Five Nines Newsletter - Volume 15
Hey there ??,
Welcome to this month’s Five Nines newsletter, your trusted guide through the ever-evolving maze of Identity and Access Management (IAM). In this edition, we’re taking another look at the October 2023 Okta data breach and its impact on Cloudflare. With security incidents on the rise, it's no surprise the CISA is opening a new office focused on ZeroTrust education and implementation, so we have all the details.?
Additionally, we're covering the latest Okta news from their Fourth Quarter and Fiscal Year 2024 Financial Results to recent developments in their FastPass and Organization offerings. We’ve also rounded up informative podcast episodes from Identity at the Center and This Week in Identity, as well as upcoming IAM events.
We hope you enjoy and, as always, stay resilient ??
Trending IAM News: ??
Cloudflare Hacked After State Actor Leverages Okta Breach
The aftermath of Okta’s October 2023 data breach continues to be unveiled. During the incident, several Auth Tokens were compromised. Threat actors used these compromised tokens and service accounts to access Cloudflare’s Atlassian server on Thanksgiving. The specific threat actor remains unknown, though Cloudflare did report a ‘nation-state attacker’ could be behind the incident. Fortunately, the bad actor was stopped within 24 hours, and Cloudflare reported their customer’s data remains secure. As a preventative measure, Cloudflare rotated production credentials, created physical segmentation between testing and staging systems, conducted forensic triage on almost 5,000 systems, and rebooted global network systems.?
CISA establishing new office focused on zero trust
During CyberScoop’s Zero Trust Summit, the Cybersecurity and Infrastructure Security Agency (CISA) announced plans to open a new office focused on zero trust principles. This office will provide government agencies with the training and resources to help federal organizations implement zero trust security practices. Additionally, the new office will work to identify the skills and knowledge base required to implement zero trust architecture. To establish these training programs, resources, and baselines, the office is using the “Zero Trust Architecture” paper from the National Institute of Standards and Technology, OMB’s zero trust strategy, and the executive order from 2021 that focused on cybersecurity.
What are Verifiable Credentials and Why You Should Care About Them
A recent blog post from Auth0 explains the purpose of verifiable credentials and practical applications of this identification method. Verifiable credentials work much like physical credentials in that they provide proof that a user is who they claim to be. In the realm of verifiable credentials, this proof is done via the W3C standard using digital credentials that can be verified cryptographically. In finance, verifiable credentials can be used to confirm an identity profile before money is ever sent. In healthcare, verifiable credentials can aid pharmacists when receiving and filling prescriptions. For any industry utilizing professional credentials, verifiable credentials can streamline the authentication process, proving doctors, professors, and companies actually have the credentials they claim.
6 Best Practices for Managing the Identity Lifecycle
With a data breach costing, on average, $4 million and a stolen record costing $158, companies cannot afford to ignore identity management best practices. To mitigate these costs, the Identity Management Institute recently released six identity and access management best practices. The best practices range from the basics, such as two-factor authentication, effective policies, regular reviews, and data encryption, to more advanced techniques, such as geo-fencing. Geo-fencing is particularly effective for teams with remote employees as it prevents access from outside specified areas. Other recommendations include smart provisioning, automatic updates, privilege management, and deprovisioning.
How the NIST CSF 2.0 Enhances Cyber Resilience Across Industries
The National Institute of Standard Technology (NIST) recently announced a new and improved version of their Cybersecurity Framework. This new document, dubbed CSF 2.0, expands on the original CSF by providing mitigation strategies for organizations of any size across any sector. One of the largest additions to the new version is the inclusion of a “Govern” section, which provides additional techniques for effective risk management. Other additions include implementation examples, quick-start guides, and a searchable catalog of references. Many industry leaders have praised the new CSF 2.0, including Robert Booker, chief strategy officer at HITRUST, Laurie E. Locascio, NIST director, and Katherine Ledesma, head of public policy & government affairs at Dragos.
Trending Okta News: ??
Okta Announces Fourth Quarter And Fiscal Year 2024 Financial Results
With the closure of their fiscal year on January 31, 2024, Okta recently released their fourth quarter and fiscal year 2024 results. Revenue for the fourth quarter and fiscal both showed notable growth, with Q4 revenue growing 19% year-over-year and full-year revenue growing 22% year-over-year. Other positive statistics include Okta’s $1.952 billion current remaining performance obligations (CRPO) and a $166 million free cash flow. Due to these metrics, Todd McKinnon, CEO and co-founder of Okta, stated, “We achieved record non-GAAP profitability and record cash flow in the fourth quarter, capping a year of significant margin expansion.”
FastPass expands phishing resistance with device-bound passcode option
Okta’s FastPass application provides phishing-resistant authentication that does not rely on passwords. To further strengthen this tool’s security, FastPass now offers biometric and device-bound passcodes. For users concerned about Okta’s access to their biometric data, the new FastPass feature does not directly access your biometric data. Instead, this data remains on your device, with Okta only receiving authentication details. For devices that don’t support biometric authentication, FastPass now offers device-bound passcodes as well. Device-bound passcodes provide increased security over traditional passwords, as the password only works when used with the specified device. Biometrics and device-bound passwords aren’t the only recent additions to FastPass. Other new features include increased flexibility for admins when enforcing higher security methods and support for virtual desktop infrastructure (VDI) environments such as Windows 365, Citrix, and AWS WorkSpaces.
Organizations moving forward
Okta’s Customer Identity Cloud (CIC) Organizations tool gained many new users last year. Two reasons for this growth are Organization’s expanded scaling options and out-of-the-box features. Private Cloud customers can utilize as many organizations as needed, while other customers are limited to the expansive restrictions of 100,000 organizations for every tenant. Some of the exciting features Organizations launched last year include Organization Picker and Home Realm Discovery Support. However, Okta is still working to expand Organizations’ offerings. The capability of hiding enterprise connections from Organization login boxes, controlling client credentials on an organization basis, and Self Service Single Sign On are all features on the horizon for Organizations.?
Okta October 2023 Security Incident Investigation Closure
In October of last year, Okta experienced a wide-reaching security breach. After the incident, Okta recruited Strox Friedberg, a forensic firm that specializes in cybersecurity, to conduct an independent investigation of the event. Friedberg’s investigation recently concluded, shedding more light on the security incident. Fortunately, Freidberg’s investigation did not uncover additional malicious activity beyond what Okta had previously identified. To fortify their system against other such attacks, Okta has designed and implemented additional security tools such as zero standing privilege for Okta Admins, requiring MFA for protected actions in the admin console, and IP binding to Okta products and Admin Console.?
The State of Secure Identity 2023
In their recently released State of Secure Identity report, Okta provides the latest trends and strategies for IAM. One of the largest trends is bad attackers' increased usage of AI, especially when hacking login boxes. The report dives into other attack patterns, with specific insights based on industry, location, and business size. Based on data from billions of Customer Identity Cloud authentications, this report also covers defensive strategies, ranging from the basics to more advanced. Regardless of your company's circumstances, this report has key takeaways for identifying, preventing, and mitigating today's most common attack methods.
Podcasts ???
#260 - Passkeys with Daniel Grube of TikTok
If you are a fan of TikTok, then be sure to check out this episode of Identity at the Center. Hosts Jeff Steadman and Jim McDonald sit down with Daniel Grube, Product Manager at TikTok . To kick off the episode, the trio discusses the Super Bowl and the ever-popular Super Bowl commercials. The majority of the episode is spent discussing the growing popularity of passkeys. Daniel provides his insights about implementing passkeys at TikTok. The episode concludes with a brief review of upcoming conferences. When traveling to these conferences requires a plane ride, Jeff, Jim, and Daniel debate the best plane seat: window or aisle.
#45 - Okta Layoffs/Tech Downturn/Market Consolidation
In this episode of The Week in Identity, hosts Simon Moffatt and David focus on the recent announcement from Okta, the layoff of 400 employees. The duo speculate on what this layoff means for the tech industry and whether it indicates the industry is slowing down. This speculation leads to a discussion of 2023's trends and what 2024 has in store. IAM funding is still high for organizations; what does this mean for the rest of this year?
Acsense Blog ??
A Guide on How To Prevent Okta Phishing Attempts
Over one-third of data breaches can be attributed to phishing. As phishing attacks become increasingly advanced, this attack type cannot be ignored. Okta is a popular target for phishing attacks due to its centralized access, valuable information, and high-profile targets. Employee education, 2FA, secure password policies, and regular monitoring are just a few strategies organizations can use to prevent phishing attacks. To mitigate phishing attempts, it's essential to have a comprehensive, tested response plan. Check out the full article to learn more phishing prevention and mitigation strategies.
Mastering SAAS IAM: Strategies for Secure and Resilient Identity Management
To help organizations improve the security and resilience of their IAM system, Acense, in partnership with TAG, released an eBook covering the top risks of SAAS IAM solutions and key mitigation strategies. Composed of six chapters, this eBook begins with an analysis of the Shared responsibility model and its implications for IAM. Next, the eBook focuses on potential pitfalls of SAAS IAM solutions, such as connectivity, availability, security, privacy concerns, and single points of failure. Effective mitigation strategies are included for every pitfall, providing key takeaways for any organization.?
Acsense On Demand ??
In our concluding segment of the insightful #Resilience321 series with Matt Lee, CISSP, CCSP, CFR, PNPT from Pax8 , we focus on the practical application of cyber resilience in business.
While many businesses think cyber-resilient tools are enough to keep their organization secure, Matt stresses that tools are just one part of a resilient system. Preparation for cyber incidents, particularly ransomware attacks, is just as important as having the necessary tools. Ultimately, Matt notes that the two determining factors of a resilient system are anticipating threats and having a mitigation plan for those threats. In this digital age, prevention alone is not enough. Organizations must have recovery and response plans in place to achieve resilience.
Events ??
Gartner Identity & Access Management Summit
There is still time to register for Gartner’s Identity and Access Management Summit. With an agenda covering everything from access management and authentication to privileged access management and how to maximize business value, this event is sure to have takeaways for any IAM professional.?
Details:
?? When: March 4-5, 2024
?? Where: London, UK
Mastering CIAM: Advanced Techniques for Designing a Resilient CIAM Program
On March 12th, KuppingerCole is providing a webinar covering effective techniques to create a resilient CIAM program. Through this webinar, attendees will learn about CIAM best practices and how to implement them in their organization. This webinar will also cover strategies for decreasing abandonment rates, using downstream APIs to better understand users, and methods to boost both end-user engagement and revenue.
?? When: March 12, 2024 at 4:00 pm CET
Company Corner ??
BigID adds access governance targeted at sensitive data and privileges
BigID, a company specializing in compliance and cloud data security, announced plans to expand their offerings to include access governance capabilities. This new tool will help businesses strengthen their security, minimize insider risk, work towards zero trust, and fast-track their AI compliance. The new tool will also offer expanded support beyond just detecting exposures and will provide AI tools specifically designed to combat AI threats. Also on the AI front, BigID is working on an AI Identity Aware patent. This tool automatically links names, customer IDs, birthdays, and even social security numbers, even when the data is stored in different locations.
Cisco’s identity and access security offerings to receive AI upgrades
Another tech company recently announced plans to improve their identity and security capabilities with the inclusion of AI. Cisco announced their new Cisco Identity Intelligence tool. This tool integrates with third-party AIM sources and creates AI-powered identity-based graphs. These graphs provide key insights into identity statistics and can be used to improve access policies and threat detection. Cisco Identity Intelligence will also interface with the existing Cisco Due, Cisco Secure Access, and Cisco XDR to provide improved authentication, access, and threat detection, respectively.? Other new offerings include natural language processing (NLP) and generative AI (GenAI) to further strengthen identity posture.?
Threat Actor Leverages Compromised Account of Former Employee to Access State Government Organization
On February 15th, the Cybersecurity & Infrastructure Security Agency (CISA), along with the Multi-State Information Sharing & Analysis Center (MS-ISAC), released findings from their incident response assessment regarding a data breach that exposed documents with host and user information. The data breach was discovered when the documents were found on a dark web brokerage website. The incident response assessment determined the breach was due to a threat actor gaining access to the system via a former employee's credentials. A few of the mitigation strategies CISA recommends include securing and monitoring admin accounts, reducing attack surfaces, and evaluating tenant settings.
Meme Of The Month ??
Thank You For Reading!
We hope you enjoyed the March edition of the Five Nines newsletter!
Share with colleagues or follow us on LinkedIn for more IAM resilient insights and trends.
About Acsense:
Hailing out of Tel Aviv, Israel, the team at acsense, former EMC veterans have been exposed to the most challenging IT and security ecosystems in the world.
Our mission is to help security and risk management leaders eliminate IAM as a single point of failure from threats like ransomware, insider threats and misconfigurations caused by human error. We deliver a state-of-the-art platform for access and business continuity, serving both workforce and customer IAM needs with one seamless solution.
Our platform features one-click recovery, constant data verification, periodic testing, and the ability to identify changes between Points in Time, making your IAM system resilient.
Acsense is backed by Joule Ventures, Gefen Capital, Fusion and independent investors.
To learn more, click here to visit our site.
Digital Identity Strategist and Identity at the Center podcast co-host
8 个月Great newsletter
Thanks for the shoutout!