Safeguarding Identities

ITDR's Crucial Role in Cybersecurity

Safeguarding Identities : ITDR's Crucial Role in Cybersecurity

When it comes to conventional identity and access management, along with preventive security measures, it has become more evident that these fall short in safeguarding identity systems against malicious attacks. To bolster readiness for cyberattacks, leaders in security and risk management must incorporate ITDR capabilities into their security infrastructure.

This 45 min learning session will dive into how the adaptable plugin architecture of the open-source Falco empowers security responders to expand their system call event detection capabilities to encompass auditing events originating from identity systems like Okta. Specifically, the Okta plugin for Falco enables the retrieval of log events from Okta and the generation of sinsp/scap events (compatible with Falco) for each log entry.

Given the novelty of ITDR capabilities, the available pre-defined playbooks addressing identity-threat-specific scenarios and other forms of attacks on identity infrastructure are limited; however, the Falco plugin facilitates the extraction of key information from Okta log events, including:
  • Event time
  • Event type
  • Actor name
  • Application details
Armed with this data, security teams can now craft tailored security rules to identify and thwart identity threats that might otherwise evade traditional identity and access management (IAM) detection controls.

Nigel Douglas, Senior Developer Advocate, Sysdig

Register On-Demand here