Identity Threat Protection with Okta AI combats identity-based attacks
Okta announced Identity Threat Protection with Okta AI (Identity Threat Protection), a new product for Okta Workforce Identity Cloud that delivers real-time detection and response for identity-based threats.
Built with Okta AI and powered by insights pulled from an organization’s security stack, Identity Threat Protection extends security beyond initial authentication to any time a user is logged in. This allows admins and security teams to continuously assess user risk throughout active sessions, and automatically respond to identity threats across their entire ecosystem.
Organizations are adopting an increasing number of cybersecurity tools to keep pace with evolving threats, forcing admins and security teams to sift through an overwhelming amount of granular security data to establish effective policies and detect and respond to critical threats. This fragmentation leads to navigating multiple consoles, and makes it difficult to track the risk of any given user session over time.
Because identity is uniformly deployed across an organization’s tech stack, Okta is uniquely positioned to assess risk across security domains and throughout active user sessions. This dynamic approach addresses a significant concern for businesses as, according to Gartner, “organizations that embrace a continuous adaptive trust approach by 2025 will reduce (account takeover) and other identity risks by 30%.
“You can’t defend what you can’t see, and identity is a powerful tool to connect everything,” said Sagnik Nandy, President and Chief Development Officer of Workforce Identity Cloud at Okta. “Organizations need the ability to not only bring together risk insights at the point of login, but also to re-evaluate at any point in a user’s session. Identity Threat Protection extends Okta’s adaptive risk analysis and delivers automatic remediation and response, helping businesses stop potential threats in real-time.”
While multi-factor authentication (MFA) is a mainstay for combating Identity-based attacks, its effectiveness is often limited to the point of login. The growing risk of post-authentication threats, such as session hijacking, Adversary-in-the-Middle (AiTM), and MFA bypass attacks via phishing, is pushing organizations to extend their Identity-powered security capabilities beyond the point of authentication.
Extending identity to security response operations
Identity Threat Protection includes integrations built in collaboration with a robust ecosystem of partners including CrowdStrike, Jamf, Material Security, Netskope, Palo Alto Networks, SGNL, Trellix, Zimperium, and Zscaler. The product leverages a standards-based event pipeline to extract insights from various security technologies.
When Identity Threat Protection detects an unusual event — whether it be a change in IP address or device context — admin-configured policies and features can initiate certain actions, such as immediately ending the active user session across supported applications where the organization has the feature enabled. This rapid, coordinated response capability not only allows organizations to neutralize identity threats more effectively, but it also positions Identity Threat Protection as the connective tissue across the tech stack.
“Before companies can embrace new technologies with confidence, they need to ensure their security strategies are designed to outpace threats,” said Meerah Rajavel, CIO at Palo Alto Networks. “Our world-class threat intelligence innovations help secure enterprises against evolving attack methods. Collaborating with Okta’s Identity Threat Protection is a great opportunity to further empower enterprises with security signal sharing, helping them to better detect changes in user risk across their tech stack.”
By leveraging shared signals throughout a user’s active session, Identity Threat Protection empowers organizations to mitigate risk with richer threat detection and response capabilities. Initial capabilities at launch include:
- Continuous Risk Evaluation enforces security policies both at login and during an active user session, reducing the potential for unauthorized access or session hijacking.
- Shared Signals Pipeline amplifies threat visibility across an organization’s tech ecosystem, enabling security teams to detect and respond to emerging threats between various security technologies, including Mobile Device Management (MDM), Cloud Access Security Broker (CASB), and Endpoint Detection & Response (EDR) solutions.
- Adaptive Actions responds to real-time threats with targeted actions such as Universal Logout from supported applications with the feature enabled, prompting users for on-demand multi-factor authentication, and executing automated workflows to address emerging risks.
Jamf manages and secures more than 30 million Apple devices for the world’s leading companies,” said Linh Lam, CIO at Jamf. “In today’s risk environment, it’s critical for any changes in management status and device user risk to be sent in real-time for remediation. Our market-leading Apple device management solution and endpoint security capabilities, backed by Apple-focused threat intelligence, makes Jamf a perfect partner for Okta admins using Identity Threat Protection.”