1

2022 Trends in Securing Digital Identities. Dimension Research (sponsored by IDSA). June 2022.

2

2023 Trends in Securing Digital Identities. Dimension Research (sponsored by IDSA). June 2022.

3

2023 State of Cloud Permissions Risks Report. Microsoft Security. March 2023.

Unified Cross-Platform Visibility
Gain one holistic view of identities and access across your estate, and see attack paths you could not see before.
Identity Threat Detection
Identify overprivileged accounts and users, poor security controls, and anomalies — including events involving multiple identities and accounts.
Proactive Identity Hygiene​
Leverage actionable recommendations before they become a threat, and accelerate threat investigations.
Cloud Least Privilege​
Discover, visualize, and audit cloud entitlements across your multicloud footprint — all from a single interface.
Privilege Creep Prevention​
Continually assess, adjust, and prevent excessive permissions for human and machine identities — and right-size access for all.
Integrated Ecosystem
Boost the capabilities and intelligence of all BeyondTrust Privileged Access Management (PAM) products and other connected solutions.

"The biggest thing that I’ve been excited about with Identity Security Insights is that you’re looking at my Okta. [BeyondTrust] is also the only one that has access to this kind of information across all my servers and my employees. I don’t have a tool collecting that local information other than BeyondTrust's solutions. There’s a lot that [BeyondTrust] can show me that no one else can.”

Manager of Information Security, Leading American Paint Manufacturer

Gain unprecedented visibility. Detect threats and promote hygiene across your entire identity landscape.

Centralized Dashboard​
Gain a unified view of identities across your entire IT estate. View detections, recommendations, and key entitlements in a single interface.​
Identity-Threat Detection
Detect identity-based anomalies and known attack techniques. Visualize detections, ranked by severity, and their associated identities and accounts.​
Cloud Access Visibility
Continuously discover, visualize, and audit all permissions to access resources across your multicloud footprint.​
Powerful Integrations​
Leverage your current technology stack and security investments with a solution that can easily integrate with your identity tools​.
Identity Analysis
Gain detailed visibility over each identity and any associated risk factors to prioritize least privilege related actions.​
Proactive Recommendations​
Get recommendations for reducing attack surfaces, right-sizing cloud entitlements, securing identity access, and addressing identity hygiene issues.​
Cloud Entitlement Guidance​
Leverage CIEM capabilities to easily adjust cloud entitlements, without affecting productivity or disrupting day-to-day operations.​
Rapid Deployment​
Get up and running in under 30 minutes and gain actionable findings same-day. Fast-track your journey to an improved security posture.​
Gain visibility, control, and session management of privileged credentials (passwords, secrets, SSH keys, etc.) and accounts.
Extend privileged access management best practices for remote access to vendors, internal remote workers, and infrastructure.

October 2, 2023, Identity Security Insights detected an attacker trying to access an internal Okta admin account with a valid session cookie stolen from Okta support. We then alerted Okta to the breach nearly three weeks before their public acknowledgment.

What did Identity Security Insights detect and alert on during the attack?

  • Okta session hijacking
  • Okta user performed administrative action using a proxy
  • Okta admin privileges were granted to a user
  • Okta password health report generated
  • Okta user with some level of admin access uses MFA vulnerable to SIM swapping


How did BeyondTrust successfully defend against the attack?

The Okta administrator’s account was protected with FIDO2 authentication, and policies within BeyondTrust’s Okta only allowed access to the admin console from managed devices with Okta Verify installed.

Our own instance of BeyondTrust’s Identity Security Insights, and tailored detections from our security teams, alerted us to several aspects of the intrusion. We immediately disabled the backdoor user account and revoked the attacker’s access before the account could be used and prevented any further actions.



Timeline of the attack and response

  • October 2, 2023 – BeyondTrust detected and remediated identity-centric attack on an in-house Okta administrator account and alerted Okta
  • October 3, 2023 – Asked Okta support to escalate to Okta security team given initial forensics pointing to a compromise within the Okta support organization
  • October 11, 2023 and October 13, 2023 – Held Zoom sessions with Okta security team to explain why we believed they might be compromised
  • October 19, 2023 – Okta security leadership confirmed they had an internal breach.
  • November, 29, 2023 – Okta published an updated disclosure revealing the attacker had impacted all Okta customer support system users


Learn more about the attack and how to improve your Okta security:

Webinar: A Post Breach Analysis: Okta Support Unit, with BeyondTrust's Marc Maiffret, Chief Technology Officer; James Maude, Director of Research

Blog: Okta Support Unit Breach Update & Security Implications

Blog: BeyondTrust Discovers Breach of Okta Support Unit

Watch a demo of Identity Security Insights to get a closer look at how it works. Watch Demo.

Request a complimentary assessment of your current identity security posture, including 90 days of monitoring for identity-based attacks. Request Identity Security Insights Assessment.

Prefers reduced motion setting detected. Animations will now be reduced as a result.