2022 Trends in Securing Digital Identities. Dimension Research (sponsored by IDSA). June 2022.
2023 Trends in Securing Digital Identities. Dimension Research (sponsored by IDSA). June 2022.
2023 State of Cloud Permissions Risks Report. Microsoft Security. March 2023.
"The biggest thing that I’ve been excited about with Identity Security Insights is that you’re looking at my Okta. [BeyondTrust] is also the only one that has access to this kind of information across all my servers and my employees. I don’t have a tool collecting that local information other than BeyondTrust's solutions. There’s a lot that [BeyondTrust] can show me that no one else can.”
Manager of Information Security, Leading American Paint Manufacturer
Gain unprecedented visibility. Detect threats and promote hygiene across your entire identity landscape.
October 2, 2023, Identity Security Insights detected an attacker trying to access an internal Okta admin account with a valid session cookie stolen from Okta support. We then alerted Okta to the breach nearly three weeks before their public acknowledgment.
The Okta administrator’s account was protected with FIDO2 authentication, and policies within BeyondTrust’s Okta only allowed access to the admin console from managed devices with Okta Verify installed.
Our own instance of BeyondTrust’s Identity Security Insights, and tailored detections from our security teams, alerted us to several aspects of the intrusion. We immediately disabled the backdoor user account and revoked the attacker’s access before the account could be used and prevented any further actions.
Learn more about the attack and how to improve your Okta security:
Webinar: A Post Breach Analysis: Okta Support Unit, with BeyondTrust's Marc Maiffret, Chief Technology Officer; James Maude, Director of Research
Blog: Okta Support Unit Breach Update & Security Implications
Watch a demo of Identity Security Insights to get a closer look at how it works. Watch Demo.
Request a complimentary assessment of your current identity security posture, including 90 days of monitoring for identity-based attacks. Request Identity Security Insights Assessment.