Okta Enables Entire Organization to Participate in Cybersecurity Defense

At its Okta Showcase event, Okta launched Okta SecurityInsights to expand the base of individuals who can act on cybersecurity threats as they emerge.

Joe Diamond, senior director of product marketing for Okta, said as it becomes more apparent that cybersecurity is a shared responsibility, there is a growing need to provide cybersecurity tools that are designed to meet the needs and capabilities of different classes of users.

AppSec/API Security 2022

The first two products being rolled out as part of an Okta SecurityInsights initiative are UserInsight, a tool through which end users can report suspicious activity, and HealthInsight, which surfaces best cybersecurity practices recommendations for administrators.

After Okta UserInsight allows end users to report suspicious activity, Okta Cloud services can then use those alerts to employ identity to automate incident remediation workflows, thanks to integration between Okta Cloud and third-party security orchestration, automation and response (SOAR) and security information and event management (SIEM) platforms.

Okta HealthInsight then leverages all those alerts along with continuous monitoring capabilities to make suggestions to improve cybersecurity that can be implemented automatically via the HealthInsight console, said Diamond.

Okta, he noted, is simultaneously trying to make it practical to employ end users as a first line of cybersecurity defense, while making it easier for cybersecurity professionals to act on the intelligence.

Diamond added the company envisions making it possible for IT professionals of varying skill sets to also respond to new cybersecurity threats by, for example, enabling a developer to apply a cybersecurity policy without having to wait for the approval of a cybersecurity team. The assumption is that once a threat is recognized, an organization should be able to address it without requiring cybersecurity teams to be available on a 24/7 basis.

Okta SecurityInsights is a complementary portfolio of offerings that complements the authentication software and services that the company is already known for among cybersecurity professionals, Diamond said. Both UserInsight and HealthInsight are built on top of its ThreatInsight offering, which aggregates data supplied by Okta customers to identify malicious IP addresses.

End users, of course, are always going to need some level of continuous training as the cybersecurity threat landscape continues to evolve. However, given the volume of threats organizations face today, there’s no viable cybersecurity framework going forward that won’t rely on some level of input from end users. They aren’t likely to be able to identify every type of new threat, but the more end users perceive they have the ability to do something about the threats they do recognize, the more likely it becomes they will participate more proactively in helping to combat those attacks.

In the meantime, overtaxed and underappreciated cybersecurity professionals should look for help from anywhere in the organization they can find it. Cybersecurity professionals might even be able to take a day off here and there knowing that until they return, someone in the organization other than them can fend off a new attack.

Michael Vizard

Featured eBook
The Dangers of Open Source Software and Best Practices for Securing Code

The Dangers of Open Source Software and Best Practices for Securing Code

More and more organizations are incorporating open source software into their development pipelines. After all, embracing open source products such as operating systems, code libraries, software and applications can reduce costs, introduce additional flexibility and help to accelerate delivery. Yet, open source software can introduce additional concerns into the development process—namely, security. Unlike commercial, or ... Read More
Security Boulevard

Michael Vizard

Mike Vizard is a seasoned IT journalist with over 25 years of experience. He also contributed to IT Business Edge, Channel Insider, Baseline and a variety of other IT titles. Previously, Vizard was the editorial director for Ziff-Davis Enterprise as well as Editor-in-Chief for CRN and InfoWorld.

mike-vizard has 467 posts and counting.See all posts by mike-vizard