Back

Oort Origins and Our Vision for Identity Security

Since February 2022, when we first launched the Oort Identity Security Platform, Oort has grown to secure more than half a million accounts.

We wouldn’t be where we are today without our early adopters, including the likes of Avid Technology, Collibra, and Northeastern University. We also wouldn’t have gotten far without our advisors and technology partners, such as Snowflake, Okta, Microsoft, and Cisco

The industry has quickly realized that identity is a huge blindspot for security and we need to do something about it. This trend has been picked up in Gartner’s research, too. Their paper Your Cyberattack Preparedness With Identity Threat Detection and Response outlined why organizations need ITDR capabilities and why existing solutions are falling short. 

With our Series A investment, announced in October, we have set ourselves up for an exciting 2023 as we continue to expand our capabilities and customer base.

Amidst all that excitement, I want to take a moment to step back, and share a bit about where Oort came from and where we’re headed.

 

Why are we called Oort? 

Customers, investors, partners, employees, random acquaintances… they all have the same question: “why are you called Oort?” 

Followed by:

  • “Is that an acronym? Does it stand for something?”
  • “How do you pronounce it? Is it O.O.R.T. ? Or O-Ort?”
  • “Is the comet in the logo a letter? Or is the name of the company just ORT?”

We’ve heard them all. 

Fortunately, when we do reveal the origin of our name, it is often met with delight. The beauty of a good analogy. So let’s answer it then: why ARE we called Oort? 

 

The Oort Cloud surrounding our solar system

Oort, our company, is named after the Oort Cloud, which, in turn, is named after 20th century Dutch astronomer Jan Oort. Back in the 1950s, Jan Oort theorized the existence of a massive spherical cloud of icy objects orbiting our solar system beyond the reaches of Pluto and the Kuiper belt, which later became known as the Oort Cloud.

Jan Oort himself was a remarkable scientist. Using real galactic observations, he was able to prove the theory that our Sun is not the center of the Milky Way and that the Milky Way itself rotates around its center which lies some 30,000 light years away from our solar system. Not only that, but the Earth and the rest of our solar system takes 225 million years to orbit the center of the galaxy. By observing the speed of rotation of the stars in our galaxy, Oort even discovered the first evidence of dark matter. 

After surviving the Nazi occupation of the Netherlands during World War II, Jan Oort went on to study the behavior of comets and proposed the idea that long-period comets originate from a common region outside the reaches of the furthest planets. He theorized the existence of a swirling cloud of billions of comets orbiting our solar system.

A slight disruption of any one of these icy objects can send it hurtling towards our inner solar system. As these balls of dust and ice get close to the Sun, they begin to melt and let off gasses, which form the tail of the comet. 

 

An artist’s’ impression of the Oort Cloud. Source: https://www.skyatnightmagazine.com/space-science/what-is-the-oort-cloud/ 

 

What do comets have in common with security?

While this history of astronomy may be fascinating, what has it got to do with enterprise security? Believe it or not, our solar system and the Oort Cloud are the perfect analogy for the modern enterprise. 

Think of your typical model of the solar system from elementary school: the Sun, the eight planets, the asteroid belt. In our analogy, this is where all of your assets, data, and applications reside. Maybe you’re using cloud infrastructure, SaaS applications, on-premise systems; these are all part of the core of your business and this is exactly what you are trying to protect.

Now zoom way out.

What do you see orbiting your company? Thousands? Hundreds of thousands? Millions of identities. Employees, contractors, third-parties, vendors, partners, customers. They’re all out there, and they all need access to bits and pieces of your core assets and data.

Every company has an Oort Cloud. A swirling mass of identities orbiting their business. Whether they’ve discovered it yet or not, it’s always been there. The only difference is that now, in 2023, we can no longer afford to ignore it. The walls have come down and it just takes one errant object to inflict massive damage on our home planet.

 

Why is identity security suddenly so important?

Identity is the new perimeter. The shift to remote work finally brought these swirling identities into view. We’re all working from our own devices, from our own networks, accessing whatever applications we need to get the job done. Network security and device security don’t stand a chance in this brave new world of distributed work.

Attackers have been quick to target this change. They don’t need to wait for the next unpatchable 0-day vulnerability. In fact, most attackers don’t use malware at all; they simply login. Once they are in, security teams are blind to how attackers abuse and manipulate identities to access company assets, data, and applications.

Most companies have incredible security tools to secure devices, applications, networks, and data – but almost nothing for identity. Identity is an afterthought.

We intend to change that.

When I say “identity is the new perimeter”, I’m not being hyperbolic: I truly believe that the future of security is identity-first.

 

Zero trust starts with identity

We’ve witnessed a few missteps in the rollout of Zero Trust. Many organizations jumped directly to Zero Trust Network Access (ZTNA) without realizing that every single ZTNA solution on the planet heavily depends on a solid identity foundation. Identity is so fundamental to adopting Zero Trust that organizations that rushed to deploy ZTNA are now backtracking to reassess whether their identity security program is up to the task (if it even exists in the first place).

At Oort, we’re lucky enough to have some incredible advisors, including John Kindervag – who first coined the term “Zero Trust” when he was an analyst at Forrester. The term Zero Trust has taken on a life of its own with a million different meanings. However, it all comes back to replacing the old “trust but verify” mindset with “never trust always verify.” Unfortunately, ZTNA solutions ignore this mantra when they blindly trust external IAM providers to both authenticate and authorize identities. 

When it comes to true Zero Trust adoption, I’m a big fan of CISA’s Zero Trust Maturity Model, which seems to be one of the most sensible paths forward. CISA names Identity as the first pillar of Zero Trust. Understand the actors (who need access) and the assets (what they need access to). Everything else - when, where, why, how - is secondary.

 

Identity threats are real

Jan Oort used real empirical observations to prove the theory of galactic rotation. We can do the same for identity threats. This is not just a theoretical risk; it’s really happening. According to the 2022 Verizon Data Breach Investigations Report, 80% of all breaches involved the use of lost or stolen credentials. Account takeover is real and it has real repercussions.

A string of high-profile attacks in 2022 prove it. In December, in two separate incidents, attackers stole code from the GitHub accounts of Slack and Okta. These are powerful examples of how hard it is to protect identities within enterprises (for those interested, I wrote a column in Dark Reading about some of the best practices for securing GitHub.)

Attackers are also becoming smarter about who they target. Earlier in 2022, Okta was targeted by a group of attackers called Lapsus$. Lapsus$ targeted a customer support agent working for a third party. Via this identity, the attackers were able to access both internal company sites and customer service records. 

It’s not simply a case of requiring Multi Factor Authentication (MFA), either. Attackers are now finding ways to bypass MFA, especially weak forms like SMS. A group known as 0ktapus targeted Twilio in order to access one-time passwords (OTPs) delivered over SMS. These passwords could be used by Okta customers as temporary authentication codes. Unfortunately, with access to Twilio, 0ktapus could see these OTPs.

This is not a one off: we see attacks on MFA all the time. Auth0’s 2022 State of Secure Identity Report showed the scale of MFA attacks: on average, they saw 1.24M MFA bypass attacks every day. Sadly, MFA is not the silver bullet.

 

Bridging the Divide Between IAM and Security

Whose responsibility is identity anyway? Dmitriy Sokolovskiy once summed up “identity is at the root of pretty much everything”. Identity is an important piece of any security program; clearly, identifying authentication issues, identity threats, and identity attack surface weaknesses is critical. 

Unfortunately, there is a strange, historical disconnect between the IAM infrastructure and the security teams. IT teams have spent years implementing new IAM tools, like Active Directory, Duo, Okta, SailPoint, CyberArk, and many others. Yet security teams often have zero visibility or control over these tools. 

Your average security analyst understands network traffic and protocols, device operating systems and vulnerabilities, but when faced with federated SAML or OAuth tokens, they don’t know where to start.

While smart CISOs and security leaders are now adding IAM expertise to their teams and building out their IAM security programs, the vast majority are still in the dark on the fundamental importance of identity to their overall security program. 

Just like securing any other infrastructure, IAM infrastructure requires IAM security. IAM security requires expertise.

We’re building the identity security platform

Oort is here to help. 

I’m so grateful for everyone that has helped us to quickly become the leaders in ITDR space. We have exciting plans for 2023 to add new capabilities that will enable security teams to better detect and respond to identity threats.

But we don’t want to stop there: at Oort, we’re building the identity security platform that will provide a complete view of every orbiting identity and the risk they pose to organizations’ data and assets.

Watch this space!

If you want to be part of this journey, we’re hiring! Check out our current openings here: https://oort.io/careers.

If you want to see Oort in action, you can schedule a demo with our team here: https://oort.io/demo.

Recent Blogs

Most enterprises now have some form of multi factor authentication (MFA) to better protect employeetrue

Summary

This week’s release brings several new features, including improvements to the Unused Usertrue