![]() The combination allows you to enable decisive, quick, and automated security actions to keep assets and users safe from credential compromise. With Okta + Splunk Phantom integrated together, enterprises can enjoy identity-centric security and orchestration and automation of your existing security infrastructure. Identity-driven orchestration and response By integrating with the entire Splunk Security Operations Suite (Splunk Enterprise, Splunk Cloud, Splunk User Behavior Analytics, and Splunk Phantom), Okta completes the security loop from visibility to response with identity as the key control point. This helps security teams mitigate threats before they turn into full-fledged attacks. Okta also enables additional threat hunting with user activity logs to help identify failed log-ins or new factor enrollments. This helps answer questions like ‘what sensitive applications have they been assigned’ and ‘which groups does this user belong to’ so security teams can better judge the nature of the threat and prioritize response actions accordingly. When alerts arise, Okta provides rich identity context on users, groups, and applications for additional security enrichment on suspicious activity. Splunk aggregates millions of data sources across firewalls, routers, endpoints, as well as critical information on user identity and access from Okta. The Okta Identity Cloud add-on for Splunk expands the joint solution to include complete visibility to user activity and identity. Together, Okta + Splunk Phantom orchestrate security using identity as the control point.Įnable enrichment for more complete visibility If, after further investigation, the user does appear to be compromised, security teams can take additional remediation actions against the bad actor by suspending the compromised account and conducting a password reset. When suspicious account activity is detected, like a log-in from a new device or location, security teams can mitigate the threat automatically by clearing active sessions or forcing multi-factor authentication (MFA) with Okta. To better protect against these threat vectors and deliver identity-driven security, Okta integrates with Splunk Phantom to enable identity-centric response actions. Many of these threats involve weak or stolen credentials, demonstrating that hackers are increasingly targeting user identities. ![]() In order to protect the enterprise, security teams must quickly resolve alerts as they arise, as well as proactively identify threats before they cause damage. It combines the most advanced threat-hunting technologies in existence: Heimdal Next-Gen Antivirus, Heimdal Privileged Access Management, Heimdal Application. As an open platform, Phantom allows security teams also to create own actions with it’s visual editor or by integrated Python development environment.Orchestrate and automate your security response It enables teams to work smarter by executing a sequence of action from gathering forensic data, through detonating files in Sandbox to quarantining a device or blocking user, everything successfuly and automaticaly done in seconds instead of hours or days. Phantom’s flexible app model supports hundreds of tools and thousands of unique APIs, enabling connection and coordination of complex workflows across big variety of solutions. Phantom completes Splunk’s platform for any Security Operation Center by offering automatic reactions on security incidents and much more. It combines security infrastructure orchestration, playbook automation and case management capabilities to streamline IT teams. Splunk Phantom is a fully featured Security Orchestration Automation and Response solution.
0 Comments
Leave a Reply. |