10/14/2024 | News release | Distributed by Public on 10/14/2024 14:14
In a previous blog about Okta Identity Security Posture Management, we discussed the challenges and potential solutions that enterprises face when dealing with local account management and security. Today, we'll look into an example of a solution for security teams, regardless of the application that creates local users.
What we'll explain is based on a two-step process:
Security teams are buried under thousands of alerts from multiple tools every day. IT teams are at risk of being flooded by tickets opened by security-driven misconfigurations they need to fix.
Alerts vary in the impact, actionability, and business friction risk involved in their remediation. Too often, security teams have to default to manual processes that mean responding too late and allowing attackers to get in before the risk is eliminated.
Furthermore, a lack of expertise and permissions required to investigate and remediate issues in downstream apps reduces productivity even more and results in wasted time and resources. That's why, out of all issues detected, security teams need to be empowered to prioritize effectively, addressing the most critical and actionable vulnerabilities first.
Let's take a real-life, common example called "Entra ID local unused, no multi-factor, old password admin." Out of all local accounts, unused privileged user accounts with no multi-factor authentication (MFA) and old passwords are the most actionable, present higher risks, and are the most likely to make your organization vulnerable.
Why? Let's review these in more detail.
How to remediate is pretty straightforward, with two alternatives available.
Now let's see how such an approach can be implemented using the Okta platform in a fictitious case study.
Ali, an employee at ACME Corp, created a local account in Microsoft Entra ID with the application administrator role. After transitioning to a new role three months ago, her account was left unused and vulnerable:
This context is far from ideal from an Identity Security posture standpoint.
A potential attacker could exploit Ali's local account by leveraging its admin permissions to create malicious applications, access sensitive data, or compromise other user accounts, significantly jeopardizing organizational security.
ACME'ssecurity team deploys Okta Identity Security Posture Management. Integration with Microsoft Entra ID allows continuous updates to the Identity inventory, including Ali's local user account ([email protected]). The team has also configured Okta Identity Security Posture Management and the Okta core platform to connect via Workflows using webhooks.
The solution correlates Ali's access, permissions, and security posture, confirming:
Upon detection, an alert titled "Unused, No MFA, Old Password Admin"is triggered.
This simple example demonstrates Okta Identity Security Posture Management's ability to surface high-risk users and prioritize remediation. It also displays the solution's actionable aspect and its deep integration with the Okta platform. Note that automated remediation is not limited to Okta applications. Our customers can integrate with their own solutions using webhooks.
Using Okta Identity Security Posture Management to detect and correlate risks combined with Okta Workflows for automated remediation, security teams can reduce risks effectively and immediately.
Okta Identity Security Posture Management is part of the Okta Secure Identity Commitment- Okta's long-term plan to lead the fight against Identity attacks. We're arming customers with the products and services they need to secure Identity in today's ever-changing threat landscape.
We're here to help, so please reach out to your Product Manager to see how Okta Identity Security Posture Management can impact your ability to manage your Identity security posture and reduce your risk of being breached.