longitudinal view of threat surfaces associated with identity access management.

“ThreatInsight will essentially give customers the risk signals that we see and use, which helps them make critical decisions,” said Aaron.

Original Post URL: https://www.techrepublic.com/article/okta-security-center-opens-window-insights/

Category & Tags: Cloud,Consumerization,Security,cybersecurity,iams,identity management,okta,passkeys,passwords – Cloud,Consumerization,Security,cybersecurity,iams,identity management,okta,passkeys,passwords

LinkedIn
Twitter
Facebook
WhatsApp
Email

advisor pick´S post

ACSC Australia
Cyber Incident Response Plan Template by ACSC & Australian Goverment
Cyber Incident Response Plan Template...
CISO Forum
CISO’s – First 100 Days Roadmap – Your success as a security leader is determined largely by your first 100 days in the role.
CISO’s – First 100 Days...
Microsoft
Microsoft 365 and the NIST Cybersecurity Framework
Microsoft 365 and the NIST...
Joas Antonio
ChatGPT for Cybersecurity by Joas Antonio dos Santos – malwareanalysis #reverseengineering
ChatGPT for Cybersecurity by Joas...
Ciso Council
CISO Security Officer Handbook
CISO Security Officer Handbook
Joas Antonio
100 Security Operation Tools for SOCs by Joas Antonio
100 Security Operation Tools for...
Marcos Jaimovich
Why do we compare a SOC (Security Operations Center) with the cockpit of a commercial airplane? by Marcos Jaimovich
Why do we compare a...
Joas Antonio
Security Operations Center (SOC) – Tools for Operations Development by Joas Antonio
Security Operations Center (SOC) –...
IZZMIER
Incident Response Playbooks & Workflows Ready for use in your SOC & Redteams
Incident Response Playbooks & Workflows...
LOGPOINT
396 Use Cases & Siem Rules Code ready for use for Mitre Attacks Events Detection in Your SOC by Logpoint
396 Use Cases & Siem...
Forrester - Allie Mellen
Adapt Or Die: XDR Is On A Collision Course With SIEM And SOAR – EDR Is Dead, Long Live XDR by Allie Mellen – Forrester
Adapt Or Die: XDR Is...
CYBER LEADERSHIP INTITUTE
CISO PLAYBOOK: FIRST 100 DAYS Setting the CISO up for success
CISO PLAYBOOK: FIRST 100 DAYS...

LASTEST PUBLISHED POSTS

National Security Agency
CSI Cloud Top10 Key Management
CSI Cloud Top10 Key Management
CSA Cloud Security Alliance
Defining the Zero TrustProtect Surface
Defining the Zero TrustProtect Surface
HANIM EKEN
CONTAINER SECURITY INTERVIEW QUESTIONS ANSWERS
CONTAINER SECURITY INTERVIEW QUESTIONS ANSWERS
CNIL
PRACTICE GUIDE GDPR – SECURITY OF PERSONAL DATA Version 2024
PRACTICE GUIDE GDPR – SECURITY...
PWNED LABS
Cloud Security Engineer Roadmap
Cloud Security Engineer Roadmap
tutorialspoint.com
Cloud Computing Tutorial Simply Easy Learning
Cloud Computing Tutorial Simply Easy...
SMITHA SRIHARSHA
CISSP Preparation Notes
CISSP Preparation Notes
CISSP Mind Map: All Domains
CISSP Mind Map: All Domains
Lansweeper
CIS 18 CRITICAL SECURITY CONTROLS CHECKLIST
CIS 18 CRITICAL SECURITY CONTROLS...
Semaphore
CI-CD with Docker and Kubernetes
CI-CD with Docker and Kubernetes
EC-MSP
BUSINESS CONTINUITY PLAN & DISASTER RECOVERY PLAN TEMPLATE
BUSINESS CONTINUITY PLAN & DISASTER...
PWC
Building a risk-resilient organisation
Building a risk-resilient organisation

More Latest Published Posts

40 under 40
40 under 40 in CyberSecurity 2024
40 under 40 in CyberSecurity 2024
HADESS
40 Days in DeepDark Web About Crypto Scam
40 Days in DeepDark Web About Crypto Scam
Everbridge
8 Principles of Supply Chain Risk Management
8 Principles of Supply Chain Risk Management
CHAOSSEARCH
Threat Hunter’s Handbook – Using Log Analytics to Find and Neutralize Hidden Threats in Your Environment
Threat Hunter’s Handbook – Using Log Analytics to Find and Neutralize Hidden Threats in Your Environment
ENDGAME
The Hunters Handbook Endgame’s Guide to Adversary Hunting
The Hunters Handbook Endgame’s Guide to Adversary Hunting
THE EU’S MOST THREATENING by EUROPOL
THE EU’S MOST THREATENING by EUROPOL
National Cyber Security Centre
Responding to a cyber incident – a guide for CEOs
Responding to a cyber incident – a guide for CEOs
IGNITE Technologies
CREDENTIAL DUMPING
CREDENTIAL DUMPING
HADESS
Pwning the Domain Lateral Movement
Pwning the Domain Lateral Movement
Jorgen Lanesskog
PING Basic IP Network Troubleshooting
PING Basic IP Network Troubleshooting
TELESOFT
Layer 7 Visibility What are the Benefits?
Layer 7 Visibility What are the Benefits?
TIGERA
Introduction to Kubernetes Networking and Security
Introduction to Kubernetes Networking and Security
Department of Defense's (DoD)
Defense Industrial Base Cybersecurity Strategy 2024
Defense Industrial Base Cybersecurity Strategy 2024
Dummies
Zero Trust Access for Dummies Fortinet
Zero Trust Access for Dummies Fortinet
Homeland Security
Zero Trust Implementation Strategy
Zero Trust Implementation Strategy
National Australia Bank Limited
Your Business and Cyber Security
Your Business and Cyber Security
CYFIRMA
Xeno RAT- A New Remote Access Trojan
Xeno RAT- A New Remote Access Trojan
IGNITE Technologies
Windows Persistence COM Hijacking MITRE T1546 015
Windows Persistence COM Hijacking MITRE T1546 015
IGNITE Technologies
Windows Exploitation Rundll32
Windows Exploitation Rundll32
IGNITE Technologies
Windows Exploitation Msbuild
Windows Exploitation Msbuild
HADESS
Web LLM Attacks
Web LLM Attacks
HADESS
Trended Protocols for Security Stuff
Trended Protocols for Security Stuff
Red Iberoamericana de Protección de Datos
Transferencia Internacional de Datos Personales – Guia de Implementación
Transferencia Internacional de Datos Personales – Guia de Implementación
CYFIRMA
TRACKING RANSOMWARE January 2024
TRACKING RANSOMWARE January 2024
https://www.linkedin.com/in/harunseker/
TOP Cyber Attacks Detected by SIEM Solutions
TOP Cyber Attacks Detected by SIEM Solutions
TRAVARSA
Top 100 Cyber Threats and Solutions 2024
Top 100 Cyber Threats and Solutions 2024
Top 50 Cybersecurity Threats
Top 50 Cybersecurity Threats
OWASP
Top 10 Considerations for Incident Response
Top 10 Considerations for Incident Response