Oort is now part of Cisco  |  Learn more

Try it free

Oort's Response Capabilities: Remediate Compromised Accounts with Just One Click

Are you struggling to respond to identity threats in your organization quickly and effectively? Do you want to be able to remediate compromised accounts with just one click? If so, read on!

Our suite of response options is designed to help you stay ahead of identity threats, and we're constantly adding new capabilities to ensure that you have the best tools available.


The Evolution of ITDR

Identity Threat Detection and Response (ITDR) has come a long way to keep up with the ever-changing landscape of identity and access management. In the past, security teams focused solely on detecting threats and anomalous behavior in Active Directory (AD) within on-premise environments. However, with the widespread adoption of cloud-based infrastructure and Software as a Service (SaaS) applications, organizations are now shifting towards cloud-based Identity and Access Management (IAM) solutions. As a result, ITDR has evolved significantly, with a greater emphasis on detecting and responding to identity threats in cloud-based IAM.

Despite these changes, most vendors still offer limited remediation options, which presents a significant challenge in responding effectively to identity threats.

This is where Oort comes in - our powerful remediation actions can quickly contain and mitigate the effects of an identity threat.


Response Actions Available

Oort has four main actions available to use, but we’re adding to these all the time. Is there something missing? Let me know!

  1. Quarantine User

Oort already provides a variety of detections to identify compromised accounts. But what next?

When you quarantine a laptop or device, you're typically preventing it from accessing the corporate network. However, if a compromised user has already accessed a particular application or service, simply quarantining their laptop or device won't necessarily prevent them from continuing to perform malicious actions within that application or service.

Quarantining the user's account within the identity provider is a more comprehensive approach. By quarantining the account, you prevent the user from accessing any applications or services that rely on that identity. This means that even if the user tries to bypass security controls or access a specific application from a different device, they won't be able to because their identity is quarantined.

Furthermore, you can define precisely what that user can and cannot do. For example, they may be able to access IT support, but nothing else. 

  1. Log Out User

Another critical action to take when dealing with compromised accounts is to log the user out of all sessions. This action, which is often used in conjunction with quarantine, provides a simple yet effective way to remove unauthorized access to the user's accounts, including access granted via session hijacking.

With just one click, the log-out feature clears all active sessions and logs the user out across all devices. This helps prevent attackers from continuing to access the user's accounts and perform malicious actions, even if they still have access to the user's credentials.

If the user needs to log back in, they must re-authenticate, adding an extra layer of security to the process. This ensures that only authorized users can access sensitive data or perform critical actions within your organization's applications and services.

  1. Reset MFA

Are you tired of your IT help desk team spending hours resetting MFA factors for employees who have lost or replaced their phones? Not only is it time-consuming, but it can also pose a security risk. Attackers often reset their targets' MFA to register their own. That's why it's critical for IT help desk teams to verify the user's identity before resetting MFA factors. But what if we told you there's a simpler way?

Introducing Oort's User 360 profiles! These profiles offer a single pane of glass for IT help desk teams to quickly and easily confirm a user's identity. Armed with this information, help desk analysts can ask targeted questions such as: Where did they last login from? What factor did they last use? Which applications have they used in the last 24 hours?

Resetting MFA factors for Okta and Duo has never been easier. Simply go to the User 360 profile, click on "Actions" and select "Reset MFA". It's that simple! Let Oort help your IT help desk team save time and increase security with our User 360 profiles."


  1. Add/Edit User Type

At Oort, we understand that responding to threats is only one part of the equation when it comes to identity security. That's why our platform goes beyond just threat detection to also help organizations address IAM hygiene issues. With Oort, teams are empowered to make necessary changes to ensure consistency and accuracy in their identity records.

One common issue we see with IAM hygiene is discrepancies between HR and IdP records. Fortunately, Oort provides a simple solution to this problem. Our customers can easily add or edit user types to ensure that their records are consistent, which helps to prevent headaches down the line. By addressing these issues early on, organizations can avoid complications that arise when terminating users or implementing large projects, such as an IGA tool.

Without consistency in user records, future projects are likely to be painful, time-consuming, and less likely to be successful. At Oort, we believe that a proactive approach to IAM hygiene is key to a successful identity security program.

Save Time with Cross-Platform Capabilities

Our new functionality is designed with a core aim of helping our customers save time when responding to identity incidents. With just one click of a button, you can quickly remediate compromised accounts, quarantine them, and log them out of all sessions.

But the real-time savings go beyond just the simplicity of the one-click solution. Our remediation actions are specifically designed to work seamlessly across a range of identity providers, including Okta, Azure AD, Duo, and G Suite. By offering a unified solution that works across all IdPs, we enable you to save a significant amount of time and effort.

Whether you're dealing with a single compromised account or a large-scale incident, Oort provides you with the tools you need to respond quickly and effectively. With our streamlined and user-friendly interface, you can take proactive steps to protect your organization's identities and ensure a strong security posture.


Interested to learn more?

These Remediation Actions are available immediately to all Oort customers as part of User 360 profiles. At no additional cost, you can take advantage of these new features to improve your identity threat response and enhance your security posture. We’re releasing more capabilities all the time, so if there are any other actions you’d like to see, let me know!


If you’re not an existing Oort customer but would like to learn more, schedule a demo and find out for yourself!

Recent Blogs

This week we’re introducing two new checks, a “registered location” tag, and more. Read on to learntrue

There have been plenty of exciting releases to get excited about over the last year. However, thistrue