SentinelOne has introduced SentinelOne XDR Response for Okta, enabling security teams to quickly respond to credential compromise and identity-based attacks. The integration of SentinelOne’s XDR platform with Okta’s identity management capabilities offers a powerful new solution to accelerate response and minimise enterprise risk.
“Consolidating context from various tools and automating response force multiplies our team to address the growing scale and speed of threats. Attackers exploit endpoint and identity security and access gaps. SentinelOne and Okta are leaders in securing both of these enterprise domains,” said Stephen Lee, VP Technical Strategy & Partnerships, Okta. “Incorporating SentinelOne Singularity XDR into the Okta identity platform improves the contextual awareness of our solution, ensuring that every identity is verified and malicious actors cannot advance laterally in pursuit of high-value targets. With SentinelOne across enterprise attack surfaces and Okta enforcing identity policies, organisations enjoy the best of both worlds in a single solution.”
According to the 2022 Verizon Data Breach Investigations Report, 82% of breaches involved the human element including the use of stolen credentials. While there are existing solutions that secure various pieces of the enterprise they are often siloed, causing gaps in visibility and making it difficult to achieve a holistic understanding of an organisation’s security posture.
“Groupon is on a constant journey of modernisation, adopting new and cutting-edge cloud technologies like SentinelOne Singularity XDR and Okta to best protect our employees and customers,” said Ryan Ogden, Director of Information Security, Groupon. “Consolidating context from various tools and automating response force multiplies our team to address the growing scale and speed of threats.”
SentinelOne’s StorylineTM observes all concurrent processes across OSs and cloud workloads, providing rich context for any potential endpoint security incident. When a threat is detected, Singularity XDR informs Okta of the last logged-in user for that endpoint and Okta provides identity context from Okta data. By combining XDR and identity context, the joint solution helps security analysts quickly determine who is doing what on which device, significantly reducing the risk of endpoint or identity-based attacks.
SentinelOne XDR Response for Okta provides a fully automated remediation process, alleviating the burden on the SOC team and allowing analysts to focus on higher-value tasks. Other key use cases include:
• Threat Enrichment - automatically enriches threats within Singularity XDR with recent login information via Okta to make security data actionable
• User Suspension - terminates active sessions originating from compromised devices to minimise response time for prevention and remediation
• Reset Password - forces password resets, preventing SSO-enabled lateral movement across corporate applications
• Force Reauthentication - initiates a multi-factor authentication (MFA) workflow within Okta, locking the account until the user re-authenticates with a valid MFA token for identity verification.
“Compromising identities and moving laterally to exploit an organisation’s ‘crown jewels’ is the blueprint of modern attacks,” said Yonni Shelmerdine, Vice President of Product Management, SentinelOne. “Organisations need robust endpoint protection and visibility into user sessions to respond effectively to malicious activity. With SentinelOne and Okta, enterprises gain enterprise-grade context for effective security operations.”