Identity security remains a hot topic and our recent trip to Identiverse in Denver, CO, proved that there are many brilliant minds out there focused on solving the issue. We learned a lot, met with a lot of partners and prospects, and our team had a great time – 10/10 will return! Here’s our Head of Solutions Engineering, Andy Winiarski, basking in Rocky Mountain conference bliss:
(PS – You should connect with Andy on LinkedIn here.)
We have a TON of updates to share with you including **FIVE** new Identity Security Checks so let’s dive right in, but first, some news:
Oort is in the AWS Marketplace!
Oort is now available in the AWS Marketplace! You can now subscribe to Oort’s identity security platform directly from the marketplace portal, giving you a single point of sale for a simplified procurement process. You can also see pricing, see a demo video, read reviews, and kick off a free trial. Check it out here!
🎛 🏷 ⏰ New Settings Page, Application Sensitivity Tagging & Checks Timing
You can now customize important aspects of your Oort tenant on an all-new Settings page. You can now label the applications in your IdP as “Sensitive” and have the tag show up wherever the application shows up in activity. Additionally, you can now set the time of day for your Identity Security Checks to run. This helps Oort admins select an appropriate time for any notifications to start firing.
🔏 ⚠️ 👩👩👧👦 0️⃣ See Access Granted By, Self Granted Access Flag, Groups & Unused Applications
You can now see who granted access to an application. Application access granted to the user by the user themself is now flagged in the user’s applications table. This warning could indicate privilege escalation or lateral movement so you’ll want to pay attention to the user. A user’s unused applications are now easily visible to enable quick evaluation of access requirements. If a user has unused applications, it makes sense to remove their access to reduce identity attack surface. Their group memberships are now easily viewable as well.
📊 Application Access Cohort Analysis
Our data science team has been busy! You can now see how a user’s access to applications compare to that of their peers. An outsized number of authorized applications can create additional, unnecessary organizational risk from that account. 😬
**NEW** Identity Security Checks:
✅Super Admin Login to Google
This check reports any time a user with “super admin” privileges logs into the Google Workspace console. Whether it’s nefarious activity or just someone overusing the privilege, it’s important to see this activity at a glance and to make it easy to take action to investigate where warranted.
✅Unmanaged Devices Access
This check detects if a user is accessing from an unmanaged device in the last 7 days (configurable). Oort will give an indication on event and IP if the device was managed or not to allow you to inspect it closer
✅User Activity Anomaly
Adversaries may create/modify an account to maintain access to victim systems or to modify the configuration settings to evade defenses and/or escalate privileges. To identify such actions, Oort alerts on new (over last 90 days) administrative actions performed by account or on actions performed on multiple targets simultaneously (more than 10 targets in 10 minutes – configurable).
✅New Country for Tenant
Attackers may obtain and abuse account credentials to gain initial access, persistence, privilege escalation, or defense evasion. Monitoring accesses from locations with no operation can identify such credentials misuse. To identify compromised accounts, Oort alerts on successful logins from a new (over last 90 days) country for the tenant from a new, unmanaged device.
This is one of the more-recent TTPs whereby an attacker overwhelms a legitimate end user with MFA requests in order to get them to simply grant access that stops the alerts. Oort allows you to configure the rate by which this check is failed.
That’s a wrap for this week! Make sure you subscribe to our updates up top so you don’t miss any new features or announcements coming from Oort! Can’t wait? Get a demo today!