User16370330549592969269 (Customer Support Online Experience) asked a question.
Join us for a special Okta Community AMA online event on July 15 at 9 a.m. PDT with Okta’s Chief Product Officer, Workforce Identity Cloud, @arnab.bose1.5694203330071418E12 (Product), and Americas West Regional Chief Security Officer, @chris.niggel1.4476883027496829E12 (Okta, Inc.). Dive into best practices for protecting against Identity-based attacks and discover how OSIC can strengthen your security posture.
What You Can Expect:
- Learn actionable steps to boost your security posture and reduce the risk of Identity attacks
- Discover how to best leverage Okta’s security features like MFA, ThreatInsights, phishing-resistant authentication, and more.
- Understand recent enhancements to secure the Okta Help Center.
- Gain insights into upcoming Okta security updates and find OSIC resources.
- Bonus: Take advantage of $50 certification exams and free practice exams until August 15, 2024.
How Will It Work?
Ask questions from today to Sunday, July 14, 2024. Please use the Answer button below to ask your questions. Come back on Monday, July 15, 2024, from 9 a.m. to 11 a.m. PDT to join the online session as Arnab and Christopher provide written, comprehensive answers to your questions.
Want to learn more details about this AMA session? Check out this blog article → https://support.okta.com/help/s/blog/a674z0000001469AAA/july-15-oktas-secure-identity-commitment-ama?language=en_US
Super excited to be supporting this -- looking forward to some interesting questions!
Looking forward for this event!
I would love to learn what are the top 3-5 actions that a Okta customer can take to improve their company's security posture?
In addition, is there training or best practices published by Okta that I can share with colleagues?
Thanks for your question, @User16514947384919481225 (Okta - Global Customer Support) ! Here are a couple things that we see our most secure customers doing:
1. Enforce multi-factor authentication! Especially for your administrators and any support (customer support or helpdesk). These groups are highly targeted by attackers such as Scattered Spider, so using a phishing-resistant MFA like Okta Verify will help reduce your risk
2. Migrate to OIE if you haven't already. OIE has lots of additional capabilities you can use to create authentication rules
3. Turn on ThreatInsight. ThreatInsight helps identify and protect against traffic that we believe is higher risk
4. Block traffic from non-standard locations by using Dynamic Zones or Actions. Residential Proxies and anonymizing services like TOR are heavily used by threat actors, and aren't typically needed by your employees or consumers.
We don't have a public best-practices guide, as every implementation of Okta is different - and you all keep coming up with use cases we'd never thought of! Your account team can help, however. The security team also publishes content on our blog at https://sec.okta.com. Check it out!
Interested to know recommended strategies to balance between security & user experiences especially for CIAM.
This is always a difficult balance to get right, @NorkarimahM.19783 (Customer) . Have you read the State of Secure Identity report we published back in March? It's really helpful in identifying the types of attacks you may see against CIAM implementations.
My recommendations would be to first, think about how you can break up your users into groups by risk. For example, Administrators and Customer Support are highly targeted by threat actors, so you can roll out stronger, and more invasive authentication tools for them.
Second, find ways that you can use data to reduce risk. Tools such as Dynamic Network Zones and Actions can help you block anonymizing proxies, or traffic from countries where you don't normally do business.
Finally, Passkeys are really starting to gain momentum with users. Evaluate how you can roll these out to your applications to start to get rid of passwords altogether.
Check out the new Enhanced Dynamic Zones in Okta WIC: https://help.okta.com/en-us/content/topics/security/network/about-enhanced-dynamic-zones.htm
How does Okta maintain (add/remove) a list of malicious IP addresses for ThreatInsight.
ThreatInsight aggregates data about sign-in activity and behaviors across the entire Okta customer base to analyze and detect potentially malicious IP addresses. This information is also continuously updated based on the latest attack trends. Check out this recent blog post for more details: https://www.okta.com/blog/2024/06/automated-defense-against-identity-based-attacks/
@avshch (BCRC) please see the response above
Thanks, Arnab! I also wanted to attach this whitepaper by my coworker @User16163690212368992407 (Cybersecurity Strategy) on how to get the most out of ThreatInsight: https://www.okta.com/resources/whitepaper-getting-the-most-out-of-okta-threatinsight/