Identity-based cyber attacks continue to prevail and impact organisations. Stealing credentials was the top initial action in breaches, according to Verizon.
Plus, 84% of identity stakeholders surveyed said identity-related incidents directly impacted their business, resulting in reputational damages, distraction from core business, and increased recovery costs.
Key components of integration
It is more important than ever to safeguard sensitive data from identity-based attacks. For this, defenders need threat context from their security tools combined with data context – information on what is being targeted. To help with this challenge, Rubrik has partnered with Okta.
Rubrik Security Cloud will provide Okta Identity Threat Protection with critical user context to accelerate threat detection and response. In this blog, they will learn about the key components of this integration from Rubrik and Okta and why organisations can benefit from it.
Changes in sensitive data access
Rubrik can detect changes in access to sensitive data, helping accurate and timely risk-level assessments
When it comes to safeguarding data from identity-based attacks, knowing which users have access to sensitive data and how user access changes over time are important. Rubrik Security Cloud provides organisations with unparalleled visibility into user access to sensitive data.
It identifies and analyses user access factors and changes to these factors, individually and in combination. Depending on the level of sensitivity of data a user can access, the user will be assigned a certain risk score (high/medium/low/none).
Access to sensitive data
Rubrik can detect changes in access to sensitive data, enabling accurate and timely risk-level assessments.
This functionality is crucial for organisations to maintain control over their data, enforce least privileged access, and ensure that only authorised users have access to sensitive information.
Empowering Okta with critical user risk context
Rubrik shares with Okta important user context such as email and the types of sensitive files they have accessed. By combining Rubrik's user access risk signals with threat context from other security products used by an organisation (e.g., Endpoint Detection and Response or EDR), Okta can determine overall risk levels more effectively and automate threat response actions to mitigate identity-based threats.
Shown in the diagram is a high-level overview of how the integration works:
- Rubrik knows the user’s identity based on information from Microsoft Active Directory
- Rubrik Security Cloud assigns the user a risk level based on the sensitivity of the data they can access.
- When Rubrik detects a change in a user’s risk level, it shares this with Okta Identity Threat Protection, which can then take a response action.
Okta automated threat response
Okta can accurately determine overall risk levels and automate threat response accordingly
When Okta Identity Threat Protection combines Rubrik's user risk signals with other security signals, Okta can accurately determine overall risk levels and automate threat response accordingly. For example, it can take actions on a high-risk user such as logging them out of a certain device or requiring re-authentication.
These remediation steps help mitigate potential threats by revoking access or prompting additional verification when suspicious activity is detected. Upon learning about user risk changes, Okta can take an action on potential threats, reducing the operational burden on security teams.
Benefits of the Rubrik and Okta integration
The integration of Rubrik Security Cloud with Okta Identity Threat Protection offers several significant benefits for organisations seeking to enhance their data protection and streamline threat response processes.
Firstly, it provides continuous visibility into user access to sensitive data, enabling organisations to monitor changes in access permissions and accurately assess risk levels in a timely manner. This helps them maintain control over sensitive data.
Okta’s automated remediation actions
Additionally, the integration alleviates the operational burden on security teams
Secondly, the integration facilitates faster threat response and remediation. By seamlessly sharing user risk level changes to Okta Identity Threat Protection, the integration enables Okta’s automated remediation actions, such as logging out users or requiring re-authentication. This proactive approach significantly accelerates threat response, thereby enhancing the overall security posture of the organisation.
Additionally, the integration alleviates the operational burden on security teams. By Okta helping automate response actions, security professionals can focus their efforts on more strategic tasks, rather than being overwhelmed by manual processes. This increased efficiency translates into improved productivity and a more effective allocation of resources.
Rubrik's user access risk signals
Finally, the Rubrik-Okta integration fosters enhanced visibility across the security ecosystem. By combining Rubrik's user access risk signals with threat intelligence from other security products, Okta can determine overall risk levels more effectively.
This comprehensive risk assessment enables organisations to gain a holistic view of their threat landscape, allowing for more informed decision-making and proactive threat mitigation strategies.
Pioneering Integration and Innovation
Rubrik is the first and only data security platform vendor to integrate with Okta Identity Threat Protection. The integration leverages OpenID Foundation Shared Signals Framework.
By utilising this framework for receiving user risk signals from Rubrik, Okta can then automate response and remediation, thereby providing a proactive stance against potential security threats. By leveraging Rubrik's data security capabilities and Okta's identity protection solutions, the integration aims to set a new standard in identity threat response.