Back

Release Notes: Week 29, 2022

Identity security remains a hot topic and our recent trip to Identiverse in Denver, CO, proved that there are many brilliant minds out there focused on solving the issue. We learned a lot, met with a lot of partners and prospects, and our team had a great time – 10/10 will return! Here’s our Head of Solutions Engineering, Andy Winiarski, basking in Rocky Mountain conference bliss:

Identiverse 2022

(PS – You should connect with Andy on LinkedIn here.)

 

Sign up to receive monthly release notes and Oort news straight from our team! (Unsubscribe at any time.)
First Name(Required)
This field is for validation purposes and should be left unchanged.

We have a TON of updates to share with you including **FIVE** new Identity Security Checks so let’s dive right in, but first, some news:

 

 

Oort is in the AWS Marketplace!

Oort is now available in the AWS Marketplace! You can now subscribe to Oort’s identity security platform directly from the marketplace portal, giving you a single point of sale for a simplified procurement process. You can also see pricing, see a demo video, read reviews, and kick off a free trial. Check it out here!

AWS Marketplace Oort

 

 

 

New Features

🎛 🏷 ⏰ New Settings Page, Application Sensitivity Tagging & Checks Timing

You can now customize important aspects of your Oort tenant on an all-new Settings page. You can now label the applications in your IdP as “Sensitive” and have the tag show up wherever the application shows up in activity. Additionally, you can now set the time of day for your Identity Security Checks to run. This helps Oort admins select an appropriate time for any notifications to start firing.

 

 

 

🔏 ⚠️ 👩‍👩‍👧‍👦 0️⃣ See Access Granted By, Self Granted Access Flag, Groups & Unused Applications

You can now see who granted access to an application. Application access granted to the user by the user themself is now flagged in the user’s applications table. This warning could indicate privilege escalation or lateral movement so you’ll want to pay attention to the user. A user’s unused applications are now easily visible to enable quick evaluation of access requirements. If a user has unused applications, it makes sense to remove their access to reduce identity attack surface. Their group memberships are now easily viewable as well.

 

See Group and Application Access

 

 

 

📊 Application Access Cohort Analysis

Our data science team has been busy! You can now see how a user’s access to applications compare to that of their peers. An outsized number of authorized applications can create additional, unnecessary organizational risk from that account. 😬

Application Access Analysis

 

 

 

**NEW** Identity Security Checks: 

 

✅Super Admin Login to Google

This check reports any time a user with “super admin” privileges logs into the Google Workspace console. Whether it’s nefarious activity or just someone overusing the privilege, it’s important to see this activity at a glance and to make it easy to take action to investigate where warranted.

✅Unmanaged Devices Access

This check detects if a user is accessing from an unmanaged device in the last 7 days (configurable). Oort will give an indication on event and IP if the device was managed or not to allow you to inspect it closer

✅User Activity Anomaly

Adversaries may create/modify an account to maintain access to victim systems or to modify the configuration settings to evade defenses and/or escalate privileges. To identify such actions, Oort alerts on new (over last 90 days) administrative actions performed by account or on actions performed on multiple targets simultaneously (more than 10 targets in 10 minutes – configurable).

✅New Country for Tenant

Attackers may obtain and abuse account credentials to gain initial access, persistence, privilege escalation, or defense evasion. Monitoring accesses from locations with no operation can identify such credentials misuse. To identify compromised accounts, Oort alerts on successful logins from a new (over last 90 days) country for the tenant from a new, unmanaged device.

✅MFA Flood

This is one of the more-recent TTPs whereby an attacker overwhelms a legitimate end user with MFA requests in order to get them to simply grant access that stops the alerts. Oort allows you to configure the rate by which this check is failed.

 

 

 

That’s a wrap for this week! Make sure you subscribe to our updates up top so you don’t miss any new features or announcements coming from Oort!  Can’t wait? Get a demo today!

 

Get a Demo
facebook instagram twitter

RECENT BLOGS

Release Notes: Week 31, 2022

We have some more great product updates this week, including […]

Read More

Release Notes: Week 30, 2022

It’s been another busy week for us with some of […]

Read More

Have a question for us?

Contact us

Let’s get started

Sign up now