Provide analysts with visibility and better understanding of threats as they emerge
Security teams often have a variety of security tools at their disposal. Given that resources can often be limited, they need these tools to integrate better together and enable automation. In order to close the security loop, Okta and Cortex Extended Security Intelligence and Automation Management (XSIAM) integrate to turn widespread event and identity data into an intelligent data foundation to fuel XSIAM machine intelligence to radically improve security outcomes and transform security operations.
Top Partners are the first to integrate with Cortex XSIAM
Cortex XSIAM and Okta's cloud-based identity management service have partnered to help security teams enable automated actions to enforce identity as a security control point. Cortex XSIAM and Okta enable enterprises to provide better integration and automation of their security tools, especially for identity-centric visibility and response, helping take off the load from the security teams.
Okta's cloud-based identity gives security teams visibility into each user’s groups and roles, what apps and data they can access, and other contextual risk information that can streamline the investigation process for rapid response.
Cortex XSIAM collects events log for authentication and audit provided by Okta admin API to help security teams collaborate and manage cases across the incident lifecycle. A built-in playbook is available where customers can sync a list of IP addresses to the Okta Network Zone with the given ID.
Let’s take a look at why this is so important for your SOC:
Lessen SOC team burden: Now, security teams can better respond to suspicious account activity, like a log-in from a new device or location, by automatically restricting access to sensitive applications or prompting for step-up authentication.
Accelerate response: Cortex XSIAM leverages the data foundation to detect new adversary tactics that are updated continuously with Palo Alto Networks’ threat intelligence gathered globally across tens of thousands of customers and natively automates key steps of incident investigations.
Simplify remediation: If, after further investigation, the user does appear to be compromised, security teams can take additional remediation actions by suspending the compromised account and conducting a password reset.
Together, Cortex XSIAM and Okta enable security teams to:
- Use identity and user context to enrich, understand and analyze security alerts as they arise
- Prioritize alerts and orchestrate informed security responses in order of importance
- Contain and remediate threats quickly and decisively, through a range of automated identity-centric actions
- Enhance visibility and response by enabling identity as a key control point