Beyond Identity launches Okta Defense Kit to identify and prevent security vulnerabilities
Beyond Identity released the Okta Defense Kit, a duo of two preventative tools to help security and identity professionals identify and prevent security vulnerabilities, including those that contributed to recent breaches of the identity management service Okta.
Okta has been subject to numerous breaches over the last few years, resulting from threat actors using tactics that include compromising user credentials or third-party applications with access to Okta’s support or internal applications. These breaches underscore the need for proactive security measures, especially for organizations with limited IT and security resources.
To help Okta customers detect, remediate, and diagnose vulnerabilities in their Okta environment, Beyond Identity built a new Okta Defense Kit that empowers IT, security, and identity professionals to protect against known malicious patterns. The kit includes two free tools, Okta Session Analyzer and HAR File Sanitizer.
Okta Session Analyzer
The Okta Session Analyzer assesses Okta event logs to detect and highlight indicators of compromise (IOC) that signal risky sessions, based on the specific tactics, techniques, and procedures (TTPs) hackers have been leveraging to carry out recent attacks.
For example, the tool can detect indicators of push bombing attacks, fast travel, changes to delegated identity providers, and more. In less than thirty minutes, this tool makes it possible for companies to easily get the visibility they need to identify and defend against known attack patterns.
HAR File Sanitizer
Another source of risk can arise from HTTP archive (HAR) files. For this reason, Okta recommends that customers “sanitize” these files before uploading them to support centers for troubleshooting. With Beyond Identity’s open source HAR File Sanitizer, companies can effectively scrub sensitive information, like cookies and session tokens, from their HAR files to ensure they can be shared confidentially and without compromising user data.
“The best security is preventative security where organizations can detect and remediate vulnerabilities in their environment before bad actors are able to exploit them,” said Jasson Casey, CEO of Beyond Identity. “With our Okta Defense Kit, we are enabling organizations to proactively assess exposure to breaches and leverage known indicators and vectors of compromise to protect their enterprise environment against bad actors targeting Okta customers.”