Between the ever-growing fear of being the next victim of a cybercrime and the exponentially growing amount of security services they must consume, Customers are in search of peace of mind. Read on to find out in this technical review how accSenSe can give you this peace of mind.

Act Now - Protect Your Business!

On March 22nd, 2022, the LAPSUS$ hacker group surprised us by sharing screenshots of OKTA’s penetrated environment. But for customers of OKTA, reality didn’t set in until OKTA admitted to the incident. Then, we find out Microsoft was hit. The top two market leaders in identity management are held to a certain standard by customers. So it is understandable how such a series of events can suck all the optimism from customers, customers who rely on these cloud service providers for business-critical duties every day.

In the era when cybercrime is a highly lucrative business, and numerous security companies are in the business of trying to stop it, customers seem to be in a never-ending losing battle— between the ever growing fear of being the next victim of a cybercrime and the exponentially growing amount of security services they must consume. However, all these customers are searching for is peace of mind.

That peace of mind comes when customers are proactive in ensuring that even if they become the victim of a cybercrime, they know they will bounce back quickly, within hours, because they have Digital Identity Resilience. DIR (Digital Identity Resilience) brings peace of mind to all the customers who rely on SaaS service providers to maintain their cloud services. The innovative approach accSenSe brings to the market allows customers to concentrate on what is important to them – running their business while ensuring their identities are fully protected.

Let’s deep dive into the benefits accSenSe brings.

The fundamental functionality accSenSe brings is continuous data protection for OKTA customers. By subscribing to accSenSe cloud service, customers can backup all their OKTA tenants. Backups are constantly running in 10 minutes intervals and are stored as long as needed, up to indefinite retention. accSenSe will backup all objects and relationships in the protected tenants, thus allowing customers easy options for recovery, sandboxing, and regulatory compliance. “Easy to navigate” dashboard and email alerts are available to confirm everything is up and running per the agreed SLA.

 

Frequent, always running backups bring additional benefits to accSenSe customers. It allows easy comparison between different points in time in the OKTA configuration. This approach is instrumental while investigating potential security breaches or tracking changes in the environment

 

 

As we just saw, accSenSe is a great tool to keep track of changes in the OKTA system, and it only gets better with the additional level of depth it offers.

Let’s look at the scenario when an employee leaves the company and their user account gets deactivated.

A malicious hacker finds that this user was recently deactivated and proceeds to re-activate the user to gain access into the company’s environment.

We can see that accSenSe tracks and monitors changes for each property on each object. In our example, we see there was a change to the following properties on this specific user:

  • lastLogin
  • Status

The attacker activates the user and then sets a temporary password for them. The events for these types of changes are:

  • user.lifecycle.activate
  • user.account.update_password

 

After setting a temporary password, the attacker can log in and change the password with a new one. The following events happen in OKTA but are continuously tracked by accSenSe. They can easily be found in the history section for a selected user:

  • user.session.start (where the actor is the newly activated user)
  • policy.evaluate_sign_on (allow)
  • app.oauth2.token.grant.id_token (success)
  • user.authentication.sso (successful)

 

Now the attacker can log in into OKTA with the fake credential created.

 

 

Now that the attacker gets the user-activated and can change the role for the user, the event that states this role grant is:

  • user.account.privilege.grant
  • and also, in the debug data for the same event, we can see the new role that this user has

 

Every change that the attacker made in OKTA is tracked by accSenSe. We can review the admin’s object details on the accSenSe continuity page. The role this user has been given is shown below:

 

 

After all these changes are complete, the attacker has full access to a new account with a super admin privilege, and now has full control of this OKTA tenant.

Given the sensitivity of the identity management systems and latest events, it’s understandable that many OKTA customers feel vulnerable. Fortunately, that vulnerable feeling can be put at ease with Digital Identity Resilience. accSenSe is the only product on the market that can bring peace of mind to OKTA customers. With any point-in-time backups, infinite retention, change tracking, and deep-dive investigation capabilities.

Writer: accSenSe Product and Customer Success teams.

Identity
Muli Motola

How to Recover OKTA

How to Recover OKTA In a world where information has become the currency, Identity and Access Management Security are now the single-point-of-failure for most organizations.

Identity
Muli Motola

Strategic Digital Identity Cyber Resilience: Securing Mission Critical Asset Backup and Recovery

The news of OKTA’s breach has shone a spotlight on IAM systems’ tremendous value and fragility. Like one domino falling into the next, a system breach at a third-party OKTA support provider can inevitably impact 15,000 organizations using OKTA’s identity and access management services. And the weight of the impact is potentially massive.
Learn how to protect your systems with accSenSe’s Digital Identity Resilience solution.

Identity
Muli Motola

Restoring the confidence: How OKTA customers can gain peace of mind

Between the ever-growing fear of being the next victim of a cybercrime and the exponentially growing amount of security services they must consume, Customers are in search of peace of mind. Read on to find out in this technical review how accSenSe can give you this peace of mind.

We are accSenSe Team

Digital Identity Resilience is crucial to bouncing back from cyber-attacks quickly, fixing a human error, and managing change. accSenSe will provide strategic value for your IT. Diagnose and remediate posture changes within your IAM system. Get back to business as usual within hours and ensure business loss is kept to a minimum. Low RPO and high granularity, Keeping data retention to a maximum. Handle change and growth safely and securely, avoid misconfiguration.

Threat

In a time where Ransomware attacks and account takeovers are growing fast, Cloud Data is at ever-increasing risk.

Identify

Regain Control over your SaaS systems following a cyber attack.

Data

Cloud apps are dominating the software industry. Companies hold their most valuable data in these apps.

Recover

Recover not only SaaS data but also the SaaS configuration and setup.

Resilience

Cloud vendors are legally unbounded from protecting the cloud data with the shared responsibility model.

Business as Usual

With Adjustable RPO and a low RTO, you can be back in business in no time.