Stamp out Credential Abuse with Okta and Palo Alto Networks

Jun 22, 2017
3 minutes

What if you could instantly reduce the risk of a data breach by taking one simple step? Investigations into data breaches reveal that 63 percent of breaches involve stolen credentials, and that if we replaced single-factor passwords, 80 percent of hacking attack techniques would either “adapt or die.” Fortunately, there is an easy way to avoid breaches caused by credential-based attacks.

By implementing multi-factor authentication, you can prevent credential abuse, such as an attacker using stolen credentials to access your sensitive applications. For example, if an external attacker manages to compromise one of your endpoints, deploying multi-factor authentication in your network can isolate the attacker to the compromised endpoint and prevent data theft from internal applications and servers.

Multi-factor authentication is your ticket to preventing a wide range of credential abuse, including pass-the-hash attacks, weak passwords, credential stuffing and more. Your organization, along with every other organization, should use multi-factor authentication to protect all your applications and servers. It’s a no brainer.

So why, then, don’t most organizations protect all their assets with multi-factor authentication? Because integrating it with every sensitive resource, including legacy applications and old servers that do not natively support strong authentication, can be an IT nightmare.

We introduced multiple features in PAN-OS 8.0 to combat credential-based attacks. One of these features, our new multi-factor authentication enforcement capability, helps organizations like yours prevent credential abuse by enabling your next-generation firewall to act as a multi-factor authentication gateway in your network.

When configured as an authentication gateway, Palo Alto Networks next-generation firewall integrates with Okta, as well as several other identity management vendors, to enforce multi-factor authentication at the network before granting access to specific applications or systems. Our next-generation firewall can serve as an authentication gateway for web applications, terminal-based access, thick-client applications or even network authentication. This capability helps organizations like yours prevent credential abuse without requiring you to spend time and resources integrating multi-factor authentication with individual applications.

By collaborating with Okta, we’ve developed a set of integrated capabilities that work directly through the Okta API, as well as through the Okta RADIUS agent. Using this integration, you can protect applications that do not natively support multi-factor authentication, such as console-based applications or legacy applications, by configuring the next-generation firewall to enforce multi-factor authentication.

If you have critical resources, take a look at our new multi-factor authentication feature in PAN-OS 8.0 and our integration with Okta. This simple integration provides a fast path to deploying multi-factor authentication across your organization.

For more details on how multi-factor authentication works in PAN-OS 8.0, check out authentication policy configuration in the PAN-OS 8.0 Administrator’s Guide.

Learn more about how to prevent credential-based attacks with Palo Alto Networks and Okta.

Subscribe to the Blog!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.