Attackers are increasingly targeting users and their credentials to take over user accounts. Through credential-based attacks like phishing and formjacking, bad actors work to convince (or trick) users to hand over their usernames and passwords, and if successful, inadvertently grant them access to enterprise assets. Attackers are smart—why hack in when you can just log in?
With the rise of cloud and mobile technologies, enterprise users and data can reside outside of the traditional security perimeter. Organizations need to develop a strong, integrated threat response program that can help mitigate the high number of increasingly sophisticated attacks.
Automated Identity-driven Incident Response
Demisto integrates directly Okta to enable identity-based, automated response actions to help combat credential-based attacks. As each alert is generated, Demisto playbooks can automatically query Okta for relevant user activityas well as critical contextual information to help security teams identify suspicious activity. If the investigation suggests a user account has been compromised, playbooks can take automatic remediation actions to suspend the account.
Automating this first line of defense across identity and incident response, rather than relying on manual human intervention, provides orchestrated security against threat actors and frees up security teams to tackle more complex tasks
The Demisto + Okta Integration in Action
Here’s how Demisto and Okta work together to automate identity-driven incident response. RESTful API connections let Okta seamlessly provide Demisto with additional visibility into user activity, like failed login attempts, as well as identity context, like the groups a user belongs to and the applications they’re allowed to access.
With this additional context from Okta, Demisto can orchestrate an informed identity-driven response to mitigate the threat, including prompting for step-up authentication, or even remediate the compromise, like forcing a password reset.
For instance, if a security team is alerted after multiple failed login attempts by one user, they can quickly and easily find out what groups this user belongs to and what sensitive applications and data they have access to — all in order to better understand the risk of the situation.
Okta’s identity data and user controls, coupled with Demisto’s orchestration workflows, help enterprises confidently handle today’s high volume of sophisticated identity-focused attacks with automated, policy-driven response actions.
Safeguard Against Credential-Based Threats: Deploy Identity-Driven, Automated Response
With threat actors increasingly targeting employees’ credentials and users and with data continuing to reside outside the physical boundaries of organizations with increased frequency, it’s time for security teams to shift their approach.
Demisto and Okta help your enterprise stop hackers in their tracks with contextually informed, automated security response, empowering your teams to protect against the growing volume and increasing sophistication of today’s identity-driven threats.
To learn more about integration with Okta, view our joint solution brief:
We hope you found this integration overview useful. To explore Demisto in greater detail, you can download our free community edition below.