Okta provides cloud-based identity and access management solutions that help companies manage and secure user authentication into modern applications, and for developers to build identity controls into applications, website web services and devices.
Get The Resource
NextGen SOAR Integration
Sophisticated attackers often use compromised credentials to gain access to sensitive systems, which can completely elude signature-based defenses. D3 integrates with Okta’s identity cloud to handle credential-based attacks. Users can escalate suspicious events to D3 such as failed login attempts, which in turn trigger investigations in D3. During which, D3 can retrieve event logs from Okta and orchestrate response actions, such as temporarily blocking access for a compromised user.
Retrieve event logs from Okta into D3
Manage user accounts in Okta from D3
Enrich Okta events with threat intelligence, MITRE ATT&CK techniques, and more
Single sign-on for Okta and D3 SOAR
Key Use Case
When a suspicious behavior is detected in Okta and escalated to D3, D3 can automatically or manually provide rich context that helps the analyst determine the risk level of the event. This includes searching across related Okta logs, as well as extracting IOCs to correlate against integrated threat intelligence platforms. Uniquely, D3 can also check the behavior against MITRE ATT&CK criteria, to determine what adversary techniques are present, and how they might fit into a larger attack.
During a possible identity-based security incident, D3 is able to orchestrate immediate actions to limit the spread of the attack via integrations with other security tools. If the incident is confirmed as a true positive, the analyst can orchestrate policy changes in Okta from the D3 workflow. These might include suspending user access, requiring a password reset, or adjusting the policies associated with a user group.
Meet Our Friends
Our Connected SOAR Security Alliance brings hundreds of vendors together, allowing customers to benefit from our deep industry relationships and fully vendor-agnostic, independent SOAR platform.