With the rapid rise of cloud adoption and cloud-based solutions in 2020, the need to rethink how we approach cybersecurity has never been more important than now.
Traditionally, cyber threats to our business targeted infrastructure vulnerabilities, but with the move to the cloud comes new threat vectors and data exposure as attacks target people.
Our business users access more applications and sensitive data in the cloud than ever before, but even with new security comes the new problem of advanced credential phishing attacks. It’s an increasing concern around the world, with 90% of organisations experiencing some form of targeted phishing attacks in 2019 according to the State of the Phish report from Proofpoint.
The new wave of cyber threats is not malicious malware, but advanced social engineering that exploit human behaviour. Unlike the former, traditional filters and screening software often cannot identify these threats reliably, and regardless of user-awareness training, many still fall prey to such phishing tricks, resulting in data breaches and credential misuse.
Advanced phishing threats come from a variety of sources, but the most common is via social engineering and malicious URLs embedded in high volume emails targeting individual users. Often hosted on legitimate but compromised websites with trusted reputations, these new threat actors wait until your email credentials are passed through the gateway and into the inbox before they change the web page, steal your usernames and passwords, and disappear.
Prevention of these threats is extremely important to practice, but the fact is these new attacks are proving hard to detect, identify and deal with through both current manual admin efforts and automated but disjointed security tools.
With Ponemon Institute estimating average-sized businesses are losing around $3.7 million USD in tangible costs to phishing scams per year, it’s become more imperative than ever for businesses to seek better solutions for identity and access management (IAM) and cybersecurity that can account for these new threats.
This is where specialist solutions like Okta Identity Cloud and Proofpoint Threat Response, which take a human-centric approach to identity, access and security against threats, come in.
This article explains how and why Okta and Proofpoint solutions are recommended to tackle new advanced cybersecurity threats, and how their integrations make them better together.
Okta and Proofpoint: Adaptive Cloud Protection Against Phishing
It’s clear strong identity and access management combined with better security threat detection is key in the cloud era.
Which is why market leaders Okta and Proofpoint are popular not just for preventing this new wave of advanced phishing cybersecurity attacks, but eliminating them completely.
But how do they work, exactly? And how are they better together?
What is Okta Identity Cloud?
For those unfamiliar, Okta Identity Cloud is a cloud-based identity and access management platform with a number of solutions that help both small and large-scale businesses with better identity lifecycle management.
Okta Identity Cloud encompasses user provisioning, user access administration, application integration, reporting and authentication, and it unifies all of these traditionally disjointed systems into one central platform.
The strong identity-driven security it offers means users are better protected with stronger authentication across devices and applications. Okta has become popular with many businesses for its workforce and customer identity products, including Single-Sign On (SSO) and Multifactor Authentication (MFA) and because it is platform-agnostic, it integrates with many apps, regardless of platform - including Proofpoint.
What is Proofpoint Targeted Attack Protection (TAP) and Threat Response Auto-Pull (TRAP)?
Proofpoint Threat Response Auto-Pull (TRAP) is part of the Proofpoint Threat Response security orchestration platform from Proofpoint that focuses on detecting malicious or unwanted messages and quarantining them automatically and reliably after delivery.
TRAP examines and tracks each email, creates an auditable activity trail which minimises a business’s threat exposure and chance of reinfection, and uses Proofpoint’s Targeted Attack Protection index, which scores threats based on criticality, to identity the most at risk users in your business - called very attacked people (VAPs) - so you can better identify which users needs the most protection against phishing and where to apply stronger access protection controls.
Okta and Proofpoint: How They Safeguard Against Threats Together
Okta and Proofpoint are two vendors with a close partnership that extends to their product integrations, offering businesses unique and powerful ways to protect against new threats.
With a streamlined integration between both Okta and Proofpoint, both solutions extend each other significantly. Proofpoint has adaptive controls built into its threat response, but with Okta, businesses can extend these capabilities to include IAM controls that enable extra protection.
Any users that are identified as VAPs by Proofpoint TAP are automatically placed into a high-risk user group in Okta, giving admins a clearer view and more time to apply specific adaptive policy controls and assurance factors to these particular users before they are granted access to sensitive data and resources. It also lessens the time needed to react and clean up credential phishing attacks with fast, automated and reliable adaptive responses in place.
Some examples of where you can use new adaptive controls with an Okta and Proofpoint integration for added protection against phishing threats include:
- Application access or restricted access to sensitive apps
- Advanced password policies for complexity, expiration, history and reuse
- Change user’s role and entitlement for authorisation in downstream app automatically
- Dynamic access policies based on individual user risk as per VAP rating
- Limiting user session length and requesting higher assurance factors for Okta MFA
- Using TRAP to orchestrate response actions automatically to protect users who click on identified phishing links
Just say you have Proofpoint TRAP integrated with Okta Identity Cloud. Any time a user clicks on a malicious link or accesses a malicious web page, TRAP detects and alerts admins so you can automatically activate step-up authentication for all your identity systems secured by Okta.
What this does is forces your user to reauthenticate to confirm their identity using multiple factors and according to the policies you have set up. This way, before they re-access work systems that contain sensitive data after clicking on malicious links, you can be sure it’s your users logging back in rather than malicious threats that may have stolen credentials.
With both Okta and Proofpoint, business-critical applications such as Office 365, G-Suite and core legacy apps are better safeguarded and bolstered with two of the leading identity and email security solutions in the market.
Essentially, combining Okta and Proofpoint solutions together adds another layer of enhanced security and identity capabilities on top of the usual reliable authentication and authorisation protection that Okta’s SSO and MFA features provide, and added peace-of-mind.
Okta and Proofpoint: Why They Protect Against Threats Better Together
It’s clear the malicious threats posed to our new cloud-based environments have changed, and the time to rethink our approach to cybersecurity is all the more important to get right.
Better efficiency and security from our identity and access management and better capability in detecting and preventing these threats from abusing our users’ credentials is achievable with the right combination of IAM and threat detection solutions - thanks to broad integrations, Okta and Proofpoint fit the bill for a large range of business use cases.
This integration forms part of a wider Identity strategy. For more information, download our free whitepaper on 3 reasons you need a modern identity platform.