A Cloud-first Company Fears the Impacts of a Global IAM (Identity and Access Management) Breach
A global financial services company learns of a major extortionware attack impacting Okta—the enterprise's single sign-on IAM provider. Their CISO (Chief Information Security Officer) needs to ensure that the attack has not spread through Okta to their own organization's users and environments—particularly their heavily used Slack and Jira environments. Because their enterprise operates fully in the cloud, such a breach would have profound impacts on their operations.
Seeking Fast Answers Regarding the Okta Attack
The CISO needed be able to inform their leadership team if their organization had become a victim of the attack. This required gaining quick understanding of the Okta attack vector and doing a compromise assessment of potential damage. It was crucial for the customer's cybersecurity team to have relevant historic forensic data about Okta that was easy to access and analyze, Luckily, they had already partnered with Mitiga in advance of this global incident, so they were ready with the forensic data and insights they needed to proceed.
Mitiga's Team and CASL (Cloud Attack Scenario Library) Deliver Rapid Analysis
As soon as the international hacker group Lapsus$ made the Okta breach public, Mitiga's experts were on the case, analyzing the attack vector, automating a compromise assessment using our IR2 platform, and applying that automated analysis to all our customers’ forensic data, including this one. We automated the Okta detection process, using custom-designed hunting filters to accelerate the investigative process.
We call this unique approach "Forensics as Code." As a result of using this fast, scalable solution, we were able to assure the CISO and his executive team that their users and systems were in the clear—and we did it in hours, not days and weeks like traditional IR (Incident Response) methods.
"All-Clear" Assurance Supports Both Compliance and Business Advantage
The CISO and their team were able to provide timely, confident communication to both executive management and other concerned stakeholders, like regulators, about the organization’s security posture related to the breach. This enabled “business-as-usual” processes to maintain employee productivity without downtime. Using Mitiga's IR2 also enabled the team to provide clear, concise deliverables that satisfied independent and internal risk and compliance stakeholders, which is crucial for any organization within their sector.
