THE OKTA INCIDENT REMINDS US SECURITY IS A TEAM SPORT
Take these four immediate steps if you suspect your Identity Provider is compromised.
IDENTITY SECURITY STEPS IF YOUR IdP IS COMPROMISED
A defense-in-depth approach to help secure identities and prevent breaches.
Step 1: Scrutinize Config Changes
A simple configuration change is all it takes to give attackers persistent access to your Identity Provider (IdP). Be on the lookout for new multifactor (MFA) device deployments or changes, config changes, reset attempts and permission, user or role changes.
Step 2: Inspect App Changes
If threat actors have access to the single sign-on (SSO) platform, they can add a malicious app or replace an existing one. Additions of new applications should follow strict approval workflows and be reviewed as part of access governance processes.
Step 3: Implement Least Privilege
Minimize the potential damage threat actors can cause with stolen IdP access tokens. Implement just-in-time access and dynamic elevation capabilities to eliminate standing access and employ least privilege fundamentals like removing local admin access from endpoints.
Step 4: Restrict Sensitive Access
Protect remote (RDP) access to sensitive applications and resources, such as Help Desk, Privileged Access Management software, and management subnets using context-aware MFA. In addition, access to such high-risk resources should be restricted to managed devices and follow the principle of least privilege.
COVER YOUR SECURITY BASES WITH CYBERARK
Deploy CyberArk solutions alongside your current Identity Provider as part of a multi-layered, security-first approach.
Monitor and Audit High-Risk Web Sessions
Gain complete visibility into users’ actions within web applications using CyberArk Identity Secure Web Sessions. Secure Web Sessions solution integrates with your existing Single Sign-On service to validate users at the beginning and during each session, monitor user actions within protected apps, and audit sessions using a step-by-step approach to meet compliance requirements.
Secure Access to All Types of Resources With MFA
Safeguard access to cloud apps, legacy applications, VPNs, virtual desktops, and endpoints using CyberArk Identity Adaptive Multi-factor Authentication (MFA). With CyberArk Identity Adaptive MFA, you can add context-aware verification to all types of enterprise resources, including RDP sessions, to prevent account takeover, and ensure that attackers cannot use compromised user credentials.
Protect Endpoints and Enforce the Principle of Least Privilege
Strengthen endpoint security and prevent the effectiveness of ransomware attacks with CyberArk Secure Desktop. Using the Secure Desktop solution, you can remove local admin rights and require users to pass secondary authentication at endpoint login and when privilege elevation is needed without sacrificing the end-user experience.
Provide Secure Third-Party Access to Critical Internal Resources via CyberArk PAM
Provide external vendors with fast, easy, end-to-end encrypted privileged access to critical internal systems using CyberArk Vendor Privileged Access Manager. With Vendor Privileged Access Manager, you can secure third-party access to critical internal resources with full session isolation, monitoring, and audit capabilities without VPNs, passwords, or agents while integrating with your existing Identity Provider directory.
Store and Share Business-Related Credentials and Items
Secure credentials for password-based business apps and other sensitive data using CyberArk Identity Workforce Password Management solution. With Workforce Password Management, users can seamlessly add passwords, license numbers, and other valuable data to CyberArk Identity Cloud or Self-Hosted Vault to reduce credential sprawl, increase productivity, and implement stronger security controls.
LEARN HOW CYBERARK ENABLES DEFENSE-IN-DEPTH AND MITIGATES RISK WITH A HOLISTIC APPROACH TO IDENTITY SECURITY
Deliver comprehensive Identity Security
Enable operational efficiency
Secure you digital transformation
Satisfy audit and compliance