How do Okta & Varonis
work together?
Author: Grace Maher & Charlotte Fletcher
Release Date: 21/10/21
Nearly 44% of cloud privileges are misconfigured. The impact of this is that users often have overly-broad privileges which are mis-assigned due to a security team oversight or malicious activity. This can open up an organisation to account takeovers and data exfiltration. This is why it is crucial to have oversight of your cloud and be mapping and analysing the relationships between users and application accounts and the relationship those accounts have to data and other resources across siloed cloud technologies.
Most Recent Post:
Okta is a cloud first identity platform that can connect anyone, to anything, be it an Application, Physical or Virtual Server, or even API’s. Detecting and preventing threats can prove challenging with Okta’s security capabilities alone, leaving your sanctioned business applications and the data they hold at risk.
Our traditional method of protecting our perimeter may not always keep all of our areas covered in this instance, as the perimeter may change day by day, or depending on who may be using the platform. Of course, accessing your sanctioned business applications is integral for day to day business operations, but how can you be sure that access is legitimate when you cannot use device type, location or network information to create rules or even analyse the log-in activity.
DatAdvantage Cloud helps to normalise and standardise permissions. If you think about permissions on data, read, write and so on, the permissions DAC works by are Create, Read, Update, Delete and Share. And in the same way as this applying to permissions on data, the ‘resources’ are really just the applications that Okta is allowing users access to and the levels of permissions.
DAC can highlight which identities don’t have multi-factor switched on, meaning that those accounts could be insecure. This is making an attacker’s job so much easier. It will also be able to highlight any admins, super admins, guest accounts that are registered across the environment.
Varonis is looking into and analysing all the identities, looking into what they have access to by combining entitlements and direct permissions and mapping all that together to show you where you’re at risk, but it’s also monitoring behaviour. It’s monitoring all the data access requests, all the account and privilege escalations, all of the account creations, assignments, all of the authentications. It does this cross cloud so it makes it really easy to answer questions like what did this user do when they logged into Okta, then did they access another application, then they may be exposed to something, then they may have created an account.
Varonis alerts you when something goes wrong – looking at all of the events and alerting you when something happens, when somebody escalates the privileges of an account. By leveraging Varonis Cloud you can easily manage Okta assignments as well as detect any suspicious activity to ensure your critical business applications are protected. Risks are prioritised by severity to the business over misconfigured users, and excessive application or permissions enrollments.
Varonis focuses on three main risk areas around Okta’s security:
1. Reducing the attack surface
Varonis’s easy to read reports allow you to quickly and easily see where any users may have excessive access to your applications and devices, highlighting overlapping assignments which will reduce your overall exposure and secure sensitive information. Offboarding employees and non-human identities can be done easily within the Okta platform and reported on to ensure stale accounts no longer have access to any of your applications.
2. Detecting and preventing account take-overs
Alerts from Varonis can protect your business from malicious actors with notifications in real time on risky configuration changes, privilege escalations and also excessive user password reset or unlock attempts. This makes it so much simpler and easier to loop together cross cloud activities and allows you to see all critical apps with privileged roles or services that authenticate through Okta. Of course, the fully extensible alerting functionality of Varonis allows you to create custom alerts based on your own security concerns as well.
3. Conducting fast cross-cloud platform investigations
Varonis is able to understand normal behaviour of your users, and therefore alert on when behaviour deviates from the norm. This allows you to quickly identify malicious activity across siloed cloud technologies and investigate the extent of an attack to sufficiently remediate and recover.
