XDR and Identity security provide comprehensive contextual protection against endpoint and identity-based attacks
SentinelOne announced SentinelOne XDR Response for Okta, which allows security teams to quickly respond to credential compromise and identity-based attacks. The integration of the XDR platform with the identity management features provides a powerful new solution to accelerate response and minimize business risk.
“Attackers exploit security and access gaps in end devices and identities. SentinelOne and Okta are leaders in securing these two divisions of the company,” says Stephen Lee, VP Technical Strategy &Partnerships at Okta. “The integration of SentinelOne into the Okta identity platform improves the contextual awareness of our solution and ensures that every identity is verified and threat actors cannot advance laterally in pursuit of high-value goals. This protects the attack surfaces in the company and enforces the identity guidelines, i.e. the best of both worlds in a single solution.”
According to the Verizon Data Breach Investigations Report 2022, 82% of security breaches were due to the human factor, including the use of stolen credentials. Although there are already solutions that protect different parts of the company, they are often isolated, which leads to gaps in transparency and makes it difficult to gain a holistic understanding of the security situation of a company.
“Groupon is on a constant modernization journey and uses new and innovative cloud technologies, such as those of SentinelOne and Okta, to protect employees and customers in the best possible way,” says Ryan Ogden, Director of Information Security at Groupon. “Consolidating the context from different tools and automating the response forces supports our team to meet the growing scale and speed of threats.”
In addition, all simultaneous processes can be monitored across operating systems and cloud workloads, creating a comprehensive context for every potential security incident at the endpoint. When a threat is detected, the last logged-in user for that endpoint is reported, and the identity context is provided from the collected data. By combining XDR and identity context, the joint solution helps security analysts quickly determine who is doing what on which device, significantly reducing the risk of endpoint or identity-based attacks.
The integration provides a fully automated remediation process that relieves the SOC team and allows analysts to focus on higher-value tasks. Other important use cases are:
- Enrichment of threat data: The integration automatically supplements threat data in the XDR platform with current credentials of the identity platform in order to make the security data usable.
- User Blocking: Active sessions originating from compromised devices are terminated to minimize response time.
- Resetting Passwords: Password resets can be forced, which prevents SSO (single sign-on)-enabled lateral movements in enterprise applications.
- Forced re-authentication: Forcing re-authentication initiates a multi-factor authentication workflow and locks the account until the user re-authenticates with a valid MFA token for identity verification.
Compromising identities and compromising a company’s ‘treasury’ represents the blueprint of modern attacks,” says Yonni Shelmerdine, Vice President of Product Management at SentinelOne . “Organizations need robust endpoint protection and visibility into user sessions to effectively respond to malicious activity. With the integration of the two security concepts, XDR and identity security, companies receive a holistic context for effective security measures.”